**Important**
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
-You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-Each XML file must include:
-
-- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
**Important**
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
-
-- **<docMode> tag.**This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-### Enterprise Mode v.1 XML schema example
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-```
-
**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). - -3. Click **OK** to close the **Bulk add sites to the list** menu. - -4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
deleted file mode 100644
index b4da3f64f5..0000000000
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ /dev/null
@@ -1,122 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: dansimp
-ms.prod: ie11
-ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/24/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
-
-To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-
-You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
->**Important:**
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
-
-You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
-Each XML file must include:
-
-- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains.
-
-- **<open-in> tag.** This tag specifies what browser opens for each sites or domain.
-
-### Enterprise Mode v.2 XML schema example
-
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-```
-
**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). - -3. Click **OK** to close the **Bulk add sites to the list** menu. - -4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md). - -## Next steps -After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Related topics -- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) -- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) - - - - - - diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md deleted file mode 100644 index 55b2dcd28a..0000000000 --- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -ms.localizationpriority: low -ms.mktglfcycl: deploy -ms.pagetype: appcompat -description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: dansimp -ms.prod: ie11 -ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26 -ms.reviewer: -manager: dansimp -ms.author: dansimp -title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) - -**Applies to:** - -- Windows 8.1 -- Windows 7 -- Windows Server 2008 R2 with Service Pack 1 (SP1) - -Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important**
You can only add specific URLs, not Internet or Intranet Zones.
-
-
**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see [Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-
**Note**
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. - -3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool. - -4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE. - -The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. - -Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). - -5. Click **Save** to validate your website and to add it to the site list for your enterprise.
-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. - -6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Next steps -After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Related topics -- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) - - - - - - diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md deleted file mode 100644 index c1a7aee9b8..0000000000 --- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -ms.localizationpriority: low -ms.mktglfcycl: deploy -ms.pagetype: appcompat -description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: dansimp -ms.prod: ie11 -ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b -ms.reviewer: -manager: dansimp -ms.author: dansimp -title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) - -**Applies to:** - -- Windows 10 -- Windows 8.1 -- Windows 7 - -Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important**
You can only add specific URLs, not Internet or Intranet Zones.
-
-
**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-**Note**
If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. - -3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool. - -4. In the **Compat Mode** box, choose one of the following: - - - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode. - - - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode. - - - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode. - - - **Default Mode**. Loads the site using the default compatibility mode for the page. - - The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. - - Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). - -5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. - - - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. - - - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. - - - **None**. Opens in whatever browser the employee chooses. - -6. Click **Save** to validate your website and to add it to the site list for your enterprise.
-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. - -7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Next steps -After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Related topics -- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) - - - - - - diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md deleted file mode 100644 index d92810ceb5..0000000000 --- a/browsers/enterprise-mode/administrative-templates-and-ie11.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -ms.localizationpriority: low -ms.mktglfcycl: deploy -ms.pagetype: security -description: Administrative templates and Internet Explorer 11 -author: dansimp -ms.prod: ie11 -ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Administrative templates and Internet Explorer 11 - -Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including: - -- What registry locations correspond to each setting. - -- What value options or restrictions are associated with each setting. - -- The default value for many settings. - -- Text explanations about each setting and the supported version of Internet Explorer. - -For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519). - -## What are Administrative Templates? -Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates: - -- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor. - -- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language. - -## How do I store Administrative Templates? -As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs). -
**Important**
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
-
-## Administrative Templates-related Group Policy settings
-When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
-
**Note**
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the **PolicyDefinitions** folder on this computer.
-
-IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
-
-- Computer Configuration\\Administrative Templates\\Windows Components\\
-
-- User Configuration\\Administrative Templates\\Windows Components\\
-
-
-|Catalog |Description |
-| ------------------------------------------------ | --------------------------------------------|
-|IE |Turns standard IE configuration on and off. |
-|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
-|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
-|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
-|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
-|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
-|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
-|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
-|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
-|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
-|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
-|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
-|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
-|RSS Feeds |Sets up and manages RSS feeds in the browser. |
-
-
-## Editing Group Policy settings
-Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
-
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
-
-## Related topics
-- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
-
diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
deleted file mode 100644
index fd58f63df5..0000000000
--- a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Approve a change request using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
-
-## Approve or reject a change request
-The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
-
-**To approve or reject a change request**
-1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
-
- The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
-
-2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
-
-3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
-
- An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
-
-
-## Send a reminder to the Approver(s) group
-If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
-
-- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
-
- An email is sent to the selected Approver(s).
-
-
-## View rejected change requests
-The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
-
-**To view the rejected change request**
-
-- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
-
- All rejected change requests appear, with role assignment determining which ones are visible.
-
-
-## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
deleted file mode 100644
index 7696eedaca..0000000000
--- a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
-description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
-ms.reviewer:
-manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: low
----
-
-
-# Check for a new Enterprise Mode site list xml file
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
-
-**How Internet Explorer 11 looks for an updated site list**
-
-1. Internet Explorer starts up and looks for an updated site list in the following places:
-
- 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
-
- 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
-
- 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
-
-2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
**Note**
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
deleted file mode 100644
index 91c262c502..0000000000
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ /dev/null
@@ -1,446 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: dansimp
-ms.prod: ie11
-ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Collect data using Enterprise Site Discovery
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Collect data using Enterprise Site Discovery
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7 with Service Pack 1 (SP1)
-
-Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
-
->**Upgrade Analytics and Windows upgrades**
->You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-get-started).
-
-
-## Before you begin
-Before you start, you need to make sure you have the following:
-
-- Latest cumulative security update (for all supported versions of Internet Explorer):
-
- 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
-
- 
-
- 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
-
- 
-
- 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
-
-- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
-
- - Configuration-related PowerShell scripts
-
- - IETelemetry.mof file
-
- - Sample Configuration Manager report templates
-
- You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
-
-Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
-
-## What data is collected?
-Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
-
-|Data point |IE11 |IE10 |IE9 |IE8 |Description |
-|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
-|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. |
-|Domain | X | X | X | X |Top-level domain of the browsed site. |
-|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. |
-|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. |
-|Document mode reason | X | X | | |The reason why a document mode was set by IE. |
-|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. |
-|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. |
-|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. |
-|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. |
-|Number of visits | X | X | X | X |Number of times a site has been visited. |
-|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. |
-
-
->**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-### Understanding the returned reason codes
-The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
-
-#### DocMode reason
-The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
-|4 |Page is using an X-UA-compatible meta tag. |
-|5 |Page is using an X-UA-compatible HTTP header. |
-|6 |Page appears on an active **Compatibility View** list. |
-|7 |Page is using native XML parsing. |
-|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
-|9 |Page state is set by the browser mode and the page's DOCTYPE.|
-
-#### Browser state reason
-The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
-|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
-|3 |Site appears on an active **Compatibility View** list, created by the user. |
-|4 |Page is using an X-UA-compatible tag. |
-|5 |Page state is set by the **Developer** toolbar. |
-|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
-|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
-|8 |Site appears on the **Quirks** list, created in Group Policy. |
-|11 |Site is using the default browser. |
-
-#### Zone
-The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|-1 |Internet Explorer is using an invalid zone. |
-|0 |Internet Explorer is using the Local machine zone. |
-|1 |Internet Explorer is using the Local intranet zone. |
-|2 |Internet Explorer is using the Trusted sites zone. |
-|3 |Internet Explorer is using the Internet zone. |
-|4 |Internet Explorer is using the Restricted sites zone. |
-
-## Where is the data stored and how do I collect it?
-The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
-
-- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
-
-- **XML file**. Any agent that works with XML can be used.
-
-## WMI Site Discovery suggestions
-We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
-
-On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:
250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB
-
->**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-## Getting ready to use Enterprise Site Discovery
-Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
--OR- -- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
-You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
-
->**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
-
-**To set up Enterprise Site Discovery**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
-
-### WMI only: Set up your firewall for WMI data
-If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
-
-**To set up your firewall**
-
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-
-3. Restart your computer to start collecting your WMI data.
-
-## Use PowerShell to finish setting up Enterprise Site Discovery
-You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
-
->**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-
-- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
-
-- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
-
-**To set up data collection using a domain allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-
- >**Important**
Wildcards, like \*.microsoft.com, aren’t supported.
-
-**To set up data collection using a zone allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
-
- >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-
-## Use Group Policy to finish setting up Enterprise Site Discovery
-You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
-
->**Note**
All of the Group Policy settings can be used individually or as a group.
-
- **To set up Enterprise Site Discovery using Group Policy**
-
-- Open your Group Policy editor, and go to these new settings:
-
- |Setting name and location |Description |Options |
- |---------------------------|-------------|---------|
- |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone
**Example 1:** Include only the Local Intranet zone
Binary representation: *00010*, based on:
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone
**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones
Binary representation: *10110*, based on:
1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone |
- |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:
microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com |
-
-### Combining WMI and XML Group Policy settings
-You can use both the WMI and XML settings individually or together:
-
-**To turn off Enterprise Site Discovery**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | Off |
-|Turn on Site Discovery XML output | Blank |
-
-**Turn on WMI recording only**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | On |
-|Turn on Site Discovery XML output | Blank |
-
-**To turn on XML recording only**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | Off |
-|Turn on Site Discovery XML output | XML file path |
-
-**To turn on both WMI and XML recording**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | On |
-|Turn on Site Discovery XML output | XML file path |
-
-## Use Configuration Manager to collect your data
-After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
--OR- -- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### Collect your hardware inventory using the MOF Editor while connected to a client device
-You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
- 
-
-2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
-
-3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
-
- 
-
-4. Select the check boxes next to the following classes, and then click **OK**:
-
- - IESystemInfo
-
- - IEURLInfo
-
- - IECountInfo
-
-5. Click **OK** to close the default windows. **or** Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
-|<docMode>|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section. **or** For IPv6 ranges: Where **Important** Your sites are all cleared from your list.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
deleted file mode 100644
index 91ff0fab17..0000000000
--- a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local compatibility view list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local compatibility view list
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local compatibility view list by mistake or because they no longer have compatibility problems.
-
- **To remove sites from a local compatibility view list**
-
-1. Open Internet Explorer 11, click **Tools**, and then click **Compatibility View Settings**.
-
-2. Pick the site to remove, and then click **Remove**.
-Sites can only be removed one at a time. If one is removed by mistake, it can be added back using this same box and the **Add** section.
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
deleted file mode 100644
index 4e7e10efde..0000000000
--- a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local Enterprise Mode site list
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems.
-
-**Note**
-The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
-
-**Note**
-The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
deleted file mode 100644
index c946663dda..0000000000
--- a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Schedule approved change requests for production using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time.
-
-**To schedule an immediate change**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Now**, and then clicks **Save**.
-
- The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes.
-
-
-**To schedule the change for a different day or time**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**.
-
- The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes.
-
-
-## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index bf7e73664e..0000000000
--- a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can search to see if a specific site already appears in your global Enterprise Mode site list so you don’t try to add it again.
-
- **To search your compatibility list**
-
-- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
-The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
deleted file mode 100644
index 923d4dfe04..0000000000
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set up Enterprise Mode logging and data collection
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
-
-
-
-The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
-
-
-
-Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Using ASP to collect your data
-When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu.
-
- **To set up an endpoint server**
-
-1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
-
-2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
-This lets you create an ASP form that accepts the incoming POST messages.
-
-3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
-
- 
-
-4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
-
- 
-
-5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
-Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
-
-6. Apply these changes to your default website and close the IIS Manager.
-
-7. Put your EmIE.asp file into the root of the web server, using this command:
-
- ```
- <% @ LANGUAGE=javascript %>
- <%
- Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
- %>
- ```
-This code logs your POST fields to your IIS log file, where you can review all of the collected data.
-
-
-### IIS log file information
-This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
-
-
-
-
-## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.
-This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-**Note**
-The required packages are automatically downloaded and included in the solution.
-
- **To set up your endpoint server**
-
-1. Right-click on the name, PhoneHomeSample, and click **Publish**.
-
- 
-
-2. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
-
- **Important**
-If you’re already on the webpage, you’ll need to refresh the page to see the results.
-
- 
-
-
-### Troubleshooting publishing errors
-If you have errors while you’re publishing your project, you should try to update your packages.
-
- **To update your packages**
-
-1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
-
- 
-
-2. Click **Updates** on the left side of the tool, and click the **Update All** button.
-You may need to do some additional package cleanup to remove older package versions.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
deleted file mode 100644
index ff7107b46a..0000000000
--- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
+++ /dev/null
@@ -1,235 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: dansimp
-ms.prod: ie11
-title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Set up the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment.
-
-## Step 1 - Copy the deployment folder to the web server
-You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server.
-
-**To download the source code**
-1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server.
-
-2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
-
- > [!NOTE]
- > You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
-
-3. Open File Explorer and then open the **EMIEWebPortal/** folder.
-
-4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**.
-
-5. Type _npm i_ into the command prompt, then press **Enter**.
-
- Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
-
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
-
-7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
-
-## Step 2 - Create the Application Pool and website, by using IIS
-Create a new Application Pool and the website, by using the IIS Manager.
-
-**To create a new Application Pool**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**.
-
- The **Add Application Pool** box appears.
-
-2. In the **Add Application Pool** box, enter the following info:
-
- - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_.
-
- - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher.
-
- - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content.
-
-3. Click **OK**.
-
-4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane.
-
- The **Advanced Settings** box appears.
-
-5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box.
-
-6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_.
-
-7. Right-click on the directory, click **Properties**, and then click the **Security** tab.
-
-8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer.
-
-9. Add **Everyone** to the list with **Read & execute access**.
-
-**To create the website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**.
-
- The **Add Website** box appears.
-
-2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**.
-
- The **Select Application Pool** box appears.
-
-4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_.
-
-5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_.
-
-6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization.
-
-7. Clear the **Start Website immediately** check box, and then click **OK**.
-
-8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_.
-
- The **<website_name> Home** pane appears.
-
-9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**.
-
- > [!NOTE]
- > You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
-
-10. Return to the **<website_name> Home** pane, and double-click the **Connection Strings** icon.
-
-11. Open the **LOBMergedEntities Connection String** to edit:
-
- - **Data source.** Type the name of your local computer.
-
- - **Initial catalog.** The name of your database.
-
- > [!NOTE]
- > Step 3 of this topic provides the steps to create your database.
-
-## Step 3 - Create and prep your database
-Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
-
-**To create and prep your database**
-1. Start SQL Server Management Studio.
-
-2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine.
-
-3. Expand the instance, right-click on **Databases**, and then click **New Database**.
-
-4. Type a database name. For example, _EMIEDatabase_.
-
-5. Leave all default values for the database files, and then click **OK**.
-
-6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory.
-
-7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_.
-
-8. Run the query.
-
-## Step 4 - Map your Application Pool to a SQL Server role
-Map your ApplicationPoolIdentity to your database, adding the db_owner role.
-
-**To map your ApplicationPoolIdentity to a SQL Server role**
-1. Start SQL Server Management Studio and connect to your database.
-
-2. Expand the database instance and then open the server-level **Security** folder.
-
- > [!IMPORTANT]
- > Make sure you open the **Security** folder at the server level and not for the database.
-
-3. Right-click **Logins**, and then click **New Login**.
-
- The **Login-New** dialog box appears.
-
-4. Type the following into the **Login name** box, based on your server instance type:
-
- - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_.
-
- - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`.
-
- > [!IMPORTANT]
- > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID).
-
-5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane.
-
-6. Click **OK**.
-
-## Step 5 - Restart the Application Pool and website
-Using the IIS Manager, you must restart both your Application Pool and your website.
-
-**To restart your Application Pool and website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane.
-
-2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane.
-
-## Step 6 - Registering as an administrator
-After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
-
-**To register as an administrator**
-1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
-
-2. Click **Register now**.
-
-3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box.
-
-4. Click **Administrator** from the **Role** box, and then click **Save**.
-
-5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
-
- A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
-
-6. Select your name from the available list, and then click **Activate**.
-
-7. Go to the Enterprise Mode Site List Portal Home page and sign in.
-
-## Step 7 - Configure the SMTP server and port for email notification
-After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system.
-
-**To set up your SMTP server and port for emails**
-1. Open Visual Studio, and then open the web.config file from your deployment directory.
-
-2. Update the SMTP server and port info with your info, using this format:
-
- ```
-
-Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
-
- **To turn off local control using Group Policy**
-
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-2. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
-
-3. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
-
- **To turn off the site list using the registry**
-
-1. Open a registry editor, such as regedit.exe.
-
-2. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
-You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
-
-3. Close all and restart all instances of Internet Explorer.
-IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
-
- **To turn off local control using the registry**
-
-1. Open a registry editor, such as regedit.exe.
-
-2. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
-You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
-
-3. Close and restart all instances of IE.
-Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
-
-## Related topics
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
deleted file mode 100644
index 2cfad8e8db..0000000000
--- a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.date: 07/17/2018
----
-Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing
-centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.
-
-> [!NOTE]
-> We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
-
-**Group Policy**
-
-1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** setting. Turning this setting on also requires you to create and store a site list.
-
-
-
-2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
-
-3. Refresh your policy and then view the affected sites in Microsoft Edge. The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
-
-**Registry**
-
-All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list.
-
-1. **To turn on Enterprise Mode for all users on the PC:** Open the registry editor and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode`.
-
-2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
-
-
- - **HTTPS location:** `"SiteList"="https://localhost:8080/sites.xml"`
-
- - **Local network:** `"SiteList"="\\network\shares\sites.xml"`
-
- - **Local file:** `"SiteList"="file:///c:\\Users\\ The site shows a message in Microsoft Edge, saying that the page needs IE.
- At the same time, the page opens in IE11; in a new frame if it is not yet
- running, or in a new tab if it is.
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
deleted file mode 100644
index c8ef3d030c..0000000000
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Turn on local user control and logging for Enterprise Mode.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Turn on local control and logging for Enterprise Mode
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can turn on local control of Enterprise Mode so that your users can turn Enterprise Mode on from the **Tools** menu. Turning on this feature also adds the **Enterprise** browser profile to the **Emulation** tab of the F12 developer tools.
-
-Besides turning on this feature, you also have the option to provide a URL for Enterprise Mode logging. If you turn logging on, Internet Explorer initiates a simple POST back to the supplied address, including the URL and a specification that **EnterpriseMode** was turned on or off through the **Tools** menu.
-
- **To turn on local control of Enterprise Mode using Group Policy**
-
-1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
-
- 
-
-2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
-
- **To turn on local control of Enterprise Mode using the registry**
-
-1. Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
-
-2. In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
-
-3. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
-
- 
-
-Your **Value data** location can be any of the following types:
-
-- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu. **Important** This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-
-## Related topics
-
-
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md
deleted file mode 100644
index c6f3e6048e..0000000000
--- a/browsers/enterprise-mode/using-enterprise-mode.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using IE7 Enterprise Mode or IE8 Enterprise Mode
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode gives you a way for your legacy websites and apps to run using emulated versions of Windows Internet Explorer 7 or Windows Internet Explorer 8, while your new sites and apps run using Internet Explorer 11, including modern standards and features.
-
-Although it’s called IE7 Enterprise Mode, it actually turns on Enterprise Mode along with Internet Explorer 7 or Microsoft Internet Explorer 5 Compatibility View. Compatibility View chooses which document mode to use based on whether there’s a `DOCTYPE` tag in your code:
-
-- **DOCTYPE tag found.** Webpages render using the Internet Explorer 7 document mode.
-- **No DOCTYPE tag found.** Webpages render using the Internet Explorer 5 document mode.
-
-**Important** For example, `C:\users\ **Important** **Important** **Important** **Important**
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
deleted file mode 100644
index 18c0b63cac..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ /dev/null
@@ -1,121 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: dansimp
-ms.prod: ie11
-ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/24/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
-
-To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-
-You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
->**Important:** **Important** **Important**
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
deleted file mode 100644
index 8c5e4b4426..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. **Important** Note Note
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool.
-
-4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
-
-The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
-Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. Click **Save** to validate your website and to add it to the site list for your enterprise.
- If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
- You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
deleted file mode 100644
index 10f60620a8..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. **Important** Note
-**Note**
- Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
- Administrators can only see comments while they’re in this tool.
-
-4. In the **Compat Mode** box, choose one of the following:
-
- - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode.
-
- - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode.
-
- - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode.
-
- - **Default Mode**. Loads the site using the default compatibility mode for the page.
-
- The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
- Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
-
- - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode.
-
- - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
-
- - **None**. Opens in whatever browser the employee chooses.
-
-6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior.
-
-7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](./enterprise-mode-schema-version-2-guidance.md#updated-schema-attributes).
-
-8. Click **Save** to validate your website and to add it to the site list for your enterprise.
- If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
- You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
deleted file mode 100644
index 4de574cbe2..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Administrative templates and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Administrative templates and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
-
-- What registry locations correspond to each setting.
-
-- What value options or restrictions are associated with each setting.
-
-- The default value for many settings.
-
-- Text explanations about each setting and the supported version of Internet Explorer.
-
-For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](/previous-versions/windows/it-pro/windows-vista/cc709647(v=ws.10)).
-
-## What are Administrative Templates?
-Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
-
-- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
-
-- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
-
-## How do I store Administrative Templates?
-As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
- Important Note **Note** **Note** **Important** **Important** Important **Important** **Note** **Note** **-OR-** Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file. **Note** **Note** **Important** **Note** **Note** 250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB
-
->**Important**
--OR-
-- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
-You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
-
->**Important** 0 – Restricted Sites zone **Example 1:** Include only the Local Intranet zone Binary representation: *00010*, based on: 0 – Restricted Sites zone **Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones Binary representation: *10110*, based on: 1 – Restricted Sites zone microsoft.sharepoint.com
--OR-
-- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### Collect your hardware inventory using the MOF Editor while connected to a client device
-You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
- 
-
-2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
-
-3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
-
- 
-
-4. Select the check boxes next to the following classes, and then click **OK**:
-
- - IESystemInfo
-
- - IEURLInfo
-
- - IECountInfo
-
-5. Click **OK** to close the default windows.
-**Important** **Note** **or** Where `https://fabrikam.com` doesn't use IE8 Enterprise Mode, but `https://fabrikam.com/products` does.|Internet Explorer 11 and Microsoft Edge|
-|docMode|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section. Where `https://fabrikam.com` opens in the IE11 browser, but `https://fabrikam.com/products` loads in the current browser (eg. Microsoft Edge)|Internet Explorer 11 and Microsoft Edge|
-|forceCompatView|Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false. Where `https://fabrikam.com` does not use Enterprise Mode, but `https://fabrikam.com/products` uses IE7 Enterprise Mode.|Internet Explorer 11|
-
-### Using Enterprise Mode and document mode together
-If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain.
-
-For example, say you want all of the sites in the contoso.com domain to open using IE8 Enterprise Mode, except test.contoso.com, which needs to open in document mode 11. Because Enterprise Mode takes precedence over document mode, if you want test.contoso.com to open using document mode, you'll need to explicitly add it as an exclusion to the <emie> parent node.
-
-```xml
- **or** For IPv6 ranges: Where **Important** After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
-
-8. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-9. Expand *ComputerName*, and then click **Synchronizations**.
-
-10. Click **Synchronize Now**.
-
-11. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
-
-12. Choose **Unapproved** in the **Approval** drop down box.
-
-13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
-
- > [!NOTE]
- > There may be multiple updates, depending on the imported language and operating system updates.
-
-**Optional**
-
-If you need to reset your Update Rollups packages to auto-approve, do this:
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves updates of different classifications, and then click **Edit**.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
-6. Check the **Update Rollups** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-
-> [!NOTE]
-> Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server won’t cause this update to be auto-approved.
-
-
-## Additional resources
-
-- [Automatic delivery process](what-is-the-internet-explorer-11-blocker-toolkit.md#automatic-delivery-process)
-
-- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-
-- [Internet Explorer 11 FAQ for IT pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-
-- [Internet Explorer 11 delivery through automatic updates]()
-
-- [Internet Explorer 11 deployment guide](./index.md)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/affectedsoftware.png b/browsers/internet-explorer/ie11-deploy-guide/images/affectedsoftware.png
deleted file mode 100644
index df63b88432..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/affectedsoftware.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/bulkadd-emiesitelistmgr.png b/browsers/internet-explorer/ie11-deploy-guide/images/bulkadd-emiesitelistmgr.png
deleted file mode 100644
index 040df5bb07..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/bulkadd-emiesitelistmgr.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/configmgractivexreport.png b/browsers/internet-explorer/ie11-deploy-guide/images/configmgractivexreport.png
deleted file mode 100644
index a782b6657c..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/configmgractivexreport.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png b/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png
deleted file mode 100644
index 7626296e87..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-lg.png b/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-lg.png
deleted file mode 100644
index 07a182461b..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-lg.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-sm.png b/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-sm.png
deleted file mode 100644
index c887d9c193..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-sm.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-f12.png b/browsers/internet-explorer/ie11-deploy-guide/images/docmode-f12.png
deleted file mode 100644
index 28adf37af6..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-f12.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/emie-listmgr.png b/browsers/internet-explorer/ie11-deploy-guide/images/emie-listmgr.png
deleted file mode 100644
index f3a1773a45..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/emie-listmgr.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/emie-sitelistmgr.png b/browsers/internet-explorer/ie11-deploy-guide/images/emie-sitelistmgr.png
deleted file mode 100644
index ccd5c9cd4b..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/emie-sitelistmgr.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editbindings.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editbindings.png
deleted file mode 100644
index 3d22ce267e..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editbindings.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editpolicy.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editpolicy.png
deleted file mode 100644
index f2b011d717..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editpolicy.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editregistrystring.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editregistrystring.png
deleted file mode 100644
index dc365fc8ad..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editregistrystring.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicy.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicy.png
deleted file mode 100644
index 115e7d8a05..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicy.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png
deleted file mode 100644
index 14079ffd7c..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logfile.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logfile.png
deleted file mode 100644
index b58e2a21b8..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logfile.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logging.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logging.png
deleted file mode 100644
index becf942ecd..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logging.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-packageupdate.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-packageupdate.png
deleted file mode 100644
index 66480b5f6c..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-packageupdate.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishsolution.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishsolution.png
deleted file mode 100644
index a3daa4e483..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishsolution.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishweb.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishweb.png
deleted file mode 100644
index eaf44305e2..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishweb.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png
deleted file mode 100644
index 3c32b1af1a..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-reportwdetails.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-reportwdetails.png
deleted file mode 100644
index 7209452cf3..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-reportwdetails.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-toolsmenu.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-toolsmenu.png
deleted file mode 100644
index 66e8ecf082..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-toolsmenu.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-site-discovery-sample-report.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-site-discovery-sample-report.png
deleted file mode 100644
index c53b4d160e..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-site-discovery-sample-report.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie11-inventory-addclassconnectscreen.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie11-inventory-addclassconnectscreen.png
deleted file mode 100644
index 629267fb62..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie11-inventory-addclassconnectscreen.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontroloutsideofie.png b/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontroloutsideofie.png
deleted file mode 100644
index 8c1d246aaf..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontroloutsideofie.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontrolwarning.png b/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontrolwarning.png
deleted file mode 100644
index 4a6ea00e6f..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontrolwarning.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/img-enterprise-mode-site-list-xml.jpg b/browsers/internet-explorer/ie11-deploy-guide/images/img-enterprise-mode-site-list-xml.jpg
deleted file mode 100644
index 0bcfd3b650..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/img-enterprise-mode-site-list-xml.jpg and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/img-f12-developer-tools-emulation.jpg b/browsers/internet-explorer/ie11-deploy-guide/images/img-f12-developer-tools-emulation.jpg
deleted file mode 100644
index 48ed75b701..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/img-f12-developer-tools-emulation.jpg and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/outdatedcontrolwarning.png b/browsers/internet-explorer/ie11-deploy-guide/images/outdatedcontrolwarning.png
deleted file mode 100644
index 87e49b5093..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/outdatedcontrolwarning.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/securitybulletin-filter.png b/browsers/internet-explorer/ie11-deploy-guide/images/securitybulletin-filter.png
deleted file mode 100644
index 73d11e3644..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/securitybulletin-filter.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/setdefaultbrowsergp.png b/browsers/internet-explorer/ie11-deploy-guide/images/setdefaultbrowsergp.png
deleted file mode 100644
index 2a52b20e23..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/setdefaultbrowsergp.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/wedge.gif b/browsers/internet-explorer/ie11-deploy-guide/images/wedge.gif
deleted file mode 100644
index aa3490aee9..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/wedge.gif and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
deleted file mode 100644
index 83c7c6b9b8..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-description: A full-sized view of how document modes are chosen in IE11.
-title: Full-sized flowchart detailing how document modes are chosen in IE11
-author: dansimp
-ms.date: 04/19/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-ms.prod: ie11
----
-
-# Full-sized flowchart detailing how document modes are chosen in IE11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
-
-:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png":::
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index f585e3210d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Import your Enterprise Mode site list to the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-
-**Important**
-Importing your file overwrites everything that’s currently in the tool, so make sure it’s what you really mean to do.
-
- **To import your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Import**.
-
-2. Go to your exported .EMIE file (for example, `C:\users\ This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices. Note Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy preferences, Administrative Templates (.admx), or the IEAK 11. Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the Security settings or Group Policy Preferences within the Internet Zone settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user. |
-|[Missing the Compatibility View Button](missing-the-compatibility-view-button.md) |Compatibility View was introduced in Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the IE web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior. Thanks to these changes, using IE11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the Compatibility View button and reducing the number of compatibility options in the F12 developer tools for developers. |
-|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List. The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](/mem/configmgr/mdt/).
-
-
-## IE11 naming conventions
-IE11 offers differing experiences in Windows 8.1:
-
-|Name |Description |
-|-----|------------|
-|Internet Explorer or IE |The immersive browser, or IE, without a specific version. |
-|Internet Explorer for the desktop |The desktop browser. This is the only experience available when running IE11 on Windows 7 SP1 |
-|Internet Explorer 11 or IE11 |The whole browser, which includes both IE and Internet Explorer for the desktop. |
-
-## Related topics
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
deleted file mode 100644
index 47a4d07569..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
-author: dansimp
-ms.prod: ie11
-ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install and Deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install and Deploy Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1 Update
-- Windows 7 with Service Pack 1 (SP1)
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps.
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Customize Internet Explorer 11 installation packages](customize-ie11-install-packages.md) |Guidance about how to use .INF files or the IE Administration Kit 11 (IEAK 11) to create custom packages and about how to create those packages for multiple operating systems. |
-|[Choose how to install Internet Explorer 11 (IE11)](choose-how-to-install-ie11.md) |Guidance for the different ways you can install IE, including using System Center 2012 R2 Configuration Manager, Windows Server Update Services (WSUS), Microsoft Intune, your network, the operating system deployment system, or third-party tools. |
-|[Choose how to deploy Internet Explorer 11 (IE11)](choose-how-to-deploy-ie11.md) |Guidance about how to deploy your custom version of IE using Automatic Version Synchronization (AVS) or using your software distribution tools. |
-|[Virtualization and compatibility with Internet Explorer 11](virtualization-and-compatibility-with-ie11.md) |Info about the Microsoft-supported options for virtualizing web apps. |
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
deleted file mode 100644
index 0ec2a15346..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
-author: dansimp
-ms.prod: ie11
-ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using Microsoft Intune
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](/mem/intune/).
-
-## Adding and deploying the IE11 package
-You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune.
-
- **To add the IE11 package**
-
-1. From the Microsoft Intune administrator console, start the Microsoft Intune Software Publisher.
-
-2. Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi).
-
-For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](/mem/intune/).
-
- **To automatically deploy and install the IE11 package**
-
-1. From the Microsoft Intune administrator console, start and run through the Deploy Software wizard.
-
-2. Deploy the package to any of your employee computers that are managed by Microsoft Intune.
-
-3. After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard.
-
-For more info about this, see [Deploy and configure apps](/mem/intune/).
-
- **To let your employees install the IE11 package**
-
-1. Install the package on your company's Microsoft Intune site, marking it as **Available** for the appropriate groups.
-
-2. Any employee in the assigned group can now install the package.
-
-For more info about this, see [Update apps using Microsoft Intune](/mem/intune/apps/apps-windows-10-app-deploy)
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
deleted file mode 100644
index 469b700481..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-You can install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images.
-
-You'll need to extract the .cab file for each supported operating system and platform combination and the .msu file for each prerequisite update. Download the IE11 update and prerequisites here:
-
-- [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=279697)
-
-- [Microsoft Update Catalog](https://go.microsoft.com/fwlink/p/?LinkId=214287)
-
-After you install the .msu file updates, you'll need to add them to your MDT deployment. You'll also need to extract the IE11 .cab update file from the IE11 installation package, using the `/x` command-line option. For example, `IE11-Windows6.1-x64-en-us.exe /x:c:\ie11cab`.
-
-## Installing IE11 using Microsoft Deployment Toolkit (MDT)
-
-MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/).
-
- **To add IE11 to a MDT deployment share**
-
-1. Right-click **Packages** from each **Deployment Shares** location, and then click **Import OS Packages**.
-
-2. Go to the **Specify Directory** page, search for your folder with your update files (.cab and .msu) for import, and click **Next**.
-
-3. Go to the **Summary** page and click **Next**.
-MDT starts importing your update files. **Note**
- The wizard automatically puts your custom installation files in your `\ **Important**
- Where `
-If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](https://go.microsoft.com/fwlink/p/?LinkId=302316).
-
-4. Restart your computer, making sure all of your the updates are finished.
-
-5. Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
deleted file mode 100644
index 803fc7fb83..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to fix intranet search problems with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Fix intranet search problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Fix intranet search problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After upgrading to Internet Explorer 11, you might experience search issues while using your intranet site.
-
-## Why is my intranet redirecting me to search results?
-IE11 works differently with search, based on whether your organization is domain-joined.
-
-- **Domain-joined computers.** A single word entry is treated as a search term. However, IE11 also checks for available intranet sites and offers matches through the **Notification bar**. If you select **Yes** from the **Notification bar** to navigate to the intranet site, IE11 associates that word with the site so that the next time you type in the intranet site name, inline auto-complete will resolve to the intranet site address.
-
-- **Non-domain-joined computers.** A single word entry is treated as an intranet site. However, if the term doesn't resolve to a site, IE11 then treats the entry as a search term and opens your default search provider.
-
-To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like `contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
-
- **To enable single-word intranet search**
-
-1. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
-
-2. Click **Advanced**, check the **Go to an intranet site for a single word entry in the Address bar** box, and then click **OK**.
-
-If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `https://contoso`.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
deleted file mode 100644
index 58a2d5298b..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Manage Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Manage Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. |
-|[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
-|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
deleted file mode 100644
index e3e56157b3..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Missing Internet Explorer Maintenance settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Missing Internet Explorer Maintenance settings for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy Preferences, Administrative Templates (.admx), and the IE Administration Kit 11 (IEAK 11).
-
-Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy Preferences, Administrative Templates (.admx), or IE Administration Kit 11 (IEAK 11).
-
-Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the **Security** settings or Group Policy Preferences within the **Internet Zone** settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user.
-
-For more information about all of the new options and Group Policy, see:
-
-- [Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md)
-
-- [Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md)
-
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-
-- [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876)
-
-- [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10))
-
-- [Enable and Disable Settings in a Preference Item](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754299(v=ws.11))
-
-## IEM replacements
-The IEM settings have replacements you can use in either Group Policy Preferences or IEAK 11.
-
-### Browser user interface replacements
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Browser title |Lets you customize the text that shows up in the title bar of the browser.|On the **Browser User Interface** page of IEAK 11, click **Customize Title Bars**, and then type the text that appears on the title bar of the **Title Bar Text** box. Your text is appended to the text," Microsoft Internet Explorer provided by". |
-|Browser toolbar customizations (background and buttons) |Lets you customize the buttons on the browser toolbar. -OR- On the **Connection Settings** page of IEAK 11, change your connection settings, including importing your current connection settings and deleting existing dial-up connection settings (as needed). |
-|Automatic browser configuration |Lets you update your employee's computer after you've deployed IE11, by specifying a URL to an .ins file, an auto-proxy URL, or both. You can decide when the update occurs, in minutes. Typing zero, or not putting in any number, means that automatic configuration only happens after the browser is started and used to go to a page. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Automatic Configuration** tab, and then add your URL. On the **Automatic Configuration** page of IEAK 11, modify the configuration settings, including providing the URL to an .ins file or an auto-proxy site. |
-|Proxy settings |Lets you specify your proxy servers. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Connections** tab, click **LAN Settings**, and then choose whether to turn on automatic detection of your configuration settings and if you want to use proxy servers. -OR- On the **Proxy Settings** page of IEAK 11, turn on your proxy settings, adding your proxy server addresses and exceptions. |
-|User Agent string |Lets the browser provide identification to visited servers. This string is often used to keep Internet traffic statistics. |This setting isn't available anymore. |
-
-### URLs replacements
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Favorites and links |Lets you use custom URLs for the **Favorites** and **Links** folders. You can also specify the folder order, disable IE Suggested Sites, and import an existing folder structure. |On the **Favorites, Favorites Bar and Feeds** page of IEAK 11, add your custom URLs to the **Favorites**, **Favorites Bar**, or **RSS Feeds** folders, or create new folders. You can also edit, test, or remove your URLs, sort the list order, or disable IE Suggested Sites. |
-|Important URLs |Lets you add custom **Home** pages that can open different tabs. You can also add a **Support** page that shows up when an employee clicks online Help.|In the **Internet Settings Group Policy Preferences** dialog box, click the **General** tab, and add your custom **Home** page. On the **Important URLs - Home page and Support** page of IEAK 11, add the custom URLs to your **Home** and **Support** pages. You can also click to retain the previous home page information when the user upgrades to a newer version of IE. |
-
-### Security Zones and Content Ratings
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Security zones |Lets you change your security settings, by zone |In the **Internet Settings Group Policy Preferences** dialog box, click the **Security** tab, and update your security settings, based on zone. -OR- On the **Security and Privacy Settings** page of IEAK 11, choose your **Security Zones and Privacy** setting, changing it, as necessary. |
-|Content ratings |Lets you change your content ratings so your employees can't view sites with risky content. |On the **Security and Privacy Settings** page of IEAK 11, choose your **Content Ratings** setting, changing it, as necessary. |
-|Authenticode settings |Lets you pick your trustworthy software publishers and stop your employees from adding new, untrusted publishers while browsing. |These settings aren't available anymore. |
-
-### Programs
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Programs |Lets you import your default program settings, which specify the programs Windows uses for each Internet service. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Programs** tab, and choose how to open IE11 links. -OR- On the **Programs** page of IEAK 11, choose whether to customize or import your program settings. |
-
-#### Advanced IEM settings
-The Advanced IEM settings, including Corporate and Internet settings, were also deprecated. However, they also have replacements you can use in either Group Policy Preferences or IEAK 11.
-
-**Note** -OR- On the Additional Settings page of IEAK 11, expand Internet Settings, and then customize your default values in the Internet Options dialog box. |
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
deleted file mode 100644
index a002fae480..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Missing the Compatibility View Button (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Missing the Compatibility View Button
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Compatibility View was introduced in Windows Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the Internet Explorer web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior.
-
-Thanks to these changes, using Internet Explorer 11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-
-## What happened to the Compatibility View button?
-In previous versions of IE, the **Compatibility View** button would attempt to fix a broken standards-based website, by getting the page to appear like it did in Internet Explorer 7. Today however, more standards-based websites are broken by attempting to appear like they did in Internet Explorer 7. So instead of implementing and using Compatibility View, developers are updating their server configuration to add X-UA-Compatible meta tags, which forces the content to the “edge”, making the **Compatibility View** button disappear. In support of these changes, the Compatibility View button has been completely removed for IE11.
-
-## What if I still need Compatibility View?
-There might be extenuating circumstances in your company, which require you to continue to use Compatibility View. In this situation, this process should be viewed strictly as a workaround. You should work with the website vendor to make sure that the affected pages are updated to match the latest web standards. The functionality described here is currently deprecated and will be removed at a time in the future.
-
-**Important**
-Compatibility View is turned on for this single website, for this specific computer.
-
-3. Decide if you want your intranet sites displayed using Compatibility View, decide whether to use Microsoft compatibility lists, and then click **Close**.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
deleted file mode 100644
index 6c68a1ec01..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: How to turn managed browser hosting controls back on in Internet Explorer 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: .NET Framework problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# .NET Framework problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-## Summary
-
-If you’re having problems launching your legacy apps while running Internet Explorer 11, it’s most likely because Internet Explorer no longer starts apps that use managed browser hosting controls, like in .NET Framework 1.1 and 2.0.
-
- **To turn managed browser hosting controls back on**
-
-1. **For x86 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
-2. **For 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
-## More information
-
-IEHost is a Microsoft .NET Framework 1.1-based technology that provides a better model than ActiveX controls to host controls within the browser. The IEHost controls are lightweight and are operated under the .NET security model where they are operated inside a sandbox.
-
-From the .NET Framework 4, we remove the IEHost.dll file for the following reasons:
-
-- IEHost/HREF-EXE-style controls are exposed to the Internet. This poses a high security risk, and most customers who install the Framework are benefiting very little from this security risk.
-- Managed hosting controls and invoking random ActiveX controls may be unsafe, and this risk cannot be countered in the .NET Framework. Therefore, the ability to host is disabled. We strongly suggest that IEHost should be disabled in any production environment.
-- Potential security vulnerabilities and assembly versioning conflicts in the default application domain. By relying on COM Interop wrappers to load your assembly, it is implicitly loaded in the default application domain. If other browser extensions do the same function, they have the risks in the default application domain such as disclosing information, and so on. If you are not using strong-named assemblies as dependencies, type loading exceptions can occur. You cannot freely configure the common language runtime (CLR), because you do not own the host process, and you cannot run any code before your extension is loaded.
-
-For more information about .NET Framework application compatibility, see [Application compatibility in the .NET Framework](/dotnet/framework/migration-guide/application-compatibility).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
deleted file mode 100644
index 1dd3438086..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: New group policy settings for Internet Explorer 11
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: New group policy settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# New group policy settings for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
-
-
-| Policy | Category Path | Supported on | Explanation |
-|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Allow IE to use the HTTP2 network protocol | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization. If you enable this policy setting, IE uses the HTTP2 network protocol. If you disable this policy setting, IE won't use the HTTP2 network protocol. If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on. |
-| Allow IE to use the SPDY/3 network protocol | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization. If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol. If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol. If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced\* tab of the \*\*Internet Options** dialog box. The default is on. **Note** If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm. If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm. If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
-| Allow only approved domains to use the TDC ActiveX control | If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone. If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
-| Allow SSL3 Fallback | Administrative Templates\Windows Components\Internet Explorer\Security Features | Internet Explorer 11 on Windows 10 | This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled. If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols. If you disable or don’t configure this setting, Internet Explorer uses the default system protocols. **Important:** If you enable this policy setting (default), you must also pick one of the following options from the Options box: If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone. |
-| Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header. If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user. **In Internet Explorer 9 and 10:** **In at least IE11:** If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
-| Don't run antimalware programs against ActiveX controls If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
-| Don't run antimalware programs against ActiveX controls If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
-| Hide Internet Explorer 11 Application Retirement Notification | Administrative Templates\Windows Components\Internet Explorer | Internet Explorer 11 on Windows 10 20H2 & newer | This policy setting allows you to prevent the notification bar that informs users of Internet Explorer 11’s retirement from showing up. If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden. If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears. If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
-| Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu. If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports. If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
-| Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit. If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains. **Note:** If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones. To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order: **Note:** **In IE11:** If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**. If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**. If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
-| Send all sites not included in the Enterprise Mode Site List to Microsoft Edge | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1607 | This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge. If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list. If you disable or don't configure this policy setting, all sites will open based on the currently active browser. **Note:** If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode. If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. |
-| Turn off automatic download of the ActiveX VersionList | Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management | At least Windows Internet Explorer 8 | This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading. If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file. If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file. **Important:** If you enable this policy setting, IE doesn't load any websites or content in the background. If you disable this policy setting, IE preemptively loads websites and content in the background. If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
-| Turn off phone number detection | Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing | IE11 on Windows 10 | This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system. If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting. If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting. If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
-| Turn off sending URL path as UTF-8 | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding | At least Windows Internet Explorer 7 | This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language. If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting. If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting. If you don't configure this policy setting, users can turn this behavior on or off. |
-| Turn off sending UTF-8 query strings for URLs | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers. If you enable this policy setting, you must specify when to use UTF-8 to encode query strings: If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
-| Turn off the ability to launch report site problems using a menu option | Administrative Templates\Windows Components\Internet Explorer\Browser menus | Internet Explorer 11 | This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu. If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
-| Turn off the flip ahead with page prediction feature | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 on Windows 8 | This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background. If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background. If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm. **Note** If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default. **Important** If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as Microsoft Configuration Manager. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class. **Note:** If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file. **Note:** If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering. If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |
-
-## Removed Group Policy settings
-IE11 no longer supports these Group Policy settings:
-
-- Turn on Internet Explorer 7 Standards Mode
-
-- Turn off Compatibility View button
-
-- Turn off Quick Tabs functionality
-
-- Turn off the quick pick menu
-
-- Use large icons for command buttons
-
-## Viewing your policy settings
-After you've finished updating and deploying your Group Policy, you can use the Resultant Set of Policy (RSoP) snap-in to view your settings.
-
-**To use the RSoP snap-in**
-
-1. Open and run the Resultant Set of Policy (RSoP) wizard, specifying the information you want to see.
-
-2. Open your wizard results in the Group Policy Management Console (GPMC).
-For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](/previous-versions/windows/it-pro/windows-server-2003/cc736424(v=ws.10))
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
deleted file mode 100644
index 4eed39657f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ /dev/null
@@ -1,211 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Out-of-date ActiveX control blocking (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-
-# Out-of-date ActiveX control blocking
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-- Windows Vista SP2
-
-ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a new security feature, called *out-of-date ActiveX control blocking*.
-
-Out-of-date ActiveX control blocking lets you:
-
-- Know when IE prevents a webpage from loading common, but outdated ActiveX controls.
-
-- Interact with other parts of the webpage that aren’t affected by the outdated control.
-
-- Update the outdated control, so that it’s up-to-date and safer to use.
-
-The out-of-date ActiveX control blocking feature works with all [Security Zones](https://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
-
-It also works with these operating system and IE combinations:
-
-|Windows operating system |IE version |
-|----------------------------------------|---------------------------------|
-|Windows 10 |All supported versions of IE.
-IE opens the ActiveX control’s website.
-
-2. Download the latest version of the control.
-
-**Security Note:**
-IE opens the app’s website.
-
-2. Download the latest version of the app.
-
-**Security Note:** If you enable this setting, IE logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file. If you disable or don't configure this setting, IE won't log ActiveX control information. Note that you can turn this setting on or off regardless of the **Turn off blocking of outdated ActiveX controls for IE** or **Turn off blocking of outdated ActiveX controls for IE on specific domains** settings. |
-|Remove the **Run this time** button for outdated ActiveX controls in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`|Internet Explorer 8 through IE11 |This setting allows you stop users from seeing the **Run this time** button and from running specific outdated ActiveX controls in IE. If you enable this setting, users won't see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. If you disable or don't configure this setting, users will see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. |
-|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following: If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. |
-|Turn off blocking of outdated ActiveX controls for IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this setting, IE stops blocking outdated ActiveX controls. If you disable or don't configure this setting, IE continues to block specific outdated ActiveX controls. |
-|Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |This functionality is only available through the registry |Internet Explorer 8 through IE11 |This setting determines whether the out-of-date ActiveX control blocking notification shows the **Update** button. This button points users to update specific out-of-date ActiveX controls in IE. |
-
-
-If you don't want to use Group Policy, you can also turn these settings on or off using the registry. You can update the registry manually.
-
-|Setting |Registry setting |
-|-------------------------|----------------------------------------------------------------|
-|Turn on ActiveX control logging in IE |`reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v AuditModeEnabled /t REG_DWORD /d 1 /f` Where: Where: Where: Where: Where: **Note**
- If the browser doesn't crash, open Internet Explorer for the desktop, click the **Tools** menu, and click **Manage Add-ons**.
-
-3. Click **Toolbars and Extensions**, click each toolbar or extension, clicking **Disable** to turn off all of the browser extensions and toolbars.
-
-4. Restart IE11. Go back to the **Manage Add-Ons** window and turn on each item, one-by-one.
- After you turn each item back on, see if IE crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to crash. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.
-
- **To check for Software Rendering mode**
-
-5. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
-
-6. On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
- If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
-
-## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
-IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Microsoft Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 4c973ffad6..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can clear all of the sites from your global Enterprise Mode site list.
-
-**Important**
-This is a permanent removal and erases everything. However, if you determine it was a mistake, and you saved an XML copy of your list, you can add the file again by following the steps in the [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md), depending on your operating system.
-
- **To clear your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Clear list**.
-
-2. Click **Yes** in the warning message. Your sites are all cleared from your list.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
deleted file mode 100644
index 4a0eace5e7..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local compatibility view list.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local compatibility view list
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local compatibility view list by mistake or because they no longer have compatibility problems.
-
- **To remove sites from a local compatibility view list**
-
-1. Open Internet Explorer 11, click **Tools**, and then click **Compatibility View Settings**.
-
-2. Pick the site to remove, and then click **Remove**.
-Sites can only be removed one at a time. If one is removed by mistake, it can be added back using this same box and the **Add** section.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
deleted file mode 100644
index d6bb2e98eb..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local Enterprise Mode site list
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems.
-
-> [!NOTE]
-> The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
-
-**To remove single sites from a local Enterprise Mode site list**
-
-1. Open Internet Explorer 11 and go to the site you want to remove.
-
-2. Click **Tools**, and then click **Enterprise Mode**.
-
- The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
-
- > [!NOTE]
- > If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
-
-**To remove all sites from a local Enterprise Mode site list**
-
-1. Open Internet Explorer 11, click **Tools**, and then click **Internet options**.
-
-2. Click the **Delete** button from the **Browsing history** area.
-
-3. Click the box next to **Cookies and website data**, and then click **Delete**.
-
- > [!NOTE]
- > This removes all of the sites from a local Enterprise Mode site list.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
deleted file mode 100644
index 4b385be382..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: How to use Site List Manager to review neutral sites for IE mode
-author: dansimp
-ms.prod: windows-client
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
-ms.sitesec: library
-ms.date: 04/02/2020
----
-
-# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8
-- Windows Server 2012 R2
-- Microsoft Edge version 77 or later
-
-> [!NOTE]
-> This feature is available on the Enterprise Mode Site List Manager version 11.0.
-
-## Overview
-
-While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users.
-
-The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion.
-
-## Flag neutral sites
-
-To identify neutral sites to review:
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**.
-2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge.
-3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again.
-
-## Related topics
-
-- [About IE Mode](/deployedge/edge-ie-mode)
-- [Configure neutral sites](/deployedge/edge-ie-mode-sitelist#configure-neutral-sites)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 7b80dd178d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Save your site list to XML in the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-
- **To save your list as XML**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Save to XML**.
-
-2. Save the file to the location you specified in your Enterprise Mode registry key, set up when you turned on Enterprise Mode for use in your company. For information about the Enterprise Mode registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
deleted file mode 100644
index 52343886ce..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: windows-client
-title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itprom
-manager: dansimp
-ms.author: dansimp
----
-
-# Schedule approved change requests for production using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time.
-
-**To schedule an immediate change**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Now**, and then clicks **Save**.
-
- The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes.
-
-
-**To schedule the change for a different day or time**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**.
-
- The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes.
-
-
-## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index f96a952626..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can search to see if a specific site already appears in your global Enterprise Mode site list so you don’t try to add it again.
-
- **To search your compatibility list**
-
-- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
- The search query searches all of the text. For example, entering *“micro”* will return results like, `www.microsoft.com`, `microsoft.com`, and `microsoft.com/images`. Wildcard characters aren’t supported.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
deleted file mode 100644
index 6ea7312b42..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Set the default browser using Group Policy (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set the default browser using Group Policy
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can use the Group Policy setting, **Set a default associations configuration file**, to set the default browser for your company devices running Windows 10.
-
- **To set the default browser as Internet Explorer 11**
-
-1. Open your Group Policy editor and go to the **Computer Configuration\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.
-Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
-
- 
-
-2. Click **Enabled**, and then in the **Options** area, type the location to your default associations configuration file.
-If this setting is turned on and your employee's device is domain-joined, this file is processed and default associations are applied at logon. If this setting isn't configured or is turned off, or if your employee's device isn't domain-joined, no default associations are applied at logon.
-
-Your employees can change this setting by changing the Internet Explorer default value from the **Set Default Programs** area of the Control Panel.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
deleted file mode 100644
index b42426f1d7..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set up Enterprise Mode logging and data collection
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
-
-
-
-The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
-
-
-
-Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Using ASP to collect your data
-When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu.
-
- **To set up an endpoint server**
-
-1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](/iis/install/installing-iis-7/installing-necessary-iis-components-on-windows-vista).
-
-2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
- This lets you create an ASP form that accepts the incoming POST messages.
-
-3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
-
- 
-
-4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
-
- 
-
-5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
- Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
-
-6. Apply these changes to your default website and close the IIS Manager.
-
-7. Put your EmIE.asp file into the root of the web server, using this command:
-
- ```
- <% @ LANGUAGE=javascript %>
- <%
- Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
- %>
- ```
- This code logs your POST fields to your IIS log file, where you can review all of the collected data.
-
-
-### IIS log file information
-This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
-
-
-
-
-## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.
-This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-**Note**
- The required packages are automatically downloaded and included in the solution.
-
- **To set up your endpoint server**
-
-5. Right-click on the name, PhoneHomeSample, and click **Publish**.
-
- 
-
-6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
-
- **Important**
-If you’re already on the webpage, you’ll need to refresh the page to see the results.
-
- 
-
-
-### Troubleshooting publishing errors
-If you have errors while you’re publishing your project, you should try to update your packages.
-
- **To update your packages**
-
-1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
-
- 
-
-2. Click **Updates** on the left side of the tool, and click the **Update All** button.
-You may need to do some additional package cleanup to remove older package versions.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
deleted file mode 100644
index c022c08569..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ /dev/null
@@ -1,231 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: dansimp
-ms.prod: ie11
-title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Set up the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment.
-
-## Step 1 - Copy the deployment folder to the web server
-You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server.
-
-**To download the source code**
-1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server.
-
-2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
-
- > [!NOTE]
- > You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
-
-3. Open File Explorer and then open the **EMIEWebPortal/** folder.
-
-4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**.
-
-5. Type _npm i_ into the command prompt, then press **Enter**.
-
- Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
-
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution.
-
- > [!NOTE]
- > Step 3 of this topic provides the steps to create your database.
-
-7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
-
-## Step 2 - Create the Application Pool and website, by using IIS
-Create a new Application Pool and the website, by using the IIS Manager.
-
-**To create a new Application Pool**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**.
-
- The **Add Application Pool** box appears.
-
-2. In the **Add Application Pool** box, enter the following info:
-
- - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_.
-
- - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher.
-
- - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content.
-
-3. Click **OK**.
-
-4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane.
-
- The **Advanced Settings** box appears.
-
-5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box.
-
-6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_.
-
-7. Right-click on the directory, click **Properties**, and then click the **Security** tab.
-
-8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer.
-
-9. Add **Everyone** to the list with **Read & execute access**.
-
-**To create the website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**.
-
- The **Add Website** box appears.
-
-2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**.
-
- The **Select Application Pool** box appears.
-
-4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_.
-
-5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_.
-
-6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization.
-
-7. Clear the **Start Website immediately** check box, and then click **OK**.
-
-8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_.
-
- The **<website_name> Home** pane appears.
-
-9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**.
-
- > [!NOTE]
- > You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
-
-## Step 3 - Create and prep your database
-Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
-
-**To create and prep your database**
-1. Start SQL Server Management Studio.
-
-2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine.
-
-3. Expand the instance, right-click on **Databases**, and then click **New Database**.
-
-4. Type a database name. For example, _EMIEDatabase_.
-
-5. Leave all default values for the database files, and then click **OK**.
-
-6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory.
-
-7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_.
-
-8. Run the query.
-
-## Step 4 - Map your Application Pool to a SQL Server role
-Map your ApplicationPoolIdentity to your database, adding the db_owner role.
-
-**To map your ApplicationPoolIdentity to a SQL Server role**
-1. Start SQL Server Management Studio and connect to your database.
-
-2. Expand the database instance and then open the server-level **Security** folder.
-
- > [!IMPORTANT]
- > Make sure you open the **Security** folder at the server level and not for the database.
-
-3. Right-click **Logins**, and then click **New Login**.
-
- The **Login-New** dialog box appears.
-
-4. Type the following into the **Login name** box, based on your server instance type:
-
- - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_.
-
- - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`.
-
- > [!IMPORTANT]
- > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID).
-
-5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane.
-
-6. Click **OK**.
-
-## Step 5 - Restart the Application Pool and website
-Using the IIS Manager, you must restart both your Application Pool and your website.
-
-**To restart your Application Pool and website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane.
-
-2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane.
-
-## Step 6 - Registering as an administrator
-After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
-
-**To register as an administrator**
-1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
-
-2. Click **Register now**.
-
-3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box.
-
-4. Click **Administrator** from the **Role** box, and then click **Save**.
-
-5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
-
- A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
-
-6. Select your name from the available list, and then click **Activate**.
-
-7. Go to the Enterprise Mode Site List Portal Home page and sign in.
-
-## Step 7 - Configure the SMTP server and port for email notification
-After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system.
-
-**To set up your SMTP server and port for emails**
-1. Open Visual Studio, and then open the web.config file from your deployment directory.
-
-2. Update the SMTP server and port info with your info, using this format:
-
- ```
-
- Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
-
- **To turn off local control using Group Policy**
-
-3. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-4. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
-
-5. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
-
- **To turn off the site list using the registry**
-
-6. Open a registry editor, such as regedit.exe.
-
-7. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
- You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
-
-8. Close all and restart all instances of Internet Explorer.
- IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
-
- **To turn off local control using the registry**
-
-9. Open a registry editor, such as regedit.exe.
-
-10. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
- You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
-
-11. Close and restart all instances of IE.
- Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
-
-## Related topics
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
deleted file mode 100644
index 178085c2ad..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Turn off natural metrics for Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Fix font rendering problems by turning off natural metrics (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Fix font rendering problems by turning off natural metrics
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-By default, Internet Explorer 11 uses “natural metrics”. Natural metrics use inter-pixel spacing that creates more accurately rendered and readable text, avoiding many common font rendering problems with Windows Internet Explorer 9 or older sites.
-
-However, you might find that many intranet sites need you to use Windows Graphics Device Interface (GDI) metrics. To avoid potential compatibility issues, you must turn off natural metrics for those sites.
-
- **To turn off natural metrics**
-
-- Add the following HTTP header to each site: `X-UA-TextLayoutMetrics: gdi`
-
- -OR-
-
-- Add the following <meta> tag to each site: ``
-
-Turning off natural metrics automatically turns on GDI metrics.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
deleted file mode 100644
index 1b32fa64ad..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Turn on Enterprise Mode and use a site list (Internet Explorer 11 for IT Pros)
-description: How to turn on Enterprise Mode and specify a site list.
-ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: medium
----
-
-
-# Turn on Enterprise Mode and use a site list
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Before you can use a site list with Enterprise Mode, you need to turn the functionality on and set up the system for centralized control. By allowing centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.
-
-> [!NOTE]
-> We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
-
- **To turn on Enterprise Mode using Group Policy**
-
-1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
- Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
-
- 
-
-2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
-
- **To turn on Enterprise Mode using the registry**
-
-3. **For only the local user:** Open a registry editor, like regedit.exe and go to `HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
- -OR-
- For all users on the device: Open a registry editor, like regedit.exe and go to This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. |
-|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-| [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the latest version of the Enterprise Mode Site List Manager.
-
-## Related topics
-
-
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
deleted file mode 100644
index b7669cf1ca..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: User interface problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# User interface problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Some of the features in both Internet Explorer 11 and IEAK 11 have moved around. Here are some of the more common changes.
-
-## Where did features go in the Internet Explorer Customization Wizard 11?
-Various installation or set up choices can prevent you from seeing certain pages in the Internet Explorer Customization Wizard 11. If, after going through the entire Wizard you still haven't found the screen you were looking for, try:
-
-- Making sure you picked the right version of IEAK 11 during installation. Most administrators should pick the **Internal** version, which has more screens and options available.
-
-- Making sure you picked all of the features you wanted from the **Feature Selection** page of the IE Customization Wizard 11. If you don't pick a feature, the associated page won't appear.
-
-## Where are the security zone settings?
-You can see your security zone settings by opening Internet Explorer for the desktop, clicking **Internet Options** from the **Tools** menu, and then clicking **Security**.
-
-## Where did the Favorites, Command, and Status bars go?
-For IE11, the UI has been changed to provide just the controls needed to support essential functionality, hiding anything considered non-essential, such as the **Favorites Bar**, **Command Bar**, **Menu Bar**, and **Status Bar**. This is intended to help focus users on the content of the page, rather than the browser itself. However, if you want these bars to appear, you can turn them back on using Group Policy settings.
-
- **To turn the toolbars back on**
-
-- Right click in the IE toolbar heading and choose to turn on the **Command bar**, **Favorites bar**, and **Status bar** from the menu.
- -OR-
- In IE, press ALT+V to show the View menu, press T to enter the Toolbars menu, and then press:
-
- - **C** to turn on the **Command Bar**
-
- - **F** to turn on the **Favorites Bar**
-
- - **S** to turn on the **Status Bar**
-
-## Where did the search box go?
-IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
-
-> [!NOTE]
-> Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
deleted file mode 100644
index 677f1c974a..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using IE7 Enterprise Mode or IE8 Enterprise Mode
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode gives you a way for your legacy websites and apps to run using emulated versions of Windows Internet Explorer 7 or Windows Internet Explorer 8, while your new sites and apps run using Internet Explorer 11, including modern standards and features.
-
-Although it’s called IE7 Enterprise Mode, it actually turns on Enterprise Mode along with Internet Explorer 7 or Microsoft Internet Explorer 5 Compatibility View. Compatibility View chooses which document mode to use based on whether there’s a `DOCTYPE` tag in your code:
-
-- **DOCTYPE tag found.** Webpages render using the Internet Explorer 7 document mode.
-- **No DOCTYPE tag found.** Webpages render using the Internet Explorer 5 document mode.
-
-**Important** Note
-For more information about virtualization options, see [Microsoft Desktop Virtualization](https://go.microsoft.com/fwlink/p/?LinkId=271662).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
deleted file mode 100644
index fd8cca1014..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ /dev/null
@@ -1,173 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Info about the features included in Enterprise Mode with Internet Explorer 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/25/2018
----
-
-
-# Enterprise Mode and the Enterprise Mode Site List
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
-
-## Available dual-browser experiences
-If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
-
-Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
-
-> [!TIP]
-> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
-
-For Windows 10, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List.
-
-
-## What is Enterprise Mode?
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
-
-### Enterprise Mode features
-Enterprise Mode includes the following features:
-
-- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that aren’t currently supported by existing document modes.
-
-- **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode.
-Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
-
-- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
-
- > [!Important]
- > All centrally-made decisions override any locally-made choices.
-
-- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
-
-- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
-
-## Enterprise Mode and the Enterprise Mode Site List
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
- XML file
-The Enterprise Mode Site List is an XML document that specifies a list of sites, their compatibility mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In IE11, the webpage can also be launched in a specific compatibility mode, so it always renders correctly. Your employees can easily view this site list by typing `about:compat` in either Microsoft Edge or IE11.
-
-Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
-
-### Site list xml file
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compatibility mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
-
-```xml
-
-Wait for the message, **Blocking deployment of IE11 on the local machine. The operation completed successfully.**
-
-6. Close the Command Prompt.
-
-For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](../ie11-faq/faq-ie11-blocker-toolkit.yml).
-
-## Automatic updates
-Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates.
-
-### Automatic delivery process
-Internet Explorer 11 only downloads and installs if it’s available for delivery through Automatic Updates; and Automatic Updates only offer Internet Explorer 11 to users with local administrator accounts. User’s without local administrator accounts won’t be prompted to install the update and will continue using their current version of Internet Explorer.
-
-Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10. If you decide you don’t want Internet Explorer 11, and you’re running Windows 7 SP1 or Windows Server 2008 R2 with SP1, you can uninstall it from the **View installed updates** section of the **Uninstall an update** page of the Control Panel.
-
-### Internet Explorer 11 automatic upgrades
-
-Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11.
-
-Users who were automatically upgraded to Internet Explorer 11 can decide to uninstall Internet Explorer 11. However, Internet Explorer 11 will still appear as an optional update through Windows Update.
-
-### Options for blocking automatic delivery
-
-If you use Automatic Updates in your company, but want to stop your users from automatically getting Internet Explorer 11, do one of the following:
-
-- **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
-
- > [!NOTE]
- >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-for-it-pros-ie11.yml).
-
-- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
-
-> [!NOTE]
-> If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
-
-
-### Prevent automatic installation of Internet Explorer 11 with WSUS
-
-Internet Explorer 11 will be released to WSUS as an Update Rollup package. Therefore, if you’ve configured WSUS to “auto-approve” Update Rollup packages, it’ll be automatically approved and installed. To stop Internet Explorer 11 from being automatically approved for installation, you need to:
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves an update that is classified as Update Rollup, and then click **Edit.**
-
- > [!NOTE]
- > If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
- > [!NOTE]
- > The properties for this rule will resemble the following:
- Supported web standards include:
-
- - Web Graphics Library (WebGL)
-
- - Canvas 2D L2 extensions, including image smoothing using the nearest neighbor, dashed lines, and fill rules
-
- - Fullscreen API
-
- - Encrypted media extensions
-
- - Media source extensions
-
- - CSS flexible box layout module
-
- - And mutation observers like DOM4 and 5.3
-
- For more information about specific changes and additions, see the [IE11 guide for developers](/previous-versions/windows/internet-explorer/ie-developer/dev-guides/bg182636(v=vs.85)).
-
- - question: |
- What test tools exist to test for potential application compatibility issues?
- answer: |
- The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://testdrive-archive.azurewebsites.net/html5/compatinspector/help/post.htm). In addition, you can use the new [F12 Developer Tools](/previous-versions/windows/internet-explorer/ie-developer/dev-guides/bg182632(v=vs.85)) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
-
- - question: |
- Why am I having problems launching my legacy apps with Internet Explorer 11?
- answer: |
- It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
-
- - **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
- - **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
- For more information, see the [Web Applications](/dotnet/framework/migration-guide/application-compatibility) section of the Application Compatibility in the .NET Framework 4.5 page.
-
- - question: |
- Is there a compatibility list for IE?
- answer: |
- Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
-
- - question: |
- What is Enterprise Mode?
- answer: |
- Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
- For more information, see [Turn on Enterprise Mode and use a site list](../ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md).
-
- - question: |
- What is the Enterprise Mode Site List Manager tool?
- answer: |
- Enterprise Mode Site List Manager tool gives you a way to add websites to your Enterprise Mode site list, without having to manually code XML.
- For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
-
- - question: |
- Are browser plug-ins supported in IE11?
- answer: |
- The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
-
- - question: |
- Is Adobe Flash supported on IE11?
- answer: |
- Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
- **Important**
-
- |Setting |Result |
- |--------|-------|
- |Let IE decide |Links open in the same type of experience from where they're launched. For example, clicking a link from a Microsoft Store app, opens IE. However, clicking a link from a desktop app, opens Internet Explorer for the desktop. |
- |Always in IE11 |Links always open in IE. |
- |Always in Internet Explorer for the desktop |Links always open in Internet Explorer for the desktop. |
-
-
- - question: |
- Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?
- answer: |
- Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
-
- IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
-
- | | | |
- |---------|---------|---------|
- |[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) |
- |[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) |
- |[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) |
- |[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) |
- |[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) |
- |[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) |
- |[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) |
- |[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) |
-
-
-
-
- - question: |
- What are the different modes available for the Internet Explorer Customization Wizard?
- answer: |
- The IEAK Customization Wizard displays pages based on your licensing mode selection, either **Internal** or **External**. For more information on IEAK Customization Wizard modes, see [Determine the licensing version and features to use in IEAK 11](../ie11-ieak/licensing-version-and-features-ieak11.md).
-
- The following table displays which pages are available in IEAK 11, based on the licensing mode:
-
- | **Wizard Pages** | **External** | **Internal** |
- |-------------------------------------------|--------------|--------------|
- | Welcome to the IEAK | Yes | Yes |
- | File Locations | Yes | Yes |
- | Platform Selection | Yes | Yes |
- | Language Selection | Yes | Yes |
- | Package Type Selection | Yes | Yes |
- | Feature Selection | Yes | Yes |
- | Automatic Version Synchronization | Yes | Yes |
- | Custom Components | Yes | Yes |
- | Corporate Install | No | Yes |
- | User Experience | No | Yes |
- | Browser User Interface | Yes | Yes |
- | Search Providers | Yes | Yes |
- | Important URLs - Home page and Support | Yes | Yes |
- | Accelerators | Yes | Yes |
- | Favorites, Favorites Bar, and Feeds | Yes | Yes |
- | Browsing Options | No | Yes |
- | First Run Wizard and Welcome Page Options | Yes | Yes |
- | Compatibility View | Yes | Yes |
- | Connection Manager | Yes | Yes |
- | Connection Settings | Yes | Yes |
- | Automatic Configuration | No | Yes |
- | Proxy Settings | Yes | Yes |
- | Security and Privacy Settings | No | Yes |
- | Add a Root Certificate | Yes | No |
- | Programs | Yes | Yes |
- | Additional Settings | No | Yes |
- | Wizard Complete | Yes | Yes |
-
-
-additionalContent: |
-
- ## Related topics
-
- - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
- - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
- - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
deleted file mode 100644
index 618ec339b5..0000000000
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
+++ /dev/null
@@ -1,161 +0,0 @@
-### YamlMime:FAQ
-metadata:
- ms.localizationpriority: medium
- ms.mktglfcycl: explore
- description: Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
- author: dansimp
- ms.author: dansimp
- ms.prod: ie11
- ms.assetid:
- ms.reviewer:
- audience: itpro
- manager: dansimp
- title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
- ms.sitesec: library
- ms.date: 05/10/2018
- ms.topic: faq
-title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
-summary: |
- [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
- Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
-
- > [!Important]
- > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
-
- - [Automatic updates delivery process](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#automatic-updates-delivery-process)
-
- - [How the Internet Explorer 11 Blocker Toolkit works](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#how-the-internet-explorer-11-blocker-toolkit-works)
-
- - [Internet Explorer 11 Blocker Toolkit and other update services](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#internet-explorer-11-blocker-toolkit-and-other-update-services)
-
-
-sections:
- - name: Automatic Updates delivery process
- questions:
- - question: |
- Which users will receive Internet Explorer 11 important update?
- answer: |
- Users running either Windows 7 with Service Pack 1 (SP1) or the 64-bit version of Windows Server 2008 R2 with Service Pack 1 (SP1) will receive Internet Explorer 11 important update, if Automatic Updates are turned on. Windows Update is manually run. Automatic Updates will automatically downloand install the Internet Explorer 11 files if it’s turned on. For more information about how Internet Explorer works with Automatic Updates and information about other deployment blocking options, see [Internet Explorer 11 Delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md).
-
- - question: |
- When is the Blocker Toolkit available?
- answer: |
- The Blocker Toolkit is currently available from the [Microsoft DownloCenter](https://www.microsoft.com/download/details.aspx?id=40722).
-
- - question: |
- Whtools cI use to manage Windows Updates and Microsoft Updates in my company?
- answer: |
- We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
-
- - question: |
- How long does the blocker mechanism work?
- answer: |
- The Internet Explorer 11 Blocker Toolkit uses a registry key value to permanently turn off the automatic delivery of Internet Explorer 11. This behavior lasts long the registry key value isn’t removed or changed.
-
- - question: |
- Why should I use the Internet Explorer 11 Blocker Toolkit to stop delivery of Internet Explorer 11? Why can’t I just disable all of Automatic Updates?
- answer: |
- Automatic Updates provide you with ongoing criticsecurity and reliability updates. Turning this feature off cleave your computers more vulnerable. Instead, we suggest thyou use update management solution, such WSUS, to fully control your environment while leaving this feature running, managing how and when the updates get to your user’s computers.
-
- The Internet Explorer 11 Blocker Toolkit safely allows Internet Explorer 11 to downloand install in companies thcan’t use WSUS, Configuration Manager, or
- other update management solution.
-
- - question: |
- Why don’t we just block URL access to Windows Update or Microsoft Update?
- answer: |
- Blocking the Windows Update or Microsoft Update URLs also stops delivery of criticsecurity and reliability updates for all of the supported versions of the Windows operating system; leaving your computers more vulnerable.
-
- - name: How the Internet Explorer 11 Blocker Toolkit works
- questions:
- - question: |
- How should I test the Internet Explorer 11 Blocker Toolkit in my company?
- answer: |
- Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additionimpact or side effects to your environment. No additiontesting should be necessary.
-
- - question: |
- What’s the registry key used to block delivery of Internet Explorer 11?
- answer: |
- HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\11.0
-
- - question: |
- What’s the registry key name and values?
- answer: |
- The registry key name is **DoNotAllowIE11**, where:
-
- - A value of **1** turns off the automatic delivery of Internet Explorer 11 using Automatic Updates and turns off the Express install option.
-
- - Not providing a registry key, or using a value of anything other th**1**, lets the user install Internet Explorer 11 through Automatic Updates or a
- manuupdate.
-
- - question: |
- Does the Internet Explorer 11 Blocker Toolkit stop users from manually installing Internet Explorer 11?
- answer: |
- No. The Internet Explorer 11 Blocker Toolkit only stops computers from automatically installing Internet Explorer 11 through Automatic Updates. Users cstill downloand install Internet Explorer 11 from the Microsoft DownloCenter or from externmedia.
-
- - question: |
- Does the Internet Explorer 11 Blocker Toolkit stop users from automatically upgrading to Internet Explorer 11?
- answer: |
- Yes. The Internet Explorer 11 Blocker Toolkit also prevents Automatic Updates from automatically upgrading a computer from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11.
-
- - question: |
- How does the provided script work?
- answer: |
- The script accepts one of two command line options:
-
- - **Block:** Creates the registry key thstops Internet Explorer 11 from installing through Automatic Updates.
-
- - **Unblock:** Removes the registry key thstops Internet Explorer 11 from installing through Automatic Updates.
-
- - question: |
- What’s the ADM template file used for?
- answer: |
- The Administrative Template (.adm file) lets you import the new Group Policy environment and use Group Policy Objects to centrally manage all of the computers in your company.
-
- - question: |
- Is the tool localized?
- answer: |
- No. The tool isn’t localized, it’s only available in English (en-us). However, it does work, without any modifications, on any language edition of the supported operating systems.
-
- - name: Internet Explorer 11 Blocker Toolkit and other update services
- questions:
- - question: |
- Is there a version of the Internet Explorer Blocker Toolkit thwill prevent automatic installation of IE11?
- answer: |
- Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft DownloCenter.
-
- - question: |
- Does the Internet Explorer 11 blocking mechanism also block delivery of Internet Explorer 11 through update management solutions, like WSUS?
- answer: |
- No. You cstill deploy Internet Explorer 11 using one of the upgrade management solutions, even if the blocking mechanism is activated. The Internet Explorer 11 Blocker Toolkit is only intended for companies thdon’t use upgrade management solutions.
-
- - question: |
- If WSUS is set to 'auto-approve' Update Rollup packages (this is not the default configuration), how do I stop Internet Explorer 11 from automatically installing throughout my company?
- answer: |
- You only need to change your settings if:
-
- - You use WSUS to manage updates and allow auto-approvals for Update Rollup installation.
-
- -and-
-
- - You have computers running either Windows 7 SP1 or Windows Server 2008 R2 (SP1) with Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 installed.
-
- -and-
-
- - You don’t want to upgrade your older versions of Internet Explorer to Internet Explorer 11 right now.
-
- If these scenarios apply to your company, see [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md) for more information on how to prevent automatic installation.
-
-
-additionalContent: |
-
- ## Additionresources
-
- - [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-
- - [Internet Explorer 11 Ffor IT pros](./faq-for-it-pros-ie11.yml)
-
- - [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
-
- - [Internet Explorer 11 deployment guide](../ie11-deploy-guide/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.yml b/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
deleted file mode 100644
index 20e3889f45..0000000000
--- a/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
+++ /dev/null
@@ -1,140 +0,0 @@
-### YamlMime:FAQ
-metadata:
- ms.localizationpriority: medium
- ms.mktglfcycl: support
- ms.pagetype: security
- description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
- author: dansimp
- ms.author: dansimp
- ms.manager: elizapo
- ms.prod: ie11
- ms.assetid:
- ms.reviewer:
- audience: itpro
- manager: dansimp
- title: IEAK 11 - Frequently Asked Questions
- ms.sitesec: library
- ms.date: 05/10/2018
- ms.topic: faq
-title: IEAK 11 - Frequently Asked Questions
-summary: |
- [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
- Get answers to commonly asked questions about the Internet Explorer Administration Kit 11 (IEAK 11), and find links to additional material you might find helpful.
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What is IEAK 11?
- answer: |
- IEAK 11 enables you to customize, brand, and distribute customized Internet Explorer 11 browser packages across an organization. Download the kit from the [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
-
- - question: |
- What are the supported operating systems?
- answer: |
- You can customize and install IEAK 11 on the following supported operating systems:
-
- - Windows 8
-
- - Windows Server 2012
-
- - Windows 7 Service Pack 1 (SP1)
-
- - Windows Server 2008 R2 Service Pack 1 (SP1)
-
- > [!NOTE]
- > IEAK 11 does not support building custom packages for Windows RT.
-
-
- - question: |
- What can I customize with IEAK 11?
- answer: |
- The IEAK 11 enables you to customize branding and settings for Internet Explorer 11. For PCs running Windows 7, the custom package also includes the Internet Explorer executable.
-
- > [!NOTE]
- > Internet Explorer 11 is preinstalled on PCs running Windows 8. Therefore, the executable is not included in the customized package.
-
- - question: |
- Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?
- answer: |
- Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
-
- > [!NOTE]
- > IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
-
- - question: |
- Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?
- answer: |
- Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
-
- - [Internet Explorer Administration Kit Information and Downloads](../ie11-ieak/ieak-information-and-downloads.md) on the Internet Explorer TechCenter.
-
- - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-
- - question: |
- What are the different modes available for the Internet Explorer Customization Wizard?
- answer: |
- The IEAK Customization Wizard displays pages based on your licensing mode selection, either **Internal** or **External**. For more information on IEAK Customization Wizard modes, see [What IEAK can do for you](../ie11-ieak/what-ieak-can-do-for-you.md).
-
- The following table displays which pages are available in IEAK 11, based on the licensing mode:
-
- | **Wizard Pages** | **External** | **Internal** |
- |-------------------------------------------|--------------|--------------|
- | Welcome to the IEAK | Yes | Yes |
- | File Locations | Yes | Yes |
- | Platform Selection | Yes | Yes |
- | Language Selection | Yes | Yes |
- | Package Type Selection | Yes | Yes |
- | Feature Selection | Yes | Yes |
- | Automatic Version Synchronization | Yes | Yes |
- | Custom Components | Yes | Yes |
- | Corporate Install | No | Yes |
- | User Experience | No | Yes |
- | Browser User Interface | Yes | Yes |
- | Search Providers | Yes | Yes |
- | Important URLs - Home page and Support | Yes | Yes |
- | Accelerators | Yes | Yes |
- | Favorites, Favorites Bar, and Feeds | Yes | Yes |
- | Browsing Options | No | Yes |
- | First Run Wizard and Welcome Page Options | Yes | Yes |
- | Compatibility View | Yes | Yes |
- | Connection Manager | Yes | Yes |
- | Connection Settings | Yes | Yes |
- | Automatic Configuration | No | Yes |
- | Proxy Settings | Yes | Yes |
- | Security and Privacy Settings | No | Yes |
- | Add a Root Certificate | Yes | No |
- | Programs | Yes | Yes |
- | Additional Settings | No | Yes |
- | Wizard Complete | Yes | Yes |
-
-
- - question: |
- Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?
- answer: |
- Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
-
- IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
-
- | | | |
- |---------|---------|---------|
- |[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) |
- |[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) |
- |[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) |
- |[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) |
- |[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) |
- |[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) |
- |[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) |
- |[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) |
-
-additionalContent: |
-
- ## Additional resources
-
- -[Download IEAK 11](../ie11-ieak/ieak-information-and-downloads.md)
- -[IEAK 11 overview](../ie11-ieak/index.md)
- -[IEAK 11 product documentation](../ie11-ieak/index.md)
- -[IEAK 11 licensing guidelines](../ie11-ieak/licensing-version-and-features-ieak11.md)
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
deleted file mode 100644
index 40a7886b0a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Accelerators page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Accelerators page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Accelerators** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add accelerators to your employee computers. Accelerators are contextual menu options that can quickly get to a web service from any webpage. For example, an accelerator can look up a highlighted word in the dictionary or a selected location on a map.
-
-**Note**
-The **Add Accelerator** box appears.
-
-3. Use the **Browse** button to go to your custom accelerator XML file.
-
-4. Check the **Set this Accelerator as the default for the category** box if you want this accelerator to be the default value that shows up for the category.
-
-5. Click **Edit** to change your accelerator information, click **Set Default** to make an accelerator the default value for a category, or **Remove** to delete an accelerator.
-
-6. Click **Next** to go to the [Favorites, Favorites Bar, and Feeds](favorites-favoritesbar-and-feeds-ieak11-wizard.md) page or **Back** to go to the [Important URLs - Home Page and Support](important-urls-home-page-and-support-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
deleted file mode 100644
index b4d0459c78..0000000000
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use IEAK 11 to add and approve ActiveX controls for your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add and approve ActiveX controls using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add and approve ActiveX controls using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-There are two main approaches to how you can control the use of ActiveX controls in your company. For more info about ActiveX controls, including how to manage the controls using Group Policy, see [Group Policy and ActiveX installation](../ie11-deploy-guide/activex-installation-using-group-policy.md) in the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
-
-**Note** Note Note
- For more detailed info about how to set up your DHCP server, see your server documentation.
-
-**To set up automatic detection for DNS servers**
-
-1. In your DNS database file, the file that’s used to associate your host (computer) names to static IP addresses in a zone, you need to create a host record named, **WPAD**. This record contains entries for all of the hosts that require static mappings, such as workstations, name servers, and mail servers. It also has the IP address to the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file. The syntax is: -OR-
- Create a canonical name (CNAME) alias record, named WPAD. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
- Note
-You might receive a security warning before downloading your Setup file, asking if you want to continue. Click **Run** to continue.
-
-2. Click **Next** to go to the [Custom Components](custom-components-ieak11-wizard.md) page or **Back** to go to the [Feature Selection](feature-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
deleted file mode 100644
index 7271837b2e..0000000000
--- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: A list of steps to follow before you start to create your custom browser installation packages.
-author: dansimp
-ms.author: dansimp
-ms.manager: elizapo
-ms.prod: ie11
-ms.assetid: 6ed182b0-46cb-4865-9563-70825be9a5e4
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Before you start using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 04/24/2018
----
-
-
-# Before you start using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Before you run IEAK 11 and the Customization Wizard, make sure you have met the following requirements:
-
-- Have you determined which licensing version of the Internet Explorer Administration Kit 11 to install? For info, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
-
-- Do you meet the necessary hardware and software requirements? See [Hardware and software requirements for IEAK 11](hardware-and-software-reqs-ieak11.md).
-
-- Have you gotten all of the URLs needed to customize your **Home**, **Search**, and **Support** pages? See [Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](important-urls-home-page-and-support-ieak11-wizard.md).
-
-- Have you reviewed the security features to determine how to set up and manage them? See [Security features and IEAK 11](security-and-ieak11.md).
-
-- Have you created a test lab, where you can run the test version of your browser package to make sure it runs properly?
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
deleted file mode 100644
index 351b1bbb76..0000000000
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Branding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Branding .INS file to create custom branding and setup info
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about the custom branding and setup information in your browser package.
-
-|Name |Value | Description |
-|-----------|--------------------------------|--------------------------------------------------------------|
-|Add on URL | ` **Note** **Note**
-The text shows up in the title bar as **IE provided by** <*your_custom_text*>.
-
-2. Check the **Delete existing toolbar buttons, if present** box so you can delete all of the toolbar buttons in your employee’s browser, except for the standard buttons installed with IE (which can’t be removed).
-
-**Note**
- The **Browser Toolbar Button Information** box appears.
-
-4. In the **Toolbar caption** box, type the text that shows up when an employee hovers over your custom button. We recommend no more than 10 characters.
-
-5. In the **Toolbar action** box, browse to your script or executable file that runs when an employee clicks your custom button.
-
-6. In the **Toolbar icon** box, browse to the icon file that represents your button while active. This icon must be 20x20 pixels.
-
-7. Check the **This button should be shown on the toolbar by default** box so your custom button shows by default.
- This box should be cleared if you want to offer a custom set of buttons, but want your employees to choose whether or not to use them. In this situation, your buttons will show up in the **Customize Toolbars** dialog box, under **Available toolbar buttons**. Your employees can get to this dialog box in IE by clicking **Tools** from the **Command Bar**, clicking **Toolbars**, and then clicking **Customize**.
-
-8. Click **OK.**
-
-9. Click **Edit** to change your custom toolbar button or **Remove** to delete the button. The removed button will disappear from your employee’s computer after you apply the updated customization. Only custom toolbar buttons can be removed.
-
-10. Click **Next** to go to the [Search Providers](search-providers-ieak11-wizard.md) page or **Back** to go to the [User Experience](user-experience-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
deleted file mode 100644
index 05fb2324f7..0000000000
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about how to customize the Internet Explorer toolbar.
-
-|Name |Value |Description |
-|-----------|---------------------------|-------------|
-|Action0 |` **Note** **Note**
-**Important**
-Where *description* is the string that’s shown in the **Uninstall or change a program** box.
-
-2. Add another new key and value to:
-Where *command-line* is the command that’s run when the component is picked from the **Uninstall or change a program** box.
-
-Your uninstall script must also remove your key from under the **Uninstall** registry key, so that your component no longer appears in the **Uninstall or change a program** after uninstallation. You can also run just a section of an .inf file by using the Setupx.dll InstallHinfSection entry point. To make this work, your installation script must copy the .inf file to the Windows\Inf folder for your custom component.
-
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
deleted file mode 100644
index 1a981a5a16..0000000000
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Custom Components page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Custom Components page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](https://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
-
-**Important**
-The **Add a Custom Component** box appears.
-
-2. Type in the name of your component and then browse to the location of your file (either .cab or .exe).
-
-3. Pick when to install the component. This can be before IE, after IE, or after the computer restarts.
-**Important**
-The boxes clear and you can add another component. Click **Cancel** to go back to the **Custom Components** page.
-
-12. Click **Edit** to change your custom component information, **Verify** to make sure the component is digitally signed, or **Remove** to delete the component from your custom installation package.
-
-13. Click **Next** to go to the [Internal Install](internal-install-ieak11-wizard.md) page or **Back** to go to the [Automatic Version Synchronization](auto-version-sync-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
deleted file mode 100644
index 7a5556235d..0000000000
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the CustomBranding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the CustomBranding .INS file to create custom branding and setup info
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Provide the URL to your branding cabinet (.cab) file.
-
-
-| Name | Value | Description |
-|----------|------------------|------------------------------------------------------------------------------------------------------------------------|
-| Branding | `
- For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
- **Important**
-The links are imported and added to the **Favorites, Favorites Bar, and Feeds** page, beneath the **Favorites** folder.
-
-3. To add a new favorite link, pick **Favorites**, and then click **Add URL**.
-The **Details** box appears.
-
-4. Type the new link name in the **Name** box.
-
-5. Type the new URL in the **URL** box.
-
-6. Optionally, you can add a 16x16 pixel icon to your link by adding the location in the **Icon** box.
-
-7. Click **OK**.
-
-8. To add a new **Favorites** folder, pick **Favorites**, and then click **Add Folder**.
-The **Details** box appears.
-
-9. Type the folder name into the **Name** box, and then click **OK**.
-
-10. Click **Edit** to change any of your new information, **Test URL** to test each of your links to make sure they go to the right place, or **Remove** to delete a **Favorites** item.
-
-11. If you have multiple **Favorites** links, you can update their order in the list. Check the **Add to the top of the list** box, click the link you want to move, and then click **Move Up** or **Move Down**.
-
-12. Check the **Disable IE Suggested Sites** box to disable the Suggested Sites feature. By turning this on, your employees won’t receive suggested sites based on the sites that they visit.
-
-13. Continue with the next procedures in this topic to add additional **Favorites Bar** or **RSS Feeds** links, or you can click **Next** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page or **Back** to go to the [Accelerators](accelerators-ieak11-wizard.md) page.
-
-**To work with the Favorites Bar**
-
-1. To import your existing folder of links, pick **Favorites Bar**, and then click **Import**.
-
-2. Go to your existing link folder, most likely in the `
-The links are imported and added to the **Favorites, Favorites Bar, and Feeds** page, beneath the **Favorites Bar** folder.
-
-3. To add a new link to the **Favorites Bar**, pick **Favorites Bar**, and then click **Add URL**.
-The **Details** box appears.
-
-4. Type the new quick link name in the **Name** box.
-
-5. Type the new URL in the **URL** box.
-
-6. Optionally, you can add a 16x16 pixel icon to your link by adding the location in the **Icon** box.
-
-7. Pick whether your link is a simple **Link**, a **Feed**, or a **Web Slice**, and then click **OK**.
-
-8. Click **Edit** to change any of your new information, **Test URL** to test each of your links to make sure they go to the right place, or **Remove** to delete a **Favorites Bar** item.
-
-9. If you have multiple **Favorites Bar** links, you can update their order in the list. Check the **Add to the top of the list** box, click the link you want to move, and then click **Move Up** or **Move Down**.
-
-10. Check the **Disable IE Suggested Sites** box to disable the Suggested Sites feature. By turning this on, your employees won’t receive suggested sites based on the sites that they visit.
-
-11. Continue with the next procedures in this topic to add additional **Favorites** or **RSS Feeds** links, or you can click **Next** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page or **Back** to go to the [Accelerators](accelerators-ieak11-wizard.md) page.
-
-**To work with RSS Feeds**
-
-1. To add a new link to the **RSS Feeds**, pick **Favorites Bar**, and then click **Add URL**.
-The **Details** box appears.
-
-2. Type the new link name in the **Name** box.
-
-3. Type the new URL in the **URL** box, and then click **OK**.
-
-4. Click **Edit** to change any of your new information, **Test URL** to test each of your links to make sure they go to the right place, or **Remove** to delete a **RSS Feeds** item.
-
-5. If you have multiple **RSS Feeds** links, you can update their order in the list. Check the **Add to the top of the list** box, click the link you want to move, and then click **Move Up** or **Move Down**.
-
-6. Check the **Disable IE Suggested Sites** box to disable the Suggested Sites feature. By turning this on, your employees won’t receive suggested sites based on the sites that they visit.
-
-7. Continue with the next procedures in this topic to add additional **Favorites** or **Favorites Bar** links, or you can click **Next** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page or **Back** to go to the [Accelerators](accelerators-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
deleted file mode 100644
index ac736e20df..0000000000
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 55de376a-d442-478e-8978-3b064407b631
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the FavoritesEx .INS file for your Favorites icon and URLs (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the FavoritesEx .INS file for your Favorites icon and URLs
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about where you store your **Favorites** icon file, whether your **Favorites** are available offline, and the URLs for each **Favorites** site.
-
-|Name |Value |Description |
-|----------------|-----------------------|--------------------------------------------------------------------------|
-|IconFile1 |`
-You can also click **Select All** to add, or **Clear All** to remove, all of the features.
-
-2. Click **Next** to go to the [Automatic Version Synchronization](auto-version-sync-ieak11-wizard.md) page or **Back** to go to the [Package Type Selection](pkg-type-selection-ieak11-wizard.md) page.
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
deleted file mode 100644
index 0aee908cd4..0000000000
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders.
-author: dansimp
-ms.prod: ie11
-ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the File Locations page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the File Locations page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **File Locations** page of the Internet Explorer Customization Wizard 11 lets you change the location of your folders, including:
-
-- Where you’ll create and store your custom installation package.
-
-- Where you’ll download and store Internet Explorer 11.
-
-**Important**
-**Note**
-The **Advanced Options** box opens and lets you change how the wizard downloads and gets files, and how it imports settings from your .ins file.
-
-3. Check the box letting IE Customization Wizard 11 look for the latest components, using Automatic Version Synchronization.
-This option lets the wizard connect to the IE **Downloads** page to look for updated versions of IE since you last ran the wizard.
-**Important**
-By importing settings from an .ins file, you can re-use existing configurations. This saves you time if your packages have the same or similar settings.
-
-5. Browse to your component download folder.
-Automatic Version Synchronization automatically checks the component download folder to see if you have the latest version of IE. To keep this folder up-to-date, you shouldn’t change its location. However, if you want to keep both a previous version of IE and the latest version, we recommend you download the components to a different location.
-
-6. Click **OK** to close the **Advanced Options** box, and then click **Next** to go to the [Platform Selection](platform-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
deleted file mode 100644
index 616e3b9938..0000000000
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11).
-author: dansimp
-ms.prod: ie11
-ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: File types used or created by IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# File types used or created by IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-A list of the file types used or created by tools in IEAK 11:
-
-|File type |Description |
-|----------|-------------------------|
-|.adm | An admin file (located at ` **Important**
-Clearing this box lets you use the IE11 **Welcome** page or your custom **Welcome** page.
-
-2. If you cleared the First Run wizard box, you can decide which **Welcome** page to use:
-
- - **Use IE11 Welcome Page.** Check this box if you want to use the default IE11 **Welcome** page.
-
- - **Use a custom Welcome Page.** Check this box if you want to use a custom **Welcome** page. If you choose this option, you need to add the URL to your custom page.
-
-3. Click **Next** to go to the [Compatibility View](compat-view-ieak11-wizard.md) page or **Back** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
deleted file mode 100644
index e3d95badec..0000000000
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons.
-author: dansimp
-ms.prod: ie11
-ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Customize the toolbar button and Favorites List icons using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Customize the Toolbar button and Favorites List icons using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use these customization guidelines to change the browser toolbar button and the **Favorites List** icons, using your own branding and graphics.
-
-**Important** However, you must use the Windows 8.1 target platform and only the "Configuration-only package" is available.
-
-- Windows 8.1
-
-- Windows Server 2012 R2
-
-- Windows® 7 Service Pack 1 (SP1)
-
-- Windows Server 2008 R2 (SP1)
-
-**Important**
-
-|Parameter (Setup options) |Description |
-|--------------------------|-------------------------------------------------------------------------------------------------|
-|`/update-no` |Doesn't look for Internet Explorer updates. |
-|`/no-default` |Doesn't make Internet Explorer the default browser. |
-|`/no-backup` |Doesn't back up the files necessary to uninstall IE. |
-|`/ieak-full` |Reserved for use by the IEAK 11. |
-|`/ieak-branding` |Reserved for use by the IEAK 11. |
-
-
-|Parameter (Restart options) |Description |
-|----------------------------|--------------------------------------------|
-|`/norestart` |Doesn't restart after installation. |
-|`/forcerestart` |Restarts after installation. |
-
-
-|Parameter (miscellaneous options) |Description |
-|----------------------------------|--------------------------------------------|
-|`/help` |Provides help info. Can't be used with any other option. |
-|`/log **Important** **Note** This only applies to IE11 on Windows 7 SP1 |
-|[Browser user interface](browser-ui-ieak11-wizard.md) |Internet Explorer for the desktop |Customize your title bars and toolbar buttons. |
-|[Search Providers](search-providers-ieak11-wizard.md) |Both |Import and add Search providers. |
-|[Important URLs – Home page and Support](important-urls-home-page-and-support-ieak11-wizard.md) |The **Support** page is supported by both experiences. The **Home** page is only supported on Internet Explorer for the desktop. |Add URLs for your **Home** and **Support** pages. |
-|[Accelerators](accelerators-ieak11-wizard.md) |Internet Explorer for the desktop |Import and add default accelerators. |
-|[Favorites, Favorites Bar and Feeds](favorites-favoritesbar-and-feeds-ieak11-wizard.md) |Internet Explorer for the desktop |Import and add items to the **Favorites** folder, the **Favorites Bar**, and the **Feeds** folder. **Note** **Note** -OR- -AND- -OR-
-If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you don’t add a custom **Home** page, IE uses https://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**.
-
-2. Check the **Retain previous Home Page (Upgrade)** box if you have employees with previous versions of IE, who need to keep their **Home** page settings when the browser is updated.
-
-3. Check the **Online support page URL** box to type in the URL to your own support page. Customizing the support page is only supported in Internet Explorer for the desktop.
-
-4. Click **Next** to go to the [Accelerators](accelerators-ieak11-wizard.md) page or **Back** to go to the [Search Providers](search-providers-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
deleted file mode 100644
index d4dde73e8c..0000000000
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.mktglfcycl: plan
-description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
-title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.localizationpriority: medium
-manager: dansimp
-ms.date: 03/15/2016
----
-
-
-# Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
-
-Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
-
-> [!IMPORTANT]
-> Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary.
-
-
-## Included technology
-IEAK 11 includes the following technology:
-- **Internet Explorer Customization Wizard.** This wizard guides you through the process of creating custom browser packages. After these packages are installed on your user's desktop, the user receives customized versions of Internet Explorer 11, with the settings and options you selected through the wizard.
-- **Windows Installer (MSI).** IEAK 11 supports creating an MSI wrapper for your custom Internet Explorer 11 packages, enabling you to use Active Directory to deploy the package to your user's PC.
-- **IEAK Help.** IEAK 11 Help includes many conceptual and procedural topics, which you can view from the **Index**, **Contents**, or **Search** tabs. You also have the option to print any topic, or the entire Help library.
-
-
-## Naming conventions
-IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1 Update and newer versions of the Windows operating system:
-
-|Name |Description |
-|-----|-----------------------------------------------------------|
-|IE |The immersive browser, or IE, without a specific version. |
-|Internet Explorer for the desktop |The desktop browser. This is the only experience available when running IE11 on Windows 7 SP1. |
-|IE11 |The whole browser, which includes both IE and Internet Explorer for the desktop. |
-|Internet Explorer Customization Wizard 11 |Step-by-step wizard screens that help you create custom IE11 installation packages. |
-
-## Related topics
-- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.yml)
-- [Download IEAK 11](ieak-information-and-downloads.md)
-- [IEAK 11 administrators guide]()
-- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
deleted file mode 100644
index 6936f198d0..0000000000
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Internal Install page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Internal Install page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Internal Install** page of the Internet Explorer Customization Wizard 11 lets you customize Setup for the default browser and the latest browser updates, based on your company’s guidelines.
-
-**Note** -OR-
-
- - **Do not set IE as the default browser.** Won’t set IE as the default browser. However, your employees can still make IE the default.
-
-2. Click **Next** to go to the [User Experience](user-experience-ieak11-wizard.md) page or **Back** to go to the [Custom Components](custom-components-ieak11-wizard.md).
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
deleted file mode 100644
index 666c5f8b17..0000000000
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the ISP_Security .INS file to add your root certificate (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the ISP_Security .INS file to add your root certificate
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about where you store the root certificate you’re adding to your custom package.
-
-|Name |Value |Description |
-|---------------|-----------------------|------------------------------------------------------------------------------------------|
-|RootCertPath |`
-You can support as many languages as you want, but each localized version must be in its own install package.
-**Note** -OR-
-
-2. Check the **Configuration-only package** box if you want to update an existing installation of IE11. This media package is named **IE11- Setup-Branding.exe**, in the `
-You can distribute this file on any media format or server. It customizes the IE11 features without re-installing IE.
-**Important**
-You must create individual packages for each supported operating system.
-**Note** -OR-
-
- - **Import the current Program Settings.** Pick this option to import the program associations from your device and use them as the preset for your employee’s program settings. **Note**
-Proxy locations that don’t begin with a protocol (like, https:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `https://proxy`.
-
-3. Type the port for each service. The default value is *80*.
-
-4. Check the **Use the same proxy server for all addresses** box to use the same proxy server settings for all of your services.
-
-5. Type any services that shouldn’t use a proxy server into the **Do not use proxy server for addresses beginning with** box.
-When filling out your exceptions, keep in mind:
-
- - Proxy bypass entries can begin with a protocol type, such as https://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol.
-
- - Protocol values are not case sensitive and you can use a wildcard character (*) in place of zero or more characters.
-
- - You must use a semicolon between your entries.
-
- - This list is limited to **2064** characters.
-
-6. Check the **Do not use proxy server for local (intranet) addresses** to bypass your proxy servers for all addresses on your intranet.
-
-7. Click **Next** to go to the [Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) page or **Back** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
deleted file mode 100644
index f3b4414183..0000000000
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Learn how to register an uninstall app for your custom components, using IEAK 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Register an uninstall app for custom components using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.date: 07/27/2017
----
-
-
-# Register an uninstall app for custom components using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Register the uninstall apps for any custom components you’ve included in your Internet Explorer 11 package. Registering these apps lets your employees remove the components later, using **Uninstall or change a program** in the Control Panel.
-
-## Register your uninstallation program
-While you’re running your custom component setup process, your app can add information to the subkeys in the `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ApplicationName` registry key, registering your uninstallation program.
-
-**Note**
-The Microsoft Management Console opens.
-
-2. Click **File**, and then click **Add/Remove Snap-in**.
-
-3. In the **Available snap-ins** window, go down to the **Resultant Set of Policy** snap-in option, click **Add**, and then click **OK**.
-You’re now ready to use the RSoP snap-in from the console.
-
-**To use the RSoP snap-in**
-
-1. Right-click **Resultant Set of Policy** and then click **Generate RSoP Data**.
-You’ll only need to go through the resulting RSoP Wizard first time you run the snap-in.
-
-2. Click **Next** on the **Welcome** screen.
-
-3. Under **Computer Configuration**, click **Administrative Templates**, click **Windows Components**, click **IE**, and then click the feature you want to review the policy settings for.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
deleted file mode 100644
index c092a2101b..0000000000
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Search Providers page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Search Providers page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Search Providers** page of the Internet Explorer Customization Wizard 11 lets you add a default search provider (typically, Bing®) and additional providers to your custom version of IE.
-
-**Note**
-The **Search Provider** box appears.
-
-3. In the **Display Name** box, type the text that appears in the **Search Options** menu for the search provider.
-
-4. In the **URL** box, type the full URL to the search provider, including the https:// prefix.
-
-5. In the **Favicon URL** box, type the full URL to any icon to associate with your provider.
-
-6. In the **Suggestions URL (XML)** box, type the associated search suggestions in XML format.
-
-7. In the **Suggestions URL (JSON)** box, type the associated search suggestions in JavaScript Object Notation format.
-
-8. In the **Accelerator Preview URL** box, type the associated Accelerator preview URL for each provider, if it’s necessary.
-
-9. Check the **Display Search Suggestions for this provider** box to turn on search suggestions for the provider, and then click **OK**.
-
-10. Check the **Search Guide URL Customization** box if you’re going to add your search providers to a custom webpage for your employees. Then, type the URL to the custom webpage in the text box.
-
-11. Click **Edit** to change your search provider information, click **Set Default** to make a search provider the default for your employees, or **Remove** to delete a search provider.
-
-12. Click **Next** to go to the [Important URLs - Home Page and Support](important-urls-home-page-and-support-ieak11-wizard.md) page or **Back** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
deleted file mode 100644
index 6c1c936553..0000000000
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Learn about the security features available in Internet Explorer 11 and IEAK 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Security features and IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Security features and IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use Internet Explorer in conjunction with your new and existing security measures, to make sure the computers in your company aren’t compromised while on the Internet.
-
-## Enhanced Protection Mode
-Extends Protected Mode to further restrict the ability of an attacker to access sensitive or personal information in personal and corporate environments, including:
-
-- Restricting access to higher-level processes in the AppContainer.
-
-- Improving security against memory safety exploits in 64-bit tab processes.
-
-This feature is turned off by default. For more info, see [Enhanced Protected Mode problems with Internet Explorer](../ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md).
-
-## Certificates and Digital Signatures
-Web browsers have security features that help protect users from downloading harmful programs. Depending on the security level and the platform that you are using, the user may be prevented from, or warned against, downloading programs that are not digitally signed. Digital signatures show users where programs come from, verify that the programs have not been altered, and ensure that users do not receive unnecessary warnings when installing the custom browser.
-
-Because of this, the custom .cab files created by the Internet Explorer Customization Wizard should be signed, unless you pre-configure the Local intranet zone with a Low security setting. Any custom components you distribute with your browser package for these platforms should also be signed.
-
-### Understanding digital certificates
-To sign your package and custom programs digitally, you must first obtain a digital certificate. You can obtain a certificate from a certification authority or a privately-controlled certificate server. For more info about obtaining certificates or setting up a certificate server, see the following:
-
-- Microsoft-trusted certification authorities ([Windows root certificate program requirements](/previous-versions//cc751157(v=technet.10))).
-
-- Certificates overview documentation ([Certificates](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732331(v=ws.11))).
-
-- Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732625(v=ws.11))).
-
-- Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771400(v=ws.11))).
-
-After you get a certificate, you should note the public and private keys, which are a matched set of keys that are created by the software publisher for encryption and decryption. They are generated on your device at the time the certificate is requested, and your private key is never sent to the certification authority or any other party.
-
-### Understanding code signing
-Code signing varies, depening on how you plan to distribute your custom install package.
-
-- **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](/dotnet/framework/tools/signtool-exe)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](/previous-versions/9sh96ycy(v=vs.100))). You should read the documentation included with these tools for more info about all of the signing options.
-In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](/previous-versions/windows/hardware/design/dn653556(v=vs.85))).
-
-- **If you plan to distribute your custom packages over an intranet**, sign the custom files or preconfigure the Local intranet zone with a Low security setting, because the default security setting does not allow users to download unsigned programs or code.
-
-### Understanding your private key
-Your device creates two keys during the enrollment process of your digital certificate. One is a public key, which is sent to anyone you want to communicate with, and one is a private key, which is stored on your local device and must be kept secret. You use the private key to encrypt your data and the corresponding public key to decrypt it.
-
-You must keep your private key, private. To do this, we recommend:
-
-- **Separate test and release signing.** Set up a parallel code signing infrastructure, using test certificates created by an internal test root certificate authority. This helps to ensure that your certificates aren’t stored on an insecure build system, reducing the likelihood that they will be compromised.
-
-- **Tamper-proof storage.** Save your private keys on secure, tamper-proof hardware devices.
-
-- **Security.** Protect your private keys using physical security measures, such as cameras and card readers.
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
deleted file mode 100644
index c78a131719..0000000000
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings.
-author: dansimp
-ms.prod: ie11
-ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Security and Privacy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Security and Privacy Settings page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Security and Privacy Settings** page of the Internet Explorer Customization Wizard 11 lets you manage your security zones, privacy settings, and content ratings. These settings help restrict the types of content your employees can access from the Internet, including any content that might be considered offensive or otherwise inappropriate in a corporate setting.
-
-**To use the Security and Privacy Settings page**
-
-1. Decide if you want to customize your security zones and privacy settings. You can pick:
-
- - **Do not customize security zones and privacy.** Pick this option if you don’t want to customize your security zones and privacy settings.
-
- - **Import the current security zones and privacy.** Pick this option to import your security zone and privacy settings from your computer and use them as the preset for your employee’s settings. **Note** **Note** The customizations you make on this page only apply to Internet Explorer for the desktop on Windows 7.
-
-**To use the User Experience page**
-
-1. Choose how your employee should interact with Setup, including:
-
- - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
-
- - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
-
- - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
- Both the hands-free and completely silent installation options will:
-
- - Answer prompts so Setup can continue.
-
- - Accept the license agreement.
-
- - Determine that Internet Explorer 11 is installed and not just downloaded.
-
- - Perform your specific installation type.
-
- - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
-
-2. Choose if your employee’s device will restart at the end of Setup.
-
- - **Default**. Prompts your employees to restart after installing IE.
-
- - **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
-
- - **Force restart**. Automatically restarts the computer after installing IE.
-
-3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
deleted file mode 100644
index c9bb888bed..0000000000
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Internet Settings (.INS) files with IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
-
-Here's a list of the available .INS file settings:
-
-|Setting |Description |
-|-----------------------------------------|------------------------------------------------------------------------------|
-|[Branding](branding-ins-file-setting.md) |Customize the branding and setup information in your browser package. |
-|[BrowserToolbars](browsertoolbars-ins-file-setting.md) |Customize the appearance of the IE toolbar. |
-|[CabSigning](cabsigning-ins-file-setting.md) |Digital signature information for your programs. |
-|[ConnectionSettings](connectionsettings-ins-file-setting.md) |Info about the networking connection settings used to install your custom package. |
-|[CustomBranding](custombranding-ins-file-setting.md) |URL location to your branding cabinet (.cab) file. |
-|[ExtRegInf](extreginf-ins-file-setting.md) |Names of your Setup information (.inf) files and the installation mode for components. |
-|[FavoritesEx](favoritesex-ins-file-setting.md) |Add a path to your icon file for **Favorites**, decide whether **Favorites** are available offline, and add URLs to each**Favorites** site. |
-|[HideCustom](hidecustom-ins-file-setting.md) |Whether to hide the globally unique identifier (GUID) for each custom component. |
-|[ISP_Security](isp-security-ins-file-setting.md) |The root certificate you’re adding to your custom package. |
-|[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
-|[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
-|[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
-|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
deleted file mode 100644
index b6c2cc7087..0000000000
--- a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: dansimp
-ms.author: dansimp
-ms.manager: elizapo
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: What IEAK can do for you
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# What IEAK can do for you
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-
-- Internal
-
-- External
-
-## IEAK 11 users
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-- Internal
-- External
-
-> [!NOTE]
-> IEAK 11 works in network environments, with or without Microsoft Active Directory service.
-
-
-### Corporations
-IEAK helps corporate administrators establish version control, centrally distribute and manage browser installation, configure automatic connection profiles, and customize large portions of Internet Explorer, including features, security, communications settings, and other important functionality.
-
-Corporate administrators install IEAK using Internal mode (for Internet Explorer 10 or newer) or Corporate mode (for Internet Explorer 9 or older).
-
-### Internet service providers
-IEAK helps ISPs customize, deploy and distribute, add third-party add-ons, search providers, and custom components, as well as include web slices and accelerators all as part of a custom Internet Explorer installation package.
-
-ISPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Service Provider (ISP) mode (for Internet Explorer 9 or older).
-
-### Internet content providers
-IEAK helps ICPs customize the appearance of Internet Explorer and its Setup program, including letting you add your company name or specific wording to the Title bar, set up a customer support webpage, set up the user home page and search providers, add links to the Favorites and the Explorer bars, add optional components, web slices and accelerators, and determine which compatibility mode Internet Explorer should use.
-
-ICPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older)
-
-### Independent software vendors
-IEAK helps ISVs distribute (and redistribute) a custom version of Internet Explorer that can include custom components, programs, and controls (like the web browser control) that you create for your users. ISVs can also determine home pages, search providers, and add websites to the Favorites bar.
-
-ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older).
-
-## Additional resources
-
-- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.yml)
-- [Download IEAK 11](ieak-information-and-downloads.md)
-- [IEAK 11 overview](index.md)
-- [IEAK 11 administrators guide](./index.md)
-- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
deleted file mode 100644
index 03de7ed423..0000000000
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
-
-In most cases, your next steps will be to prepare your files for installation from your network or from another distribution method. If you haven’t already done it, you’ll need to digitally sign any program or .cab files that are going to be distributed over the Internet or over an intranet that isn’t configured to allow downloads.
-
-After that, the steps you’ll use to distribute your customized browser will vary, depending on your version of IEAK (Internal or External) and the media you’re using to distribute the package. For more information, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/images/deploy1.png b/browsers/internet-explorer/images/deploy1.png
deleted file mode 100644
index 1e16c46e03..0000000000
Binary files a/browsers/internet-explorer/images/deploy1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/deploy2.png b/browsers/internet-explorer/images/deploy2.png
deleted file mode 100644
index 44b4aad41c..0000000000
Binary files a/browsers/internet-explorer/images/deploy2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/explore1.png b/browsers/internet-explorer/images/explore1.png
deleted file mode 100644
index 3a956dc394..0000000000
Binary files a/browsers/internet-explorer/images/explore1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/explore2.png b/browsers/internet-explorer/images/explore2.png
deleted file mode 100644
index c07bbd197b..0000000000
Binary files a/browsers/internet-explorer/images/explore2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/explore3.png b/browsers/internet-explorer/images/explore3.png
deleted file mode 100644
index 4ea3adee19..0000000000
Binary files a/browsers/internet-explorer/images/explore3.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-deploy.png b/browsers/internet-explorer/images/ie-deploy.png
deleted file mode 100644
index 622d9e250b..0000000000
Binary files a/browsers/internet-explorer/images/ie-deploy.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-explore.png b/browsers/internet-explorer/images/ie-explore.png
deleted file mode 100644
index 184cfdf381..0000000000
Binary files a/browsers/internet-explorer/images/ie-explore.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-manage.png b/browsers/internet-explorer/images/ie-manage.png
deleted file mode 100644
index 51c9cc4aa9..0000000000
Binary files a/browsers/internet-explorer/images/ie-manage.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-plan.png b/browsers/internet-explorer/images/ie-plan.png
deleted file mode 100644
index 9b158a815f..0000000000
Binary files a/browsers/internet-explorer/images/ie-plan.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-support.png b/browsers/internet-explorer/images/ie-support.png
deleted file mode 100644
index 4152163abc..0000000000
Binary files a/browsers/internet-explorer/images/ie-support.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/informed1.png b/browsers/internet-explorer/images/informed1.png
deleted file mode 100644
index a1f1f0b0fe..0000000000
Binary files a/browsers/internet-explorer/images/informed1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/informed2.png b/browsers/internet-explorer/images/informed2.png
deleted file mode 100644
index 544ad83db6..0000000000
Binary files a/browsers/internet-explorer/images/informed2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage1.png b/browsers/internet-explorer/images/manage1.png
deleted file mode 100644
index df84f05983..0000000000
Binary files a/browsers/internet-explorer/images/manage1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage2.png b/browsers/internet-explorer/images/manage2.png
deleted file mode 100644
index 94d111e32c..0000000000
Binary files a/browsers/internet-explorer/images/manage2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage3.png b/browsers/internet-explorer/images/manage3.png
deleted file mode 100644
index c0043c5a8e..0000000000
Binary files a/browsers/internet-explorer/images/manage3.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage4.png b/browsers/internet-explorer/images/manage4.png
deleted file mode 100644
index 20af91d5a5..0000000000
Binary files a/browsers/internet-explorer/images/manage4.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/plan1.png b/browsers/internet-explorer/images/plan1.png
deleted file mode 100644
index 1bf8e4264e..0000000000
Binary files a/browsers/internet-explorer/images/plan1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/plan2.png b/browsers/internet-explorer/images/plan2.png
deleted file mode 100644
index 95103ecc5b..0000000000
Binary files a/browsers/internet-explorer/images/plan2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/support1.png b/browsers/internet-explorer/images/support1.png
deleted file mode 100644
index e771ed999a..0000000000
Binary files a/browsers/internet-explorer/images/support1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/support2.png b/browsers/internet-explorer/images/support2.png
deleted file mode 100644
index 9841cf1962..0000000000
Binary files a/browsers/internet-explorer/images/support2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/support3.png b/browsers/internet-explorer/images/support3.png
deleted file mode 100644
index a3a0425c73..0000000000
Binary files a/browsers/internet-explorer/images/support3.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/twitter.png b/browsers/internet-explorer/images/twitter.png
deleted file mode 100644
index 3b30a9a1cc..0000000000
Binary files a/browsers/internet-explorer/images/twitter.png and /dev/null differ
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
deleted file mode 100644
index 2ba0956295..0000000000
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-author: aczechowski
-ms.author: aaroncz
-ms.date: 02/14/2023
-ms.reviewer: cathask
-manager: aaroncz
-ms.prod: ie11
-ms.topic: include
----
-
-> [!CAUTION]
-> **Update:** The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
deleted file mode 100644
index 7aeb739bc8..0000000000
--- a/browsers/internet-explorer/index.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-ms.mktglfcycl: deploy
-description: The landing page for IE11 that lets you access the documentation.
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-ms.prod: ie11
-title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-
-# Internet Explorer 11 (IE11)
-Find info about Internet Explorer 11 that's important to IT Pros.
-
-- [Internet Explorer 11 - FAQ for IT Pros](ie11-faq/faq-for-it-pros-ie11.yml)
-
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](ie11-deploy-guide/index.md)
-
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](ie11-ieak/index.md)
-
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
deleted file mode 100644
index 17eee2393b..0000000000
--- a/browsers/internet-explorer/internet-explorer.yml
+++ /dev/null
@@ -1,151 +0,0 @@
-### YamlMime:Landing
-
-title: Internet Explorer 11 documentation
-summary: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
-metadata:
- title: Internet Explorer 11 documentation
- description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
- ms.topic: landing-page
- author: aczechowski
- ms.author: aaroncz
- ms.date: 07/29/2022
- ms.prod: ie11
-
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
-
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
- # Card
- - title: Explore
- linkLists:
- - linkListType: get-started
- links:
- - text: IE11 features and tools
- url: ./ie11-deploy-guide/updated-features-and-tools-with-ie11.md
- - text: System requirements and language support
- url: ./ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
- - text: Frequently asked questions
- url: ./ie11-faq/faq-for-it-pros-ie11.yml
- - text: Internet Explorer 11 deployment guide
- url: ./ie11-deploy-guide/index.md
- - text: Use Enterprise Mode to improve compatibility
- url: /microsoft-edge/deploy/emie-to-improve-compatibility
- - text: Lifecycle FAQ - Internet Explorer
- url: /lifecycle/faq/internet-explorer-microsoft-edge
- - linkListType: download
- links:
- - text: Enterprise Mode Site List Manager (schema, v.2)
- url: https://www.microsoft.com/download/details.aspx?id=49974
- - text: Cumulative security updates for Internet Explorer 11
- url: https://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011
-
- # Card
- - title: Plan
- linkLists:
- - linkListType: get-started
- links:
- - text: What is Enterprise Mode?
- url: ./ie11-deploy-guide/what-is-enterprise-mode.md
- - text: Tips and tricks to manage Internet Explorer compatibility
- url: ./ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
- - text: Download the Enterprise Site Discovery Toolkit
- url: https://www.microsoft.com/download/details.aspx?id=44570
- - text: Collect data using Enterprise Site Discovery
- url: ./ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
- - text: Manage Windows upgrades with Upgrade Readiness
- url: /windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness
- - linkListType: how-to-guide
- links:
- - text: Turn on Enterprise Mode and use a site list
- url: ./ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
- - text: Add sites to the Enterprise Mode site list
- url: ./ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
- - text: Edit the Enterprise Mode site list
- url: ./ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
- - text: Turn on local control and logging for Enterprise Mode
- url: ./ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
-
- # Card
- - title: Deploy
- linkLists:
- - linkListType: get-started
- links:
- - text: IEAK 11 user's guide
- url: ./ie11-ieak/index.md
- - text: Download IEAK 11
- url: ./ie11-ieak/ieak-information-and-downloads.md
- - text: Frequently asked questions about IEAK 11
- url: ./ie11-faq/faq-ieak11.yml
- - text: Customization and distribution guidelines
- url: ./ie11-ieak/licensing-version-and-features-ieak11.md#customization-guidelines
- - linkListType: deploy
- links:
- - text: Install Internet Explorer 11 through automatic updates (recommended)
- url: ./ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
- - text: Install Internet Explorer 11 as part of an operating system deployment
- url: ./ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
- - text: Install Internet Explorer 11 over the network
- url: ./ie11-deploy-guide/install-ie11-using-the-network.md
- - text: Install Internet Explorer 11 with System Center 2012 R2 Configuration Manager
- url: ./ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
- - text: Install Internet Explorer 11 with Windows Server Update Services (WSUS)
- url: ./ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
- - text: Install Internet Explorer 11 with Microsoft Intune
- url: ./ie11-deploy-guide/install-ie11-using-microsoft-intune.md
- - text: Install Internet Explorer 11 with third-party tools
- url: ./ie11-deploy-guide/install-ie11-using-third-party-tools.md
-
- # Card
- - title: Manage
- linkLists:
- - linkListType: tutorial
- links:
- - text: Group Policy for beginners
- url: /previous-versions/windows/it-pro/windows-7/hh147307(v=ws.10)
- - text: New Group Policy settings for IE11
- url: ./ie11-deploy-guide/new-group-policy-settings-for-ie11.md
- - text: Administrative templates for IE11
- url: https://www.microsoft.com/download/details.aspx?id=40905
- - text: Group Policy preferences for IE11
- url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
- - text: Configure Group Policy preferences
- url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
- - text: Blocked out-of-date ActiveX controls
- url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
- - text: Out-of-date ActiveX control blocking
- url: ./ie11-deploy-guide/out-of-date-activex-control-blocking.md
- - text: Update to block out-of-date ActiveX controls in Internet Explorer
- url: https://support.microsoft.com/topic/update-to-block-out-of-date-activex-controls-in-internet-explorer-39ced8f8-5d98-3c7b-4792-b62fad4e2277
-
- # Card
- - title: Support
- linkLists:
- - linkListType: get-started
- links:
- - text: Change or reset Internet Explorer settings
- url: https://support.microsoft.com/windows/change-or-reset-internet-explorer-settings-2d4bac50-5762-91c5-a057-a922533f77d5
- - text: Troubleshoot problems with setup, installation, auto configuration, and more
- url: ./ie11-deploy-guide/troubleshoot-ie11.md
- - text: Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
- url: https://support.microsoft.com/topic/option-to-disable-vbscript-execution-in-internet-explorer-for-internet-zone-and-restricted-sites-zone-3a2104c0-5af0-9aae-6c57-8207d3cb3e65
- - text: Frequently asked questions about IEAK 11
- url: ./ie11-faq/faq-ieak11.yml
- - text: Internet Explorer 8, 9, 10, 11 forum
- url: https://social.technet.microsoft.com/forums/ie/home?forum=ieitprocurrentver
- - text: Contact a Microsoft support professional
- url: https://support.microsoft.com/contactus
- - text: General support
- url: https://support.microsoft.com/windows/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2
-
- # Card
- - title: Stay informed
- linkLists:
- - linkListType: get-started
- links:
- - text: Sign up for the Windows IT Pro Insider
- url: https://aka.ms/windows-it-pro-insider
- - text: Microsoft Edge Dev blog
- url: https://blogs.windows.com/msedgedev
- - text: Microsoft Edge Dev on Twitter
- url: https://twitter.com/MSEdgeDev
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
deleted file mode 100644
index fc5a540272..0000000000
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ /dev/null
@@ -1,241 +0,0 @@
-### YamlMime:FAQ
-metadata:
- title: IE and Microsoft Edge FAQ for IT Pros
- description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
- manager: msmets
- author: ramakoni1
- ms.author: ramakoni
- ms.reviewer: ramakoni, DEV_Triage
- ms.service: internet-explorer
- ms.technology:
- ms.topic: faq
- ms.localizationpriority: medium
- ms.date: 01/23/2020
-title: Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
-summary: |
-
-sections:
- - name: Cookie-related questions
- questions:
- - question: |
- What is a cookie?
- answer: |
- An HTTP cookie (the web cookie or browser cookie) is a small piece of data that a server sends to the user's web browser. The web browser may store the cookie and return it to the server together with the next request. For example, a cookie might be used to indicate whether two requests come from the same browser in order to allow the user to remain logged-in. The cookie records stateful information for the stateless HTTP protocol.
-
- - question: |
- How does Internet Explorer handle cookies?
- answer: |
- For more information about how Internet Explorer handles cookies, see the following articles:
-
- - [Beware Cookie Sharing in Cross-Zone Scenarios](/archive/blogs/ieinternals/beware-cookie-sharing-in-cross-zone-scenarios)
- - [A Quick Look at P3P](/archive/blogs/ieinternals/a-quick-look-at-p3p)
- - [Internet Explorer Cookie Internals FAQ](/archive/blogs/ieinternals/internet-explorer-cookie-internals-faq)
- - [Privacy Beyond Blocking Cookies](/archive/blogs/ie/privacy-beyond-blocking-cookies-bringing-awareness-to-third-party-content)
- - [Description of Cookies](https://support.microsoft.com/help/260971/description-of-cookies)
-
- - question: |
- Where does Internet Explorer store cookies?
- answer: |
- To see where Internet Explorer stores its cookies, follow these steps:
-
- 1. Start File Explorer.
- 2. Select **Views** \> **Change folder and search options**.
- 3. In the **Folder Options** dialog box, select **View**.
- 4. In **Advanced settings**, select **Do not show hidden files, folders, or drivers**.
- 5. Clear **Hide protected operation system files (Recommended)**.
- 6. Select **Apply**.
- 7. Select **OK**.
-
- The following are the folder locations where the cookies are stored:
-
- **In Windows 10**
- C:\Users\username\AppData\Local\Microsoft\Windows\INetCache
-
- **In Windows 8 and Windows 8.1**
- C:\Users\username\AppData\Local\Microsoft\Windows\INetCookies
-
- **In Windows 7**
- C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies
- C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies\Low
-
- - question: |
- What is the per-domain cookie limit?
- answer: |
- Since the June 2018 cumulative updates for Internet Explorer and Microsoft Edge, the per-domain cookie limit is increased from 50 to 180 for both browsers. The cookies vary by path. So, if the same cookie is set for the same domain but for different paths, it's essentially a new cookie.
-
- There's still a 5 Kilobytes (KB) limit on the size of the cookie header that is sent out. This limit can cause some cookies to be lost after they exceed that value.
-
- The JavaScript limitation was updated to 10 KB from 4 KB.
-
- For more information, see [Internet Explorer Cookie Internals (FAQ)](/archive/blogs/ieinternals/internet-explorer-cookie-internals-faq).
-
- - name: Additional information about cookie limits
- questions:
- - question: |
- What does the Cookie RFC allow?
- answer: |
- RFC 2109 defines how cookies should be implemented, and it defines minimum values that browsers support. According to the RFC, browsers would ideally have no limits on the size and number of cookies that a browser can handle. To meet the specifications, the user agent should support the following:
-
- - At least 300 cookies total
- - At least 20 cookies per unique host or domain name
-
- For practicality, individual browser makers set a limit on the total number of cookies that any one domain or unique host can set. They also limit the total number of cookies that can be stored on a computer.
-
- - question: |
- Cookie size limit per domain
- answer: |
- Some browsers also limit the amount of space that any one domain can use for cookies. This means that if your browser sets a limit of 4,096 bytes per domain for cookies, 4,096 bytes is the maximum available space in that domain even though you can set up to 180 cookies.
-
- - name: Proxy Auto Configuration (PAC)-related questions
- questions:
- - question: |
- Is an example Proxy Auto Configuration (PAC) file available?
- answer: |
- Here's a simple PAC file:
-
- ```vb
- function FindProxyForURL(url, host)
- {
- return "PROXY proxyserver:portnumber";
- }
- ```
-
- > [!NOTE]
- > The previous PAC always returns the `proxyserver:portnumber` proxy.
-
- For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
-
- **Third-party information disclaimer**
- The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
-
- - question: |
- How to improve performance by using PAC scripts
- answer: |
- For more information, see [Optimizing performance with automatic Proxy configuration scripts (PAC)](/troubleshoot/developer/browsers/connectivity-navigation/optimize-pac-performance).
-
- - name: Other questions
- questions:
- - question: |
- How to set home and start pages in Microsoft Edge and allow user editing
- answer: |
- For more information, see the following blog article:
-
- [How do I set the home page in Microsoft Edge?](https://support.microsoft.com/microsoft-edge/change-your-browser-home-page-a531e1b8-ed54-d057-0262-cc5983a065c6)
-
- - question: |
- How to add sites to the Enterprise Mode (EMIE) site list
- answer: |
- For more information about how to add sites to an EMIE list, see [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](../ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md).
-
- - question: |
- What is Content Security Policy (CSP)?
- answer: |
- By using [Content Security Policy](/microsoft-edge/dev-guide/security/content-security-policy), you create an allowlist of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
-
- Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
-
- CSP2 makes these scenarios easier to manage by adding support for nonces and hashes for script and style resources. A nonce is a cryptographically strong random value that is generated on each page load that appears in both the CSP policy and in the script tags on the page. Using nonces can help minimize the need to maintain a list of allowed source URL values while also allowing trusted scripts that are declared in script elements to run.
-
- For more information, see the following articles:
-
- - [Introducing support for Content Security Policy Level 2](https://blogs.windows.com/msedgedev/2017/01/10/edge-csp-2/)
- - [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
-
- - question: |
- Where to find Internet Explorer security zones registry entries
- answer: |
- Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries).
-
- This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
-
- The default Zone Keys are stored in the following locations:
-
- - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
- - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
-
- - question: |
- Why don't HTML5 videos play in Internet Explorer 11?
- answer: |
- To play HTML5 videos in the Internet Zone, use the default settings or make sure that the registry key value of **2701** under **Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3** is set to **0**.
-
- - 0 (the default value): Allow
- - 3: Disallow
-
- This key is read by the **URLACTION\_ALLOW\_AUDIO\_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone.
-
- For more information, see [Unable to play HTML5 Videos in IE](/archive/blogs/askie/unable-to-play-html5-videos-in-ie).
-
- For Windows 10 N and Windows KN editions, you must also download the feature pack that is discussed in [Media feature pack for Windows 10 N and Windows 10 KN editions](https://support.microsoft.com/help/3010081/media-feature-pack-for-windows-10-n-and-windows-10-kn-editions).
-
- For more information about how to check Windows versions, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-version-am-i-running)
-
- - question: |
- What is the Enterprise Mode Site List Portal?
- answer: |
- This is a new feature to add sites to your enterprise mode site list XML. For more information, see [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
-
- - question: |
- What is Enterprise Mode Feature?
- answer: |
- For more information, see [Enterprise Mode and the Enterprise Mode Site List](../ie11-deploy-guide/what-is-enterprise-mode.md).
-
- - question: |
- Where can I obtain a list of HTTP Status codes?
- answer: |
- For information about this list, see [HTTP Status Codes](/windows/win32/winhttp/http-status-codes).
-
- - question: |
- What is end of support for Internet Explorer 11?
- answer: |
- Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it's installed.
-
- For more information, see [Lifecycle FAQ - Internet Explorer and Microsoft Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
-
- - question: |
- How to configure TLS (SSL) for Internet Explorer
- answer: |
- For more information about how to configure TLS/SSL for Internet Explorer, see [Group Policy Setting to configure TLS/SSL](https://gpsearch.azurewebsites.net/#380).
-
- - question: |
- What is Site to Zone?
- answer: |
- Site to Zone usually refers to one of the following:
-
- **Site to Zone Assignment List**
- This is a Group Policy policy setting that can be used to add sites to the various security zones.
-
- The Site to Zone Assignment List policy setting associates sites to zones by using the following values for the Internet security zones:
-
- - Intranet zone
- - Trusted Sites zone
- - Internet zone
- - Restricted Sites zone
-
- If you set this policy setting to **Enabled**, you can enter a list of sites and their related zone numbers. By associating a site to a zone, you can make sure that the security settings for the specified zone are applied to the site.
-
- **Site to Zone Mapping**
- Site to Zone Mapping is stored as the name of the key. The protocol is a registry value that has a number that assigns it to the corresponding zone. Internet Explorer will read from the following registry subkeys for the sites that are deployed through the Site to Zone assignment list:
-
- - HKEY\_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
- - HKEY\_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
-
- **Site to Zone Assignment List policy**
- This policy setting is available for both Computer Configuration and User Configuration:
-
- - Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
- - User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
-
- **References**
- [How to configure Internet Explorer security zone sites using group policies](/archive/blogs/askie/how-to-configure-internet-explorer-security-zone-sites-using-group-polices)
-
- - question: |
- What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
- answer: |
- For more information about these settings and limits, see [Connectivity Enhancements in Windows Internet Explorer 8](/previous-versions/cc304129(v=vs.85)).
-
- - question: |
- What is the MaxConnectionsPerProxy setting, and what are the maximum allowed values for this setting?
- answer: |
- The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server.
-
- For more information, see [Understanding Connection Limits and New Proxy Connection Limits in WinInet and Internet Explorer](/archive/blogs/jpsanders/understanding-connection-limits-and-new-proxy-connection-limits-in-wininet-and-internet-explorer).
diff --git a/education/docfx.json b/education/docfx.json
index 60af34def4..cc2b912248 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -29,13 +29,12 @@
"globalMetadata": {
"recommendations": true,
"adobe-target": true,
- "ms.topic": "article",
"ms.collection": [
"education",
"tier2"
],
- "ms.prod": "windows-client",
- "ms.technology": "itpro-edu",
+ "ms.subservice": "itpro-edu",
+ "ms.service": "windows-client",
"author": "paolomatarazzo",
"ms.author": "paoloma",
"manager": "aaroncz",
@@ -43,7 +42,7 @@
"breadcrumb_path": "/education/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-Windows",
"feedback_system": "Standard",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.education",
@@ -51,30 +50,25 @@
}
},
"titleSuffix": "Windows Education",
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "Kellylorenebaker",
+ "contributors_to_exclude": [
+ "dstrome2",
+ "rjagiewich",
+ "American-Dipper",
+ "claydetels19",
"jborsecnik",
- "tiburd",
- "AngelaMotherofDragons",
- "dstrome",
- "v-dihans",
- "garycentric",
- "v-stsavell",
- "beccarobins",
+ "v-stchambers",
+ "shdyas",
"Stacyrch140",
- "American-Dipper"
+ "garycentric",
+ "dstrome"
]
},
"fileMetadata": {
- "appliesto":{
+ "appliesto": {
"windows/**/*.md": [
- "✅ Windows 11",
- "✅ Windows 11 SE",
- "✅ Windows 10"
+ "✅ Windows 11",
+ "✅ Windows 11 SE",
+ "✅ Windows 10"
]
}
},
@@ -82,5 +76,5 @@
"template": "op.html",
"dest": "education",
"markdownEngineName": "markdig"
-}
-}
+ }
+}
\ No newline at end of file
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 9a93fa8064..e367821ba4 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,13 +2,27 @@
-## Week of December 11, 2023
+## Week of January 29, 2024
| Published On |Topic title | Change |
|------|------------|--------|
-| 12/12/2023 | Chromebook migration guide | removed |
-| 12/12/2023 | Deploy Windows 10 in a school district | removed |
-| 12/12/2023 | Deploy Windows 10 in a school | removed |
-| 12/12/2023 | Windows 10 for Education | removed |
-| 12/12/2023 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
+| 1/30/2024 | [Microsoft 365 Education Documentation](/education/index) | modified |
+
+
+## Week of January 15, 2024
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 1/16/2024 | Deployment recommendations for school IT administrators | removed |
+| 1/16/2024 | Microsoft Entra join with Set up School PCs app | removed |
+| 1/16/2024 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
+| 1/16/2024 | Set up student PCs to join domain | removed |
+| 1/16/2024 | Provision student PCs with apps | removed |
+| 1/16/2024 | Set up Windows devices for education | removed |
+| 1/16/2024 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | modified |
+| 1/16/2024 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | modified |
+| 1/16/2024 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | modified |
+| 1/16/2024 | [Set up Microsoft Entra ID](/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id) | modified |
+| 1/16/2024 | Windows 10 editions for education customers | removed |
diff --git a/education/index.yml b/education/index.yml
index a79c5f8617..adc8d30041 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -14,7 +14,7 @@ productDirectory:
title: For IT admins
summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
items:
- # Card
+ # Card
- title: Phase 1 - Cloud deployment
imageSrc: ./images/EDU-Deploy.svg
summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your Active Directory and SIS, and license users.
@@ -24,12 +24,12 @@ productDirectory:
imageSrc: ./images/EDU-Device-Mgmt.svg
summary: Get started with Windows for Education, set up and enroll devices in Intune.
url: /microsoft-365/education/deploy/set-up-windows-10-education-devices
- # Card
+ # Card
- title: Phase 3 - Apps management
imageSrc: ./images/EDU-Apps-Mgmt.svg
summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft.
url: /microsoft-365/education/deploy/configure-admin-settings
- # Card
+ # Card
- title: Phase 4 - Complete your deployment
# imageSrc should be square in ratio with no whitespace
imageSrc: ./images/EDU-Tasks.svg
@@ -51,7 +51,7 @@ productDirectory:
text: Microsoft Purview compliance
- url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
text: Deploying Lockbox
- # Card
+ # Card
- title: Analytics & insights
imageSrc: ./images/EDU-Education.svg
links:
@@ -59,7 +59,7 @@ productDirectory:
text: Power BI for IT admins
- url: /dynamics365/
text: Dynamics 365
- # Card
+ # Card
- title: Find deployment help and other support resources
imageSrc: ./images/EDU-Teachers.svg
links:
@@ -69,14 +69,6 @@ productDirectory:
text: Education help center
- url: /training/educator-center/
text: Teacher training packs
- # Card
- - title: Check out our education journey
- imageSrc: ./images/EDU-ITJourney.svg
- links:
- - url: https://edujourney.microsoft.com/k-12/
- text: K-12
- - url: https://edujourney.microsoft.com/hed/
- text: Higher education
additionalContent:
sections:
diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md
index 8f3304ae76..75606b7b94 100644
--- a/education/windows/configure-aad-google-trust.md
+++ b/education/windows/configure-aad-google-trust.md
@@ -26,7 +26,7 @@ To test federation, the following prerequisites must be met:
1. A Google Workspace environment, with users already created
> [!IMPORTANT]
> Users require an email address defined in Google Workspace, which is used to match the users in Microsoft Entra ID.
- > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-azure-ad).
+ > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-microsoft-entra-id).
1. Individual Microsoft Entra accounts already created: each Google Workspace user will require a matching account defined in Microsoft Entra ID. These accounts are commonly created through automated solutions, for example:
- School Data Sync (SDS)
- Microsoft Entra Connect Sync for environment with on-premises AD DS
diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md
index 79b60c3c9e..ba510327cf 100644
--- a/education/windows/edu-take-a-test-kiosk-mode.md
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@@ -171,7 +171,7 @@ $cimObject.HideFastUserSwitching = 1
Set-CimInstance -CimInstance $cimObject
```
-#### [:::image type="icon" source="images/icons/windows-os.svg"::: **Settings app**](#tab/win)
+#### [:::image type="icon" source="images/icons/settings.svg"::: **Settings app**](#tab/settings)
To create a local account, and configure Take a Test in kiosk mode using the Settings app:
@@ -189,7 +189,7 @@ To create a local account, and configure Take a Test in kiosk mode using the Set
1. Under **Test taking settings** select the options you want to enable during the test
- To enable printing, select **Require printing**
- > [!NOTE]
+ > [!NOTE]
> Make sure a printer is pre-configured on the Take a Test account if you're enabling this option.
- To enable teachers to monitor screens, select **Allow screen monitoring**
@@ -198,7 +198,7 @@ To create a local account, and configure Take a Test in kiosk mode using the Set
1. To take the test, a student must sign in using the test-taking account selected in step 4
:::image type="content" source="./images/takeatest/login-screen-take-a-test-single-pc.png" alt-text="Windows 11 SE login screen with the take a test account." border="true":::
- > [!NOTE]
+ > [!NOTE]
> To sign-in with a local account on a device that is joined to Microsoft Entra ID or Active Directory, you must prefix the username with either ` The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the **\Device\Physical** memory information..|
+|BIOSRead|This problem is indicated when an application can't access the **Device\PhysicalMemory** object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems. The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the **\Device\Physical** memory information.|
|BlockRunasInteractiveUser|This problem occurs when **InstallShield** creates installers and uninstallers that fail to complete and that generate error messages or warnings. The fix blocks **InstallShield** from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. The fix intercepts the **SHGetFolder**path request to the common **appdata** file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.|
+|ChangeFolderPathToXPStyle|This fix is required when an application can't return shell folder paths when it uses the **SHGetFolder** API. The fix intercepts the **SHGetFolder**path request to the common **appdata** file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.|
|ClearLastErrorStatusonIntializeCriticalSection|This fix is indicated when an application fails to start. The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS.|
|CopyHKCUSettingsFromOtherUsers|This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: Software\MyCompany\Key1^Software\MyCompany\Key2. The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted.|
-|CorrectFilePaths|The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. The fixmodifies the file path names to point to a new location on the hard disk. The fix corrects the file paths that are used by the uninstallation process of an application. The fixintercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted.|
+|CorrectFilePaths|This problem occurs when: The fix modifies the file path names to point to a new location on the hard disk. The fix corrects the file paths that are used by the uninstallation process of an application. The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. You can control this fix further by typing the following command at the command prompt: `DLL_Name;Flag_Type;Hexidecimal_Value` The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. You can control this fix further by typing the following command at the command prompt: `Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2` The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. You can control this fix further by typing the following command at the command prompt: For example, 9.0.c.|
-|DetectorDWM8And16Bit|This fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 .|
-|Disable8And16BitD3D|This fix improves performance of 8/16-bit color applications that render using D3D and do not mix direct draw.|
+|DeprecatedServiceShim|The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays. The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. You can control this fix further by typing the following command at the command prompt: `Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2` where: The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. You can control this fix further by typing the following command at the command prompt: For example, 9.0.c.|
+|DetectorDWM8And16Bit|This fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes aren't supported in Windows 8 .|
+|Disable8And16BitD3D|This fix improves performance of 8/16-bit color applications that render using D3D and don't mix direct draw.|
|Disable8And16BitModes|This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes.|
-|DisableDWM|The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. The fix disables the fade animations functionality for unsupported applications.|
-|DisableThemeMenus|The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.|
-|DisableWindowsDefender|The fix disables Windows Defender for security applications that do not work with Windows Defender.|
-|DWM8And16BitMitigation|The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8.|
+|DisableDWM|The problem occurs when some objects aren't drawn or object artifacts remain on the screen in an application. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. The fix disables the fade animations functionality for unsupported applications.|
+|DisableThemeMenus|The problem occurs when an application behaves unpredictably when it tries to detect and use the correct Windows settings. The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.|
+|DisableWindowsDefender|The fix disables Windows Defender for security applications that don't work with Windows Defender.|
+|DWM8And16BitMitigation|The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes aren't supported in Windows 8.|
|DXGICompat|The fix allows application-specific compatibility instructions to be passed to the DirectX engine.|
|DXMaximizedWindowedMode|Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D.|
-|ElevateCreateProcess|The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. The fixhandles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code is returned unchanged. The fix exchanges the PathIsUNC function to return a value of True for UNC paths in Windows.|
-|EmulateGetDiskFreeSpace|The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual-free space amount. The fix determines the amount of free space. If the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB. However, if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual-free space amount. The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function.|
+|EnableRestarts|The problem is indicated when an application and computer appear to hang because processes can't end to allow the computer to complete its restart processes. The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. The fix invokes the AddRef() method on the Desktop folder, which the SHGetDesktopFolder function returns, to counteract the problem.|
|FailObsoleteShellAPIs|The problem occurs when an application fails because it generated deprecated API calls. The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. The fixcan resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.|
-|FakeLunaTheme|The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna). The fixenables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.|
+|FailRemoveDirectory|The problem occurs when an application uninstall process doesn't remove all of the application files and folders. This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path - no partial paths are supported. The fix resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.|
+|FakeLunaTheme|The problem occurs when a theme application doesn't properly display: the colors are washed out or the user interface isn't detailed. The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna). The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.|
|FontMigration|The fix replaces an application-requested font with a better font selection, to avoid text truncation.|
|ForceAdminAccess|The problem occurs when an application fails to function during an explicit administrator check. The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. The fix exchanges GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly formed file path when it tries to retrieve the drive type on which the file path exists.|
-|GlobalMemoryStatusLie|The problem is indicated by a Computer memory full error message that displays when you start an application. The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size.|
-|HandleBadPtr|The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the more parameter validation.|
-|HandleMarkedContentNotIndexed|The problem is indicated by an application that fails when it changes an attribute on a file or directory. The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.|
+|GetDriveTypeWHook|The application presents unusual behavior during installation; for example, the setup program states that it can't install to a user-specified location. The fix exchanges GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly formed file path when it tries to retrieve the drive type on which the file path exists.|
+|GlobalMemoryStatusLie|The problem occurs when a Computer memory full error message that displays when you start an application. The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size.|
+|HandleBadPtr|The problem occurs when an access violation error message that displays because an API is performing pointer validation before it uses a parameter. The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the more parameter validation.|
+|HandleMarkedContentNotIndexed|The problem occurs when an application that fails when it changes an attribute on a file or directory. The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory. The fix then resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.|
|HeapClearAllocation|The problem is indicated when the allocation process shuts down unexpectedly. The fix uses zeros to clear out the heap allocation for an application.|
|IgnoreAltTab|The problem occurs when an application fails to function when special key combinations are used. The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW, and FindFirstFileA APIs to prevent them from returning directory junctions. The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. You can control this fix further by typing the following command at the command prompt: `Exception1;Exception2` **Important:** You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience more compatibility issues if you choose to incorrectly ignore an exception. Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior.|
+|IgnoreChromeSandbox|The fix allows Google Chrome to run on systems where ntdll is loaded above 4 GB.|
+|IgnoreDirectoryJunction|The problem occurs when a read or access violation error message that displays when an application tries to find or open files. The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW, and FindFirstFileA APIs to prevent them from returning directory junctions. The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. You can control this fix further by typing the following command at the command prompt: `Exception1;Exception2` **Important:** You should use this compatibility fix only if you're certain that it's acceptable to ignore the exception. You might experience more compatibility issues if you choose to incorrectly ignore an exception. Before the C runtime library supported floating point SSE2, it ignored the rounding control request and used the round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior.|
|IgnoreFontQuality|The problem occurs when application text appears to be distorted. The fix enables color-keyed fonts to properly work with anti-aliasing.|
-|IgnoreMessageBox|The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system anytime that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID.|
+|IgnoreMessageBox|The problem occurs when a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system anytime that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix ignores the registered MSOXMLMF and fails the CoGetClassObject for its CLSID.|
|IgnoreSetROP2|The fix ignores read-modify-write operations on the desktop to avoid performance issues.|
-|InstallComponent|The fix prompts the user to install.Net 3.5 or .NET 2.0 because .NET is not included with Windows 8.|
+|InstallComponent|The fix prompts the user to install.Net 3.5 or .NET 2.0 because .NET isn't included with Windows 8.|
|LoadLibraryRedirect|The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application.|
|LocalMappedObject|The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. The fix intercepts the function call to create the object and replaces the word Global with Local. The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installationenabling the uninstallation to occur later. The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue.|
-|OpenDirectoryAcl|The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. The fix reduces the security privilege levels on a specified set of files and folders. The fix reduces the security privilege levels on a specified set of files and folders. The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it's the only instance running. The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes.|
-|ProtectedAdminCheck|The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only.|
-|RedirectCRTTempFile|The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory.|
-|RedirectHKCUKeys|The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.|
-|RedirectMP3Codec|This problem occurs when you cannot play MP3 files. The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version.|
-|RedirectShortcut|The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users. This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. You cannot apply this fix to an .exe file that includes a manifest and provides a run level.|
-|RelaunchElevated|The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. The fix retries the call and requests a more restricted set of rights that include the following: The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work The fix addresses the issues that occur when applications use non-standard Administrator checks. This issue can result in false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but the SID is set as deny-only.|
+|RedirectCRTTempFile|The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume. The fix instead redirects the calls to a temporary file in the user's temporary directory.|
+|RedirectHKCUKeys|The problem occurs when an application can't be accessed because of User Account Control (UAC) restrictions. The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.|
+|RedirectMP3Codec|This problem occurs when you can't play MP3 files. The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version.|
+|RedirectShortcut|The problem occurs when an application's shortcut can't be accessed, or the application uninstallation process doesn't remove application shortcuts. The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users. This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user can't access the shortcuts. You can't apply this fix to an .exe file that includes a manifest and provides a run level.|
+|RelaunchElevated|The problem occurs when installers, uninstallers, or updaters fail when they're started from a host application. The fix enables a child .exe file to run with elevated privileges when it's difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. The fix retries the call and requests a more restricted set of rights that include the following items: The fix retries the OpenService() API call and verifies that the user has Administrator rights, isn't a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this fix to work The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. The fix enables the application to run by using the highest available permissions. This fix is the equivalent of specifying highestAvailable in an application manifest. The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This fix is the equivalent of specifying asInvoker in an application manifest. At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. **Important:** Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. **Important:** Users can't sign in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. You can control this fix further by typing the following command at the command prompt:`Client;Protocol;App` The fixdisables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup.|
+|SetupCommitFileQueueIgnoreWow|The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers. The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup.|
|SharePointDesigner2007|The fix resolves an application bug that severely slows the application when it runs in DWM.|
-|ShimViaEAT|The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. The fixapplies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. The fixintercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window.|
-|SierraWirelessHideCDROM|The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck.|
+|ShimViaEAT|The problem occurs when an application fails, even after applying a compatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window.|
+|SierraWirelessHideCDROM|The fix repairs the Sierra Wireless Driver installation preventing bugcheck.|
|Sonique2|The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value.|
-|SpecificInstaller|The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. The fixflags the application as being an installer file (for example, setup.exe), and then prompts for elevation. The fixflags the application to exclude it from detection by the GenericInstaller function. The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation. The fix flags the application to exclude it from detection by the GenericInstaller function. The fixenables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: `MessageString1 MessageString2` The fixenables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: `1055 1056 1069` Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: `MessageString1 MessageString2` The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. You can control this fix further by typing the following command at the command prompt: `1055 1056 1069` Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. The fixenables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. For more detailed information about this application fix, see [Using the VirtualRegistry Fix](/previous-versions/windows/it-pro/windows-7/cc749368(v=ws.10)).|
-|VirtualizeDeleteFile|The problem occurs when several error messages display and the application cannot delete files. The fixmakes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. The fixredirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. The fixenables the application to ignore the format error and continue to function properly.|
-|WerDisableReportException|The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message.|
+|VirtualizeDesktopPainting|This fix improves the performance of several operations on the Desktop DC while using DWM.|
+|VirtualRegistry|The problem is indicated when a Component failed to be located error message displays when an application is started. The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. For more detailed information about this application fix, see [Using the VirtualRegistry Fix](/previous-versions/windows/it-pro/windows-7/cc749368(v=ws.10)).|
+|VirtualizeDeleteFile|The problem occurs when several error messages display and the application can't delete files. The fix makes the application's DeleteFile function call a virtual call to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This fix operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application isn't elevated and is ignored if the application is elevated. You typically use this compatibility fix with the VirtualizeRegisterTypeLib fix. The fix enables the application to ignore the format error and continue to function properly.|
+|WerDisableReportException|The fix turns off the silent reporting of exceptions, including those exceptions reported by Object Linking and Embedding-Database (OLE DB), to the Windows Error Reporting tool. The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message.|
|Win7RTM/Win8RTM|The layer provides the application with Windows 7/Windows 8 compatibility mode.|
-|WinxxRTMVersionLie|The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer.|
-|Wing32SystoSys32|The problem is indicated by an error message that states that the WinG library was not properly installed. The fixdetects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. **Important:** The application must have Administrator privileges for this fix to work.|
+|WinxxRTMVersionLie|The problem occurs when an application fails because it doesn't find the correct version number for the required Windows operating system. All version lie compatibility fixes address the issue whereby an application fails to function because it's checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer.|
+|Wing32SystoSys32|The problem occurs when an error message that states that the WinG library wasn't properly installed. The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. **Important:** The application must have Administrator privileges for this fix to work.|
|WinSrv08R2RTM||
-|WinXPSP2VersionLie|The problem occurs when an application experiences issues because of a VB runtime DLL. The fixforces the application to follow these steps: The fixskips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. You can control this fix further by typing the following command at the command prompt: `Component1.dll;Component2.dll` The fixemulates the successful authentication and modification of file and registry APIs, so that the application can continue. The fixverifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process.|
+|WinXPSP2VersionLie|The problem occurs when an application experiences issues because of a VB runtime DLL. The fix forces the application to follow these steps: The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. You can control this fix further by typing the following command at the command prompt: `Component1.dll;Component2.dll` The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue. The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process.|
|XPAfxIsValidAddress|The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress.|
## Compatibility Modes
@@ -161,5 +158,5 @@ The following table lists the known compatibility modes.
|Compatibility Mode Name|Description|Included Compatibility Fixes|
|--- |--- |--- |
-|WinSrv03|Emulates the Windows Server 2003 operating system.| [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)|
-|Ralink|Wireless-G PCI Adapter|pci\ven_1814&dev_0301&subsys_00551737&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)|
-|Ralink|Turbo Wireless LAN Card|pci\ven_1814&dev_0301&subsys_25611814&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)|
-|Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)|
-|Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)|
-
-IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that isn't supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
-
-### Application installation and domain join
-
-Unless you're using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications
-
-### Management of Windows To Go using Group Policy
-
-In general, management of Windows To Go workspaces is same as that for desktop and laptop computers. There are Windows To Go specific Group Policy settings that should be considered as part of Windows To Go deployment. Windows To Go Group Policy settings are located at `\\Computer Configuration\Administrative Templates\Windows Components\Portable Operating System\` in the Local Group Policy Editor.
-
-The use of the Store on Windows To Go workspaces that are running Windows 8 can also be controlled by Group Policy. This policy setting is located at `\\Computer Configuration\Administrative Templates\Windows Components\Store\` in the Local Group Policy Editor. The policy settings have specific implications for Windows To Go that you should be aware of when planning your deployment:
-
-**Settings for workspaces**
-
-- **Allow hibernate (S4) when started from a Windows To Go workspace**
-
- This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it's important that the hardware attached to the system, and the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace isn't being used to roam between host PCs.
-
- > [!IMPORTANT]
- > For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port.
-
-- **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace**
-
- This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it's shut down. It could be easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace can't use the standby states to cause the PC to enter sleep mode. If you disable or don't configure this policy setting, the Windows To Go workspace can place the PC in sleep mode.
-
-**Settings for host PCs**
-
-- **Windows To Go Default Startup Options**
-
- This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users won't be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog.
-
- > [!IMPORTANT]
- > Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started.
-
-## Supporting booting from USB
-
-The biggest hurdle for a user wanting to use Windows To Go is configuring their computer to boot from USB. This is traditionally done by entering the firmware and configuring the appropriate boot order options. To ease the process of making the firmware modifications required for Windows To Go, Windows includes a feature named **Windows To Go Startup Options** that allows a user to configure their computer to boot from USB from within Windows—without ever entering their firmware, as long as their firmware supports booting from USB.
-
-> [!NOTE]
-> Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options.
-
-If you're going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
-
-### Roaming between different firmware types
-
-Windows supports two types of PC firmware: Unified Extensible Firmware Interface (UEFI), which is the new standard, and legacy BIOS firmware, which was used in most PCs shipping with Windows 7 or earlier version of Windows. Each firmware type has completely different Windows boot components that are incompatible with each other. Beyond the different boot components, Windows supports different partition styles and layout requirements for each type of firmware as shown in the following diagrams.
-
-
-
-This presented a unique challenge for Windows To Go because the firmware type isn't easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware.
-
-To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually, you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
-
-
-
-This is the only supported disk configuration for Windows To Go. With this disk configuration, a single Windows To Go drive can be booted on computers with UEFI and legacy BIOS firmware.
-
-### Configure Windows To Go startup options
-
-Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options, you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
-
-**To configure Windows To Go startup options**
-
-1. On the Start screen, type, type **Windows To Go Startup Options**, click **Settings** and, then press Enter.
-
- 
-
-2. Select **Yes** to enable the startup options.
-
- > [!TIP]
- > If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
-
-3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
-
-### Change firmware settings
-
-If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer, you'll need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7, you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you don't suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
-
-## Related topics
-
-[Windows To Go: feature overview](windows-to-go-overview.md) This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization. Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
| Fast | Ring 2 | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring. The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed. However, you notice that the same devices that belong to the deployment rings in the Default Autopatch group are now also part of the new deployment rings in the Marketing Autopatch group. In this example, devices that belong to the deployment rings as part of the “Marketing” Autopatch group take precedence over devices that belong to the deployment ring in the Default Autopatch group, because you, the IT admin, demonstrated clear intent on managing deployment rings using a Custom Autopatch group outside the Default Autopatch group. However, you notice that the same devices that belong to the deployment rings in the Default Autopatch group are now also part of the new deployment rings in the Marketing Autopatch group. In this example, devices that belong to the deployment rings as part of the "Marketing" Autopatch group take precedence over devices that belong to the deployment ring in the Default Autopatch group, because you, the IT admin, demonstrated clear intent on managing deployment rings using a Custom Autopatch group outside the Default Autopatch group. Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You’re required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to. Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You're required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to. Devices will fail to register with the service and will be sent to the **Not registered** tab. You’re required to make sure the Microsoft Entra groups that are used with the Custom Autopatch groups don’t have device membership overlaps. Devices will fail to register with the service and will be sent to the **Not registered** tab. You're required to make sure the Microsoft Entra groups that are used with the Custom Autopatch groups don't have device membership overlaps. Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups. Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups. Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups. Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups. Your organization currently operates its update management by using five deployment rings, but there’s an opportunity to have flexible deployment cadences if it’s precommunicated to your end-users. The Default Autopatch group is preconfigured and doesn’t require extra configurations when registering devices with the Windows Autopatch service. The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service. Your organization currently operates its update management by using five deployment rings, but there's an opportunity to have flexible deployment cadences if it's precommunicated to your end-users. The Default Autopatch group is preconfigured and doesn't require extra configurations when registering devices with the Windows Autopatch service. The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service. The following is a visual representation of a gradual rollout for Contoso’s Finance department. The following is a visual representation of a gradual rollout for Contoso's Finance department. The following is a visual representation of a gradual rollout for the Contoso Chicago branch location. The following is a visual representation of a gradual rollout for the Contoso Chicago branch location. Once devices are remediated, it can take up to **24 hours** to show up in the **Ready** tab. Once devices are remediated, it can take up to **24 hours** to show up in the **Ready** tab. If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md). If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md). No action is required. If the update is still available, retry the installation. For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag). For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag). For more information about safeguards, see [Windows 10/11 release information for the affected version(s)](/windows/release-health/release-information). No action is necessary the update should retry when windows is available. If the alert persists, ensure the device remains on during Windows installation. Confirm whether the device is on the intended version. For more information, see [Windows boot issues – troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool). For more information, see [Windows boot issues - troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool). Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, to repair these components. Then retry the update. For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required. Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges to repair these components. Then retry the update. For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required. However, you want to keep Windows Autopatch managed devices supported and receiving monthly updates that are critical to security and the health of the Windows ecosystem. If you decide to edit the default Windows Autopatch group to add additional deployment rings, these rings receive a [global Windows feature update policy](#global-release) set to offer the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to devices. Every custom Autopatch group you create gets a [global Windows feature update policy](#global-release) that enforces the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). See the following visual for a representation of default releases. However, you want to keep Windows Autopatch managed devices supported and receiving monthly updates that are critical to security and the health of the Windows ecosystem. If you decide to edit the default Windows Autopatch group to add additional deployment rings, these rings receive a [global Windows feature update policy](#global-release) set to offer the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to devices. Every custom Autopatch group you create gets a [global Windows feature update policy](#global-release) that enforces the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). See the following visual for a representation of default releases. `Deferral + Deadline + Reporting Period = service level objective` `Grace Period + Reporting period = service level objective` For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned). To take action on missing licenses, you can visit the Microsoft 365 admin center or contact your Microsoft account manager. Until you have renewed the required licenses to run the service, Windows Autopatch marks your tenant as **inactive**. For more information, see [Microsoft 365 - What happens after my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires) Reasons for tenant access issues: Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you. For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access). Reasons for tenant access issues: Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you. For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access). For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues have occurred due to Windows Updates. Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout. Self-managed mode turns off Windows Autopatch’s automatic driver deployment. Instead, the Administrator controls the driver deployment. The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings. The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization. Self-managed mode turns off Windows Autopatch's automatic driver deployment. Instead, the Administrator controls the driver deployment. The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings. The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the MOF Editor with a .MOF import file
-You can collect your hardware inventory using the MOF Editor and a .MOF import file.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
-2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
-
-3. Pick the inventory items to install, and then click **Import**.
-
-4. Click **OK** to close the default windows.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
-
-**To collect your inventory**
-
-1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-## Turn off data collection on your client devices
-After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
-
-**To stop collecting data, using PowerShell**
-
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
-
- >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
-
-
-**To stop collecting data, using Group Policy**
-
-1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
-
-2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
-
-### Delete already stored data from client computers
-You can completely remove the data stored on your employee’s computers.
-
-**To delete all existing data**
-
-- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo`
-
- - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
-
-## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
-
-
-
-
diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
deleted file mode 100644
index 807cc8d2c8..0000000000
--- a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: dansimp
-ms.prod: ie11
-title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes.
-
-## Use the Environment settings area
-This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications.
-
-**To add location info**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**.
-
-3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**.
-
-## Use the Group and role settings area
-After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group.
-
-**To add a new group and determine the required change request Approvers**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Group and role settings** area of the page, click **Group details**.
-
- The **Add or edit group names** box appears.
-
-3. Click the **Add group** tab, and then add the following info:
-
- - **New group name.** Type name of your new group.
-
- - **Group head email.** Type the email address for the primary contact for the group.
-
- - **Group head name.** This box automatically fills, based on the email address.
-
- - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-
-**To set a group's required Approvers**
-1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box.
-
-2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles.
-
- - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role.
-
-## Use the Freeze production changes area
-This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date.
-
-**To add the start and end dates**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time.
-
-3. Click **Save**.
-
-## Related topics
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
deleted file mode 100644
index 867bb143b8..0000000000
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Create a change request using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
-
-> [!Important]
-> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-**To create a new change request**
-1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
-
- The **Create new request** page appears.
-
-2. Fill out the required fields, based on the group and the app, including:
-
- - **Group name.** Select the name of your group from the dropdown box.
-
- - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
-
- - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
-
- - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list.
-
- - **Requested by.** Automatically filled in with your name.
-
- - **Description.** Add descriptive info about the app.
-
- - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**.
-
- - **Reason for request.** Select the best reason for why you want to update, delete, or add the app.
-
- - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
-
- - **App location (URL).** The full URL location to the app, starting with https:// or https://.
-
- - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
-
- - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx).
-
-4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
-
- A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
-
-5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
-
- - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
-
- - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
-
-## Next steps
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).
diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index ad225f2556..0000000000
--- a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: low
-description: Delete a single site from your global Enterprise Mode site list.
-ms.pagetype: appcompat
-ms.mktglfcycl: deploy
-author: dansimp
-ms.prod: ie11
-ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-
- **To delete a single site from your global Enterprise Mode site list**
-
-- From the Enterprise Mode Site List Manager, pick the site you want to delete, and then click **Delete**.
-The site is permanently removed from your list.
-
-If you delete a site by mistake, you’ll need to manually add it back using the instructions in the following topics, based on operating system.
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 403690d64f..0000000000
--- a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-
-If you need to edit a lot of websites, you probably don’t want to do it one at a time. Instead, you can edit your saved XML or TXT file and add the sites back again. For information about how to do this, depending on your operating system and schema version, see [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
- **To change how your page renders**
-
-1. In the Enterprise Mode Site List Manager, double-click the site you want to change.
-
-2. Change the comment or the compatibility mode option.
-
-3. Click **Save** to validate your changes and to add the updated information to your site list.
-If your change passes validation, it’s added to the global site list. If the update doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the update or ignore the validation problem and add it to your list anyway. For more information about fixing validation issues, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-4. On the **File** menu, click **Save to XML**, and save the updated file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
deleted file mode 100644
index a8f90c3697..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
+++ /dev/null
@@ -1,50 +0,0 @@
-## Enterprise Mode and the Enterprise Mode Site List XML file
-The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11.
-
-Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
-
-### Site list xml file
-
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
-
-```xml
-
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules> |Internet Explorer 11 and Microsoft Edge |
-|<emie> |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules>
For IPv6 ranges:
<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules>
**or**
For IPv4 ranges:<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules> | Internet Explorer 11 and Microsoft Edge |
-|<docMode> |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.
**Example**
<rules version="205">
<docmode>
<domain docMode="7">contoso.com</domain>
</docmode>
</rules> |Internet Explorer 11 |
-|<domain> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
**Example**
<emie>
<domain>contoso.com:8080</domain>
</emie> |Internet Explorer 11 and Microsoft Edge |
-|<path> |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
**Example**
<emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does. |Internet Explorer 11 and Microsoft Edge |
-
-### Schema attributes
-This table includes the attributes used by the Enterprise Mode schema.
-|Attribute|Description|Supported browser|
-|--- |--- |--- |
-|<version>|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
-|<exclude>|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the
**Example** <emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
**Example**<docMode>
<domain exclude="false">fabrikam.com
<path docMode="7">/products</path>
</domain>
</docMode>|Internet Explorer 11|
-
-### Using Enterprise Mode and document mode together
-If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain.
-
-For example, say you want all of the sites in the contoso.com domain to open using IE8 Enterprise Mode, except test.contoso.com, which needs to open in document mode 11. Because Enterprise Mode takes precedence over document mode, if you want test.contoso.com to open using document mode, you'll need to explicitly add it as an exclusion to the <emie> parent node.
-
-```xml
-<docMode> |
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode>
|
-|You can specify exact URLs by listing the full path. |<emie>|
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>
|
-|You can nest paths underneath domains. |<emie> |
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie>
|
-|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie> |
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie>
|
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
deleted file mode 100644
index fcdaa18eee..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Enterprise Mode schema v.2 guidance
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-
-**Important**
-If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-## Enterprise Mode schema v.2 updates
-Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
-
-- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema.
-
-- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema.
-
-You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema.
-
-### Enterprise Mode v.2 schema example
-The following is an example of the v.2 version of the Enterprise Mode schema.
-
-**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example**
<site-list version="205">
| Internet Explorer 11 and Microsoft Edge |
-|<site> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
**Example** <site url="contoso.com">
<compat-mode>default</compat-mode>
<open-in>none</open-in>
</site>
**or** For IPv4 ranges:
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
You can also use the self-closing version, <url="contoso.com" />, which also sets:
**Example**
**or**
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
</site>
For IPv4 ranges:<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site><site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
**Examples**<site url="contoso.com">
<open-in>none</open-in>
</site>
Where
**Example**<site url="contoso.com/travel">
In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.| Internet Explorer 11 and Microsoft Edge|
-|version |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | Internet Explorer 11 and Microsoft Edge|
-|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<open-in allow-redirect="true">IE11 </open-in>
</site>
**Note**
Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both [https://contoso.com](https://contoso.com) and [https://contoso.com](https://contoso.com).
**Example**<site url="contoso.com:8080">
In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
-
-### Deprecated attributes
-These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
-
-|Deprecated attribute|New attribute|Replacement example|
-|--- |--- |--- |
-|<forceCompatView>|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
-|<docMode>|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
-|<doNotTransition>|<open-in>|Replace:
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
<doNotTransition="true"> with <open-in>none</open-in>|
-|<domain> and <path>|<site>|Replace:<emie>
With:
<domain exclude="false">contoso.com</domain>
</emie><site url="contoso.com"/>
**-AND-**
<compat-mode>IE8Enterprise</compat-mode>
</site>
Replace:<emie>
<domain exclude="true">contoso.com
<path exclude="false" forceCompatView="true">/about</path>
</domain>
</emie>
With:<site url="contoso.com/about">
<compat-mode>IE7Enterprise</compat-mode>
</site>|
-
-While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
-
-**Important**
-Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
-
-### What not to include in your schema
-We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-
-- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing.
-- Don’t use wildcards.
-- Don’t use query strings, ampersands break parsing.
-
-## Related topics
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md
deleted file mode 100644
index f1c67006ba..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md
+++ /dev/null
@@ -1,36 +0,0 @@
-## Enterprise Mode Site List Manager and the Enterprise Mode Site List Portal tools
-You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple tools that can make that process even easier.
-
-### Enterprise Mode Site List Manager
-This tool helps you create error-free XML documents with simple n+1 versioning and URL verification. We recommend using this tool if your site list is relatively small. For more info about this tool, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
-
-There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10:
-
-- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
-
- We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema.
-
- If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal.
-
-### Enterprise Mode Site List Portal
-The [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management.
-
-In addition to all the functionality of the Enterprise Mode Site List Manager tool, the Enterprise Mode Site List Portal helps you:
-
-- Manage site lists from any device supporting Windows 7 or greater.
-
-- Submit change requests.
-
-- Operate offline through an on-premise solution.
-
-- Provide role-based governance.
-
-- Test configuration settings before releasing to a live environment.
-
-Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-Because the tool is open-source, the source code is readily available for examination and experimentation. We encourage you to [fork the code, submit pull requests, and send us your feedback](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)! For more info about the Enterprise Mode Site List Portal, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md
deleted file mode 100644
index 4ead83795d..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md
+++ /dev/null
@@ -1,7 +0,0 @@
-## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
-
-|Schema version |Operating system |Enterprise Site List Manager version |
-|-----------------|---------------|------------------------------------|
-|Enterprise Mode schema, version 2 (v.2) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), the XML is saved into the v.2 version of the schema.
For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).|
-|Enterprise Mode schema, version 1 (v.1) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema.
For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
deleted file mode 100644
index 2c433182a9..0000000000
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use this section to learn about how to turn on Enterprise Mode.
-author: dansimp
-ms.author: dansimp
-ms.prod: edge
-ms.assetid:
-ms.reviewer:
-manager: dansimp
-title: Enterprise Mode for Microsoft Edge
-ms.sitesec: library
-ms.date: 07/17/2018
----
-
-# Enterprise Mode for Microsoft Edge
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers the confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
-
-## Available dual-browser experiences
-
-
-## Enterprise Mode features
-
-
-
-
-## Enterprise Mode Site List management tools
-...description of what you can do with these tools; also specify if you must use both or if each tool works independently and no dependencies on the other tool... I think these tools are for two different scenarios...
-
-You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple of tools that can make that process even easier.
-
-| | |
-|---------|---------|
-|Enterprise Mode Site List Manager |Use if your site list is relatively small. |
-|Enterprise Mode Site List Portal |Use if your site list is too large to add individual sites, or if you have more than one person managing the sites. |
-
-### Enterprise Mode Site List Manager
-
-
-### Enterprise Mode Site List Portal
-
-
-
-## Enterprise Mode Site List XML file
-[!INCLUDE [enterprise-mode-and-enterprise-site-list-include](enterprise-mode-and-enterprise-site-list-include.md)]
-
-
-## Turn on Enterprise Mode
-
-
-### Add a single site to the site list
-
-
-### Add multiple sites to the site list
diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 4f4cbb32bb..0000000000
--- a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. This file includes all of your URLs, including your compatibility mode selections and should be stored somewhere safe. If your list gets deleted by mistake you can easily import this file and return everything back to when this file was last saved.
-
-**Important**
-This file is not intended for distribution to your managed devices. Instead, it is only for transferring data and comments from one manager to another. For example, if one administrator leaves and passes the existing data to another administrator. Internet Explorer doesn’t read this file.
-
- **To export your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Export**.
-
-2. Export the file to your selected location. For example, `C:\Users\
The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
-
- **To remove single sites from a local Enterprise Mode site list**
-
-1. Open Internet Explorer 11 and go to the site you want to remove.
-
-2. Click **Tools**, and then click **Enterprise Mode**.
If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
-
- **To remove all sites from a local Enterprise Mode site list**
-
-1. Open IE11, click **Tools**, and then click **Internet options**.
-
-2. Click the **Delete** button from the **Browsing history** area.
-
-3. Click the box next to **Cookies and website data**, and then click **Delete**.
-
-**Note**
This removes all of the sites from a local Enterprise Mode site list.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 2cb578171f..0000000000
--- a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Save your site list to XML in the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-
- **To save your list as XML**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Save to XML**.
-
-2. Save the file to the location you specified in your Enterprise Mode registry key, set up when you turned on Enterprise Mode for use in your company. For information about the Enterprise Mode registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
-
-### Setting up, collecting, and viewing reports
-For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report.
-
- **To set up the sample**
-
-1. Set up a server to collect your Enterprise Mode information from your users.
-
-2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
-
-3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
-
-4. On the **Build** menu, tap or click **Build Solution**.
- Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
-
- 
-
- After you finish the publishing process, you need to test to make sure the app deployed successfully.
-
- **To test, deploy, and use the app**
-
-1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
-
- ``` "Enable"="https://
-Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
-
- **To turn off the site list using Group Policy**
-
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.
-The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
-- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
-- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
-
-For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
deleted file mode 100644
index 010448c58d..0000000000
--- a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
-ms.prod: ie11
-title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-author: dansimp
----
-
-# Use the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-You can use IE11 and the Enterprise Mode Site List Portal to manage your Enterprise Mode Site List, hosted by the app, with multiple users.
-
-## Minimum system requirements for portal and test machines
-Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
-
-|Item |Description |
-|-----|------------|
-|Operating system |Windows 7 or later |
-|Memory |16 GB RAM |
-|Hard drive space |At least 8 GB of free space, formatted using the NTFS file system for better security |
-|Active Directory (AD) |Devices must be domain-joined |
-|SQL Server |Microsoft SQL Server Enterprise Edition 2012 or later |
-|Visual Studio |Visual Studio 2015 or later |
-|Node.js® package manager |npm Developer version or higher |
-|Additional server infrastructure |Internet Information Service (IIS) 6.0 or later |
-
-## Role assignments and available actions
-Admins can assign roles to employees for the Enterprise Mode Site List Portal, allowing the employees to perform specific actions, as described in this table.
-
-|Role assignment |Available actions |
-|----------------|------------------|
-|Requester |
|
-|Approver
(includes the App Manager and Group Head roles) |
|
-|Administrator |
|
-
-## Enterprise Mode Site List Portal workflow by employee role
-The following workflow describes how to use the Enterprise Mode Site List Portal.
-
-1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md)
-
-2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md)
-
-3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md)
-
-4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md)
-
-5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md)
-
-
-## Related topics
-- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
-
-- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md)
-
-- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
-
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index f68c42ca3c..0000000000
--- a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Use the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
-
-[!INCLUDE [enterprise-mode-site-list-mgr-versions-include](../../enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md)]
-
-## Using the Enterprise Mode Site List Manager
-The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager.
-
-|Topic |Description |
-|------|------------|
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.2). |
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.1). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the Enterprise Mode Site List Manager (schema v.2). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
-|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.
-Because we’ve added the IE7 Enterprise Mode option, we’ve had to rename the original functionality of Enterprise Mode to be IE8 Enterprise Mode. We’ve also replaced Edge Mode with IE11 Document Mode, so you can explicitly use IE11 on Windows 10.
-
-## Turning on and using IE7 Enterprise Mode or IE8 Enterprise Mode
-For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to your webpages and apps, see:
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-
-For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
deleted file mode 100644
index 3e06b8b806..0000000000
--- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify your changes using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-> [!Important]
-> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
-
-- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
-
-- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
-
-- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry.
-
-## Verify and send the change request to Approvers
-The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful.
-
-**To verify changes and send to the Approver(s)**
-1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**.
-
- The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval.
-
-
-**To rollback your pre-production changes**
-1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**.
-
- The change request and issue info are sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment.
-
- After the Requester rolls back the changes, the request can be updated and re-submitted.
-
-
-## View rolled back change requests
-The original Requester and the Administrator(s) group can view the rolled back change requests.
-
-**To view the rolled back change request**
-
-- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane.
-
- All rolled back change requests appear, with role assignment determining which ones are visible.
-
-## Next steps
-If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
deleted file mode 100644
index 8387697841..0000000000
--- a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-## Verify and sign off on the update in the production environment
-The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful.
-
-**To verify the changes and sign off**
-- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**.
-
- The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off.
-
-
-**To rollback production changes**
-1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results.
-
-2. Add a description about the issue into the **Change description** box, and then click **Send failure details**.
-
- The info is sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the production environment.
-
- After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists.
-
diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
deleted file mode 100644
index 6ae2c865ea..0000000000
--- a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List.
-
-**To view the active Enterprise Mode Site List**
-1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page.
-
- The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
-
-2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser.
-
-
-**To export the active Enterprise Mode Site List**
-1. On the **Production sites list** page, click **Export**.
-
-2. Save the ProductionSiteList.xlsx file.
-
- The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser.
diff --git a/browsers/enterprise-mode/what-is-enterprise-mode-include.md b/browsers/enterprise-mode/what-is-enterprise-mode-include.md
deleted file mode 100644
index b10897a3d3..0000000000
--- a/browsers/enterprise-mode/what-is-enterprise-mode-include.md
+++ /dev/null
@@ -1,7 +0,0 @@
----
-ms.date: 07/17/2018
----
-## What is Enterprise Mode?
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md
deleted file mode 100644
index e506d779b2..0000000000
--- a/browsers/includes/available-duel-browser-experiences-include.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-## Available dual-browser experiences
-Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
-
-- Use Microsoft Edge as your primary browser.
-
-- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies.
-
-- Use Microsoft Edge as your primary browser and open all intranet sites in IE11.
-
-- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies.
-
-For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
deleted file mode 100644
index 21e15f6d8d..0000000000
--- a/browsers/includes/helpful-topics-include.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-
-## Helpful information and additional resources
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie)
-
-- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501)
-
-- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974)
-
-- [Use the Enterprise Mode Site List Manager](../enterprise-mode/use-the-enterprise-mode-site-list-manager.md)
-
-- [Collect data using Enterprise Site Discovery](../enterprise-mode/collect-data-using-enterprise-site-discovery.md)
-
-- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
-
-- [Microsoft Services Support](https://www.microsoft.com/microsoftservices/support.aspx)
-
-- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
-
-
-
-
-
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
-- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
-- [Fix web compatibility issues using document modes and the Enterprise Mode site list](/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
deleted file mode 100644
index 31961c97a1..0000000000
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-
-> [!IMPORTANT]
-> Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
-
-1. In the Enterprise Mode Site List Manager, click **File \> Import**.
-
-2. Go to the exported .EMIE file.
ActiveX control installation requires administrator-level permissions.
-
-## Group Policy for the ActiveX Installer Service
-
-You use the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. The AXIS-related settings can be changed using either the Group Policy Management Console (GPMC) or the Local Group Policy Editor, and include:
-
-- **Approved Installation Sites for ActiveX Controls.** A list of approved installation sites used by AXIS to determine whether it can install a particular ActiveX control.
-
-- **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
-
-For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](/previous-versions/windows/it-pro/windows-7/dd631688(v=ws.10)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
deleted file mode 100644
index 455bae28bd..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to add employees to the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Add employees to the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
-
-The available roles are:
-
-- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
-
-- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
-
-**To add an employee to the Enterprise Mode Site List Portal**
-1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
-
- The **Employee management** page appears.
-
-2. Click **Add a new employee**.
-
- The **Add a new employee** page appears.
-
-3. Fill out the fields for each employee, including:
-
- - **Email.** Add the employee's email address.
-
- - **Name.** This box autofills based on the email address.
-
- - **Role.** Pick a single role for the employee, based on the list above.
-
- - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
-
- - **Comments.** Add optional comments about the employee.
-
- - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-**To export all employees to an Excel spreadsheet**
-1. On the **Employee management** page, click **Export to Excel**.
-
-2. Save the EnterpriseModeUsersList.xlsx file.
-
- The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
deleted file mode 100644
index 57c8991c7d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
-
-If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
-You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-Each XML file must include:
-
-- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
-
-- <docMode> tag.This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-### Enterprise Mode v.1 XML schema example
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-```
-
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
-
-You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
-Each XML file must include:
-
-- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains.
-
-- **<open-in> tag.** This tag specifies what browser opens for each sites or domain.
-
-### Enterprise Mode v.2 XML schema example
-
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-```xml
-
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
You can only add specific URLs, not Internet or Intranet Zones.
-
-
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
You can only add specific URLs, not Internet or Intranet Zones.
-
-
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) or the Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) topic, based on your operating system.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see Scenario 1: Editing the Local GPO Using ADMX Files.
-
-## Administrative Templates-related Group Policy settings
-When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
-
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the PolicyDefinitions folder on this computer.
-
-IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
-
-- Computer Configuration\\Administrative Templates\\Windows Components\\
-
-- User Configuration\\Administrative Templates\\Windows Components\\
-
-
-|Catalog |Description |
-| ------------------------------------------------ | --------------------------------------------|
-|IE |Turns standard IE configuration on and off. |
-|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
-|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
-|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
-|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
-|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
-|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
-|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
-|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
-|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
-|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
-|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
-|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
-|RSS Feeds |Sets up and manages RSS feeds in the browser. |
-
-
-## Editing Group Policy settings
-Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771479(v=ws.11)) for step-by-step instructions about editing your Administrative Templates.
-
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](/microsoft-desktop-optimization-pack/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
-
-## Related topics
-- [Administrative templates (.admx) for Windows 10 April 2018 Update](https://www.microsoft.com/download/details.aspx?id=56880)
-- [Administrative templates (.admx) for Windows 10 October 2018 Update](https://www.microsoft.com/download/details.aspx?id=57576)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
deleted file mode 100644
index 07687792a3..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Approve a change request using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
-
-## Approve or reject a change request
-The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
-
-**To approve or reject a change request**
-1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
-
- The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
-
-2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
-
-3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
-
- An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
-
-
-## Send a reminder to the Approver(s) group
-If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
-
-- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
-
- An email is sent to the selected Approver(s).
-
-
-## View rejected change requests
-The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
-
-**To view the rejected change request**
-
-- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
-
- All rejected change requests appear, with role assignment determining which ones are visible.
-
-
-## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
deleted file mode 100644
index f87e4e9cc9..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration and auto proxy problems with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration and auto proxy problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
-
-## Branding changes aren't distributed using automatic configuration
-If you've turned on the **Disable external branding of Internet Explorer** Group Policy Object, you won't be able to use automatic configuration to distribute your branding changes to your users' computers. When this object is turned on, it prevents the branding of IE by a non-Microsoft company or entity, such as an Internet service provider or Internet content provider. For more information about automatic configuration, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) and [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). For more information about Group Policy settings, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
-
-## Proxy server setup issues
-If you experience issues while setting up your proxy server, you can try these troubleshooting steps:
-
-- Check to make sure the proxy server address is right.
-
-- Check that both **Automatically detect settings** and **Automatic configuration** are turned on in the browser.
-
-- Check that the browser is pointing to the right automatic configuration script location.
-
- **To check your proxy server address**
-
-1. On the **Tools** menu, click **Internet Options**, and then **Connections**.
-
-2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
-
-3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](/troubleshoot/browsers/internet-explorer-uses-proxy-server-local-ip-address).
-
- **To check that you've turned on the correct settings**
-
-4. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-5. Click **Settings** or **LAN Settings**.
-
-6. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.
If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again.
-
- **To check that you're pointing to the correct automatic configuration script location**
-
-7. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-8. Click **Settings** or **LAN Settings**.
-
-9. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
deleted file mode 100644
index 10ff22508d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration settings for Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration settings for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).
You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-## Adding the automatic configuration registry key
-For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry key to your IE installation package.
Follow these directions carefully because serious problems can occur if you update your registry incorrectly. For added protection, back up your registry so you can restore it if a problem occurs.
-
- **To add the registry key**
-
-1. On the **Start** screen, type **regedit**, and then click **Regedit.exe**.
-
-2. Right-click the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl` subkey, point to **New**, and then click **Key**.
-
-3. Enter the new key name, `FEATURE\AUTOCONFIG\BRANDING`, and then press Enter.
-
-4. Right-click `FEATURE\AUTOCONFIG\BRANDING`, point to **New**, and then click **DWORD (32-bit) Value**.
-
-5. Enter the new DWORD value name, **iexplore.exe**, and then press Enter.
-
-6. Right-click **iexplore.exe**, and then click **Modify**.
-
-7. In the **Value data** box, enter **1**, and then click **OK**.
-
-8. Exit the registry editor.
-
-## Updating your automatic configuration settings
-After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-
Your branding changes won't be added or updated if you've previously chosen the Disable external branding of IE setting in the User Configuration\Administrative Templates\Windows Components\Internet Explorer Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the Group Policy TechCenter.
-
- **To update your settings**
-
-1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** check box to allow automatic detection of browser settings.
-
-3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
-
- - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that automatic configuration only happens when the computer restarts.
-
- - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
-
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
-
-## Locking your automatic configuration settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing Automatic Configuration settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
deleted file mode 100644
index bf9f448755..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto detect settings Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto detect settings Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
-
-Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
-
-## Updating your automatic detection settings
-To use automatic detection, you have to set up your DHCP and DNS servers.
Your DHCP servers must support the `DHCPINFORM` message, to obtain the DHCP options.
-
- **To turn on automatic detection for DHCP servers**
-
-1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-3. Open the [DHCP Administrative Tool](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd145324(v=ws.10)), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](/previous-versions/tn-archive/bb794881(v=technet.10)).
-
- **To turn on automatic detection for DNS servers**
-
-4. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-5. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
-
-6. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](/previous-versions/tn-archive/cc995062(v=technet.10)).
-
-7. After the database file propagates to the server, the DNS name, `wpad.
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad.
IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-## Locking your auto-proxy settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](/windows/deployment/deploy-whats-new).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
deleted file mode 100644
index 17f6488e0a..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Blocked out-of-date ActiveX controls
-description: This page is periodically updated with new ActiveX controls blocked by this feature.
-author: dansimp
-ms.author: dansimp
-audience: itpro
-manager: dansimp
-ms.date: 05/10/2018
-ms.topic: article
-ms.prod: ie11
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-ms.assetid: ''
-ms.reviewer:
-ms.sitesec: library
----
-
-# Blocked out-of-date ActiveX controls
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_.
-
-We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list.
-
-You will receive a notification if a webpage tries to load one of the following of ActiveX control versions:
-
-**Java**
-
-| Java 2 Platform, Standard Edition (J2SE) 1.4, everything below (but not including) update 43 |
-|----------------------------------------------------------------------------------------------|
-| J2SE 5.0, everything below (but not including) update 99 |
-| Java SE 6, everything below (but not including) update 181 |
-| Java SE 7, everything below (but not including) update 171 |
-| Java SE 8, everything below (but not including) update 161 |
-| Java SE 9, everything below (but not including) update 4 |
-
-**Silverlight**
-
-
-| Everything below (but not including) Silverlight 5.1.50907.0 |
-|--------------------------------------------------------------|
-| |
-
-For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
deleted file mode 100644
index 3fc8a84465..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: performance
-description: Browser cache changes and roaming profiles
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/16/2017
----
-
-
-# Browser cache changes and roaming profiles
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
-
-You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649079(v=ws.11)). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Microsoft Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
-
-To get the best results while using roaming profiles, we strongly recommend the following:
-
-- Create a separate roaming repository for each domain account that uses roaming.
-
-- Restrict roaming user profiles so they work on only one computer at a time. Using a single roaming profile on multiple computers isn’t supported (via console or Remote Desktop) and can cause unpredictable results, including cookie loss.
-
-- Allow all computers that let users sign-on with a roaming profile have identical IE cookie policies and settings.
-
-- Make sure to delete the user’s local roaming profile at sign off for any computer using user profile roaming. You can do this by turning on the **Delete cached copies of roaming profiles** Group Policy Object.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
deleted file mode 100644
index 1617af18d5..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: medium
-title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
-description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10.
-ms.mktglfcycl: deploy
-ms.prod: windows-client
-ms.sitesec: library
-author: dansimp
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-
-# Change history for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-This topic lists new and updated topics in the Internet Explorer 11 documentation for Windows 10.
-
-## April 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
-
-## March 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to add the Allow VBScript to run in Internet Explorer and the Hide the button (next to the New Tab button) that opens Microsoft Edge settings. |
-
-## November 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Updated the DocMode reason section to correct Code 8 and to add Code 9.|
-
-## August 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
-
-## July 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
-
-## June 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
-
-
-## May 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using <emie> and <docMode> together. |
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
deleted file mode 100644
index 9b4b3e6f1f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
-description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: medium
----
-
-
-# Check for a new Enterprise Mode site list xml file
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
-
-**How Internet Explorer 11 looks for an updated site list**
-
-1. Internet Explorer starts up and looks for an updated site list in the following places:
-
- 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
-
- 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
-
- 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
-
-2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
deleted file mode 100644
index 810264c501..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to deploy Internet Explorer 11 (IE11)
-author: dansimp
-ms.prod: ie11
-ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to deploy Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
-
-## In this section
-
-| Topic | Description |
-|------------------------------------------------------------- | ------------------------------------------------------ |
-|[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). |
-|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). |
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
deleted file mode 100644
index 0175cb7bbe..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to install Internet Explorer 11 (IE11)
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to install Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Before you install Internet Explorer 11, you should:
-
-- **Migrate Group Policy Objects.** Decide if your Group Policy Objects should migrate to the new version.
-
-- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
-
-- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
-
-- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
-
- - **Existing computers running Windows.** Use Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
-
- - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825251(v=win.10)). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/), [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
deleted file mode 100644
index 961f15218c..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ /dev/null
@@ -1,446 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Collect data using Enterprise Site Discovery
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Collect data using Enterprise Site Discovery
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7 with Service Pack 1 (SP1)
-
-Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
-
->**Upgrade Readiness and Windows upgrades**
->You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
-
-
-## Before you begin
-Before you start, you need to make sure you have the following:
-
-- Latest cumulative security update (for all supported versions of Internet Explorer):
-
- 1. Go to the [Microsoft Security Bulletin](/security-updates/) page, and change the filter to **Windows Internet Explorer 11**.
-
- 
-
- 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
-
- 
-
- 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
-
-- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
-
- - Configuration-related PowerShell scripts
-
- - IETelemetry.mof file
-
- - Sample System Center 2012 report templates
-
- You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
-
-Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
-
-## What data is collected?
-Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
-
-|Data point |IE11 |IE10 |IE9 |IE8 |Description |
-|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
-|URL | ✔️ | ✔️ | ✔️ | ✔️ |URL of the browsed site, including any parameters included in the URL. |
-|Domain | ✔️ | ✔️ | ✔️ | ✔️ |Top-level domain of the browsed site. |
-|ActiveX GUID | ✔️ | ✔️ | ✔️ | ✔️ |GUID of the ActiveX controls loaded by the site. |
-|Document mode | ✔️ | ✔️ | ✔️ | ✔️ |Document mode used by IE for a site, based on page characteristics. |
-|Document mode reason | ✔️ | ✔️ | | |The reason why a document mode was set by IE. |
-|Browser state reason | ✔️ | ✔️ | | |Additional information about why the browser is in its current state. Also called, browser mode. |
-|Hang count | ✔️ | ✔️ | ✔️ | ✔️ |Number of visits to the URL when the browser hung. |
-|Crash count | ✔️ | ✔️ | ✔️ | ✔️ |Number of visits to the URL when the browser crashed. |
-|Most recent navigation failure (and count) | ✔️ | ✔️ | ✔️ | ✔️ |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. |
-|Number of visits | ✔️ | ✔️ | ✔️ | ✔️ |Number of times a site has been visited. |
-|Zone | ✔️ | ✔️ | ✔️ | ✔️ |Zone used by IE to browse sites, based on browser settings. |
-
-
->**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-### Understanding the returned reason codes
-The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
-
-#### DocMode reason
-The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
-|4 |Page is using an X-UA-compatible meta tag. |
-|5 |Page is using an X-UA-compatible HTTP header. |
-|6 |Page appears on an active **Compatibility View** list. |
-|7 |Page is using native XML parsing. |
-|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
-|9 |Page state is set by the browser mode and the page's DOCTYPE.|
-
-#### Browser state reason
-The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
-|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
-|3 |Site appears on an active **Compatibility View** list, created by the user. |
-|4 |Page is using an X-UA-compatible tag. |
-|5 |Page state is set by the **Developer** toolbar. |
-|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
-|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
-|8 |Site appears on the **Quirks** list, created in Group Policy. |
-|11 |Site is using the default browser. |
-
-#### Zone
-The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|-1 |Internet Explorer is using an invalid zone. |
-|0 |Internet Explorer is using the Local machine zone. |
-|1 |Internet Explorer is using the Local intranet zone. |
-|2 |Internet Explorer is using the Trusted sites zone. |
-|3 |Internet Explorer is using the Internet zone. |
-|4 |Internet Explorer is using the Restricted sites zone. |
-
-## Where is the data stored and how do I collect it?
-The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
-
-- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
-
-- **XML file**. Any agent that works with XML can be used.
-
-## WMI Site Discovery suggestions
-We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
-
-On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-## Getting ready to use Enterprise Site Discovery
-Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
-
-**To set up Enterprise Site Discovery**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies).
-
-### WMI only: Set up your firewall for WMI data
-If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
-
-**To set up your firewall**
-
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-
-3. Restart your computer to start collecting your WMI data.
-
-## Use PowerShell to finish setting up Enterprise Site Discovery
-You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
-
->**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-
-- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
-
-- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
-
-**To set up data collection using a domain allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-
- >**Important**
Wildcards, like \*.microsoft.com, aren’t supported.
-
-**To set up data collection using a zone allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
-
- >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-
-## Use Group Policy to finish setting up Enterprise Site Discovery
-You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
-
->**Note**
All of the Group Policy settings can be used individually or as a group.
-
- **To set up Enterprise Site Discovery using Group Policy**
-
-- Open your Group Policy editor, and go to these new settings:
-
- |Setting name and location |Description |Options |
- |---------------------------|-------------|---------|
- |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |
|
- |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |
|
- |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone |
- |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com |
-
-### Combining WMI and XML Group Policy settings
-You can use both the WMI and XML settings individually or together:
-
-**To turn off Enterprise Site Discovery**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|Off|
-|Turn on Site Discovery XML output|Blank|
-
-**Turn on WMI recording only**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|On|
-|Turn on Site Discovery XML output|Blank|
-
-**To turn on XML recording only**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|Off|
-|Turn on Site Discovery XML output|XML file path|
-
-**To turn on both WMI and XML recording**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|On|
-|Turn on Site Discovery XML output|XML file path|
-
-## Use Configuration Manager to collect your data
-After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the MOF Editor with a .MOF import file
-You can collect your hardware inventory using the MOF Editor and a .MOF import file.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
-2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
-
-3. Pick the inventory items to install, and then click **Import**.
-
-4. Click **OK** to close the default windows.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
-
-**To collect your inventory**
-
-1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-## Turn off data collection on your client devices
-After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
-
-**To stop collecting data, using PowerShell**
-
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
-
- >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
-
-
-**To stop collecting data, using Group Policy**
-
-1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
-
-2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
-
-### Delete already stored data from client computers
-You can completely remove the data stored on your employee’s computers.
-
-**To delete all existing data**
-
-- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo`
-
- - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
-
-## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
deleted file mode 100644
index db62af6aab..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: dansimp
-ms.prod: ie11
-title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes.
-
-## Use the Environment settings area
-This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications.
-
-**To add location info**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**.
-
-3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**.
-
-## Use the Group and role settings area
-After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group.
-
-**To add a new group and determine the required change request Approvers**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Group and role settings** area of the page, click **Group details**.
-
- The **Add or edit group names** box appears.
-
-3. Click the **Add group** tab, and then add the following info:
-
- - **New group name.** Type name of your new group.
-
- - **Group head email.** Type the email address for the primary contact for the group.
-
- - **Group head name.** This box automatically fills, based on the email address.
-
- - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-
-**To set a group's required Approvers**
-1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box.
-
-2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles.
-
- - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role.
-
-## Use the Freeze production changes area
-This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date.
-
-**To add the start and end dates**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time.
-
-3. Click **Save**.
-
-## Related topics
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
deleted file mode 100644
index cffb48a00d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Create a change request using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
-
-> [!Important]
-> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-**To create a new change request**
-1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
-
- The **Create new request** page appears.
-
-2. Fill out the required fields, based on the group and the app, including:
-
- - **Group name.** Select the name of your group from the dropdown box.
-
- - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
-
- - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
-
- - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list.
-
- - **Requested by.** Automatically filled in with your name.
-
- - **Description.** Add descriptive info about the app.
-
- - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**.
-
- - **Reason for request.** Select the best reason for why you want to update, delete, or add the app.
-
- - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
-
- - **App location (URL).** The full URL location to the app, starting with https:// or https://.
-
- - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
-
- - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](/previous-versions/windows/internet-explorer/ie-developer/compatibility/cc288325(v=vs.85)).
-
-4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
-
- A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
-
-5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
-
- - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
-
- - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
-
-## Next steps
-
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
deleted file mode 100644
index 395703b43d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Create packages for multiple operating systems or languages
-author: dansimp
-ms.prod: ie11
-ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Create packages for multiple operating systems or languages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Create packages for multiple operating systems or languages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You'll create multiple versions of your custom browser package if:
-
-- You support more than 1 version of Windows®.
-
-- You support more than 1 language.
-
-- You have custom installation packages with only minor differences. Like, having a different phone number.
-
- **To create a new package**
-
-1. Create an installation package using the Internet Explorer Customization Wizard 11, as described in the [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](../ie11-ieak/ieak11-wizard-custom-options.md) topic.
-
-2. Go to your **CIE/Custom** folder and rename the `Install.ins`file. For example, if you need a version for employees in Texas, rename the file to Texas.ins.
-
-3. Run the wizard again, using the Custom folder as the destination directory.
-Except for the **Title bar** text, **Favorites**, **Links bar**, **Home page**, and **Search bar**, keep all of your wizard settings the same for all of your build computers.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
deleted file mode 100644
index ddaef22325..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Customize Internet Explorer 11 installation packages
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Customize Internet Explorer 11 installation packages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Customize Internet Explorer 11 installation packages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can customize Internet Explorer 11 to support various browser behaviors, multiple operating system versions and languages, and Setup information (.inf) files.
-
-|Topic |Description |
-|------------------------------------------------------------------------|----------------------------------------------------|
-|[Using IEAK 11 to create packages](using-ieak11-to-create-install-packages.md) |How to use the Internet Explorer Administration Kit 11 (IEAK 11) and the IE Customization Wizard 11 to set up, configure, deploy, and maintain IE11. |
-|[Create packages for multiple operating systems or languages](create-install-packages-for-multiple-operating-systems-or-languages.md) |How to create multiple versions of your custom installation package, to support multiple operating systems or languages. |
-|[Using .INF files to create packages](using-inf-files-to-create-install-packages.md) |How to use the Microsoft® Windows Setup Engine to automate setup tasks and customize your component installations. |
-
-
-
-In addition, you can configure IE before, during, or after deployment, using these tools:
-
-- **IE Administration Kit 11 (IEAK 11)**. Creates customized installation packages that can be deployed through your software distribution system. For more information about the IEAK 11, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
-
-- **Group Policy**. Configures and enforces IE11 settings. For more information about settings and configuration options, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
-
-- **Unattend.xml**. Customizes some of the IE settings during your Windows installation. This option only applies if you're updating a Windows image with IE11.
-You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/ff699026(v=win.10)). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824929(v=win.10)).
-
-
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 843d917596..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: medium
-description: Delete a single site from your global Enterprise Mode site list.
-ms.pagetype: appcompat
-ms.mktglfcycl: deploy
-author: dansimp
-ms.prod: ie11
-ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-
- **To delete a single site from your global Enterprise Mode site list**
-
-- From the Enterprise Mode Site List Manager, pick the site you want to delete, and then click **Delete**.
-The site is permanently removed from your list.
-
-If you delete a site by mistake, you’ll need to manually add it back using the instructions in the following topics, based on operating system.
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
deleted file mode 100644
index 0f0c56de35..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-author: dansimp
-ms.prod: ie11
-ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-
-## What is Automatic Version Synchronization?
-Automatic Version Synchronization (AVS) lets you use the Internet Explorer Administration Kit 11 (IEAK 11) to synchronize the IE11 setup files on a local computer with the latest setup files on the web.
-
-You must synchronize the setup files at least once on the local computer, for each language and operating system combination, before proceeding through the rest of the wizard. If your packages have more than one version of IE, you need to keep the versions in separate component download folders, which can be pointed to from the **File Locations** page of the IEAK 11. For more information about using the AVS feature, see [Use the Automatic Version Synchronization page in the IEAK 11 Wizard](../ie11-ieak/auto-version-sync-ieak11-wizard.md)
-.
-
-## Related topics
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-- [Customize Internet Explorer 11 installation packages](customize-ie11-install-packages.md)
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
deleted file mode 100644
index 7eaac18e22..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Deploy Internet Explorer 11 using software distribution tools
-author: dansimp
-ms.prod: ie11
-ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deploy Internet Explorer 11 using software distribution tools (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Deploy Internet Explorer 11 using software distribution tools
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
-
-- **Configuration Manager** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)).
-
-- **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
-
-- **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](/previous-versions/windows/it-pro/windows-server-2003/cc738858(v=ws.10)).
-
-- **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
deleted file mode 100644
index 513e6e6b22..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ /dev/null
@@ -1,122 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.
-
-The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](/mem/configmgr/mdt/).
-
-## Deploying pinned websites in MDT 2013
-This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](./install-ie11-using-operating-system-deployment-systems.md) in the TechNet library.
-
-Deploying pinned websites in MDT 2013 is a 4-step process:
-
-1. Create a .website file for each website that you want to deploy. When you pin a website to the taskbar, Windows 8.1 creates a .website file that describes how the icon should look and feel.
-
-2. Copy the .website files to your deployment share.
-
-3. Copy the .website files to your target computers.
-
-4. Edit the task sequence of your Unattend.xml answer files to pin the websites to the taskbar. In particular, you want to add each .website file to the **TaskbarLinks** item in Unattend.xml during oobeSystem phase. You can add up to six .website files to the **TaskbarLinks** item.
-
-Pinned websites are immediately available to every user who logs on to the computer although the user must click each icon to populate its Jump List.
-
-**Important**
-To follow the examples in this topic, you’ll need to pin the Bing (https://www.bing.com/) and MSN (https://www.msn.com/) websites to the taskbar.
-
-### Step 1: Creating .website files
-The first step is to create a .website file for each website that you want to pin to the Windows 8.1 taskbar during deployment. A .website file is like a shortcut, except it’s a plain text file that describes not only the website’s URL but also how the icon looks.
-
- **To create each .website file**
-
-1. Open the website in IE11.
-
-2. Drag the website’s tab and drop it on the Windows 8.1 taskbar.
-
-3. Go to `%USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar` in Windows Explorer, and copy the bing.website and msn.website files to your desktop.
-
-### Step 2: Copying the .website files to the deployment share
-Next, you must enable your deployment share to copy the bing.website and msn.website files to the **Start** menu on each target computer.
-
- **To copy .website files to the deployment share**
-
-1. Open your MDT 2013 deployment share in Windows Explorer.
-
-2. In the `$OEM$` folder, create the path `$1\Users\Public\Public Links`. If the `$OEM$` folder doesn’t exist, create it at the root of your deployment share.
-
-3. Copy the bing.website and msn.website files from your desktop to `$OEM$\$1\Users\Public\Public Links` in your deployment share.
-
-### Step 3: Copying .website files to target computers
-After your operating system is installed on the target computer, you need to copy the .website files over so they can be pinned to the taskbar.
-
- **To copy .website files to target computers**
-
-1. In the **Deployment Workbench** of MDT 2013, open the deployment share containing the task sequence during which you want to deploy pinned websites, and then click **Task Sequences**.
-
-2. In the right pane of the **Deployment Workbench**, right-click your task sequence (create a new one if you don’t have one yet), and click **Properties**.
-
-3. In the **Task Sequence** tab, click the **Postinstall** folder, click **General** from the **Add** button, and then click **Run Command Line**.
-
-4. Rename the newly created item to *Copy Files* and move it up to the top of the **Postinstall** folder.
-
-5. In the **Command Line** box enter the following text, `xcopy "%DEPLOYROOT%\$OEM$\$1" "%OSDisk%\" /yqe`.
-
-6. Click the **Apply** button to save your changes.
-
-### Step 4: Pinning .website files to the Taskbar
-With the .website files ready to copy to the **Public Links** folder on target computers for all users, the last step is to edit the Unattend.xml answer files to pin those .website files to the taskbar. You will need to complete the following steps for each task sequence during which you want to pin these websites to the taskbar.
-
- **To pin .website files to the Taskbar**
-
-1. Open the Windows System Image Manager (Windows SIM).
-
-2. On the **OS Info** tab, click **Edit Unattend.xml** to open the Unattend.xml file.
-
-2. In the **Windows Image** pane, under **Components** and then **Microsoft-Windows-Shell-Setup**, right-click **TaskbarLinks**, and then click **Add Setting to Pass 7 oobeSystem**.
-
-3. In the **TaskbarLinks Properties** pane, add the relative path to the target computer’s (not the deployment share’s) .website files that you created earlier. You can add up to six links to the **TaskbarLinks** item. For example, `%PUBLIC%\Users\Public\Public Links\Bing.website` and `%PUBLIC%\Users\Public\Public Links\MSN.website`
-
-4. On the **File** menu, click **Save Answer File**, and then close Windows SIM.
-
-5. To close the task sequence, click **OK**.
-
-## Updating intranet websites for pinning
-The MDT 2013 deployment share and task sequences are now ready to pin websites to the taskbar during deployment. This pinning feature can include intranet sites important in your organization.
-
-You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](/previous-versions/windows/internet-explorer/ie-developer/samples/gg491731(v=vs.85)) on MSDN. For more ideas about what to pin, see [Add-ons](https://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
-
-## Related topics
-- [Unattended Windows Setup Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/ff699026(v=win.10))
-- [Windows System Image Manager Technical Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824929(v=win.10))
-- [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/)
-- [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10))
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
deleted file mode 100644
index 5cfa201d18..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deprecated document modes and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Deprecated document modes and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
-
-This means that while Internet Explorer 11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.
-
->**Note**
->For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953).
-
-## What is document mode?
-Each release after Internet Explorer 8 has helped with the transition by introducing additional document modes that emulated previously supported versions, while also introducing support for features defined by industry standards. During this time, numerous websites and apps were updated to the latest and greatest industry standards, while many other sites and apps continued to simply rely on document modes to work properly.
-
-Because our goal with Microsoft Edge is to give users the best site and app viewing experience possible, we’ve decided to stop support for document modes. All websites and apps using legacy features and code will need to be updated to rely on the new modern standards and practices.
-
-If you have legacy sites and apps that can’t be updated to modern standards, you can continue to use IE11 and document modes. We recommend that you use the **IE11 Standards document mode** because it represents the highest support available for modern standards. You should also use the HTML5 document type declaration to turn on the latest supported standards while using IE11:``.
-
-## Document modes and IE11
-The compatibility improvements made in IE11 lets older websites just work in the latest standards mode, by default, without requiring emulation of the previous browser behavior. Because older websites are now just working, we’ve decided that Internet Explorer 10 document mode will be the last new document mode. Instead, developers will need to move to using the IE11 document mode going forward.
-
-## Document mode selection flowchart
-This flowchart shows how IE11 works when document modes are used.
-
-
-[Click this link to enlarge image](img-ie11-docmode-lg.md)
-
-## Known Issues with Internet Explorer 8 document mode in Enterprise Mode
-The default document mode for Enterprise Mode is Internet Explorer 8. While this mode provides a strong emulation of that browser, it isn’t an exact match. For example, Windows Internet Explorer 9 fundamentally changed how document modes work with iframes and document modes can’t undo architectural changes. It’s also a known issue that Windows 10 supports GDI font rendering while using Enterprise Mode, but uses natural metrics once outside of Enterprise Mode.
-
-## Related topics
-- [Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 29574ab860..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-
-If you need to edit a lot of websites, you probably don’t want to do it one at a time. Instead, you can edit your saved XML or TXT file and add the sites back again. For information about how to do this, depending on your operating system and schema version, see [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
- **To change how your page renders**
-
-1. In the Enterprise Mode Site List Manager, double-click the site you want to change.
-
-2. Change the comment or the compatibility mode option.
-
-3. Click **Save** to validate your changes and to add the updated information to your site list.
-If your change passes validation, it’s added to the global site list. If the update doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the update or ignore the validation problem and add it to your list anyway. For more information about fixing validation issues, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-4. On the **File** menu, click **Save to XML**, and save the updated file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
deleted file mode 100644
index e21f3e41ed..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Enable and disable add-ons using administrative templates and group policy
-ms.author: dansimp
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 4/12/2018
----
-
-
-# Enable and disable add-ons using administrative templates and group policy
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
-
-There are four types of add-ons:
-
-- **Search Providers.** Type a term and see suggestions provided by your search provider.
-
-- **Accelerators.** Highlight text on a web page and then click the blue **Accelerator** icon to email, map, search, translate, or do many other tasks.
-
-- **Web Slices.** Subscribe to parts of a website to get real-time information on the Favorites bar.
-
-- **Toolbars.** Add features (like stock tickers) to your browser.
-
-## Using the Local Group Policy Editor to manage group policy objects
-You can use the Local Group Policy Editor to change how add-ons work in your organization.
-
- **To manage add-ons**
-
-1. In the Local Group Policy Editor, go to `Computer Configuration\Administrative Templates\Windows Components\Internet Explorer`.
-
-2. Change any or all of these settings to match your company’s policy and requirements.
-
- - Turn off add-on performance notifications
-
- - Automatically activate newly installed add-ons
-
- - Do not allow users to enable or disable add-ons
-
-3. Go into the **Internet Control Panel\\Advance Page** folder, where you can change:
-
- - Do not allow resetting IE settings
-
- - Allow third-party browser extensions
-
-4. Go into the **Security Features\\Add-on Management** folder, where you can change:
-
- - Add-on List
-
- - Deny all add-ons unless specifically allowed in the Add-on List
-
- - Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects
-
-5. Close the Local Group Policy Editor when you’re done.
-
-## Using the CLSID and Administrative Templates to manage group policy objects
-Every add-on has a Class ID (CLSID) that you use to enable and disable specific add-ons, using Group Policy and Administrative Templates.
-
- **To manage add-ons**
-
-1. Get the CLSID for the add-on you want to enable or disable:
-
- 1. Open IE, click **Tools**, and then click **Manage Add-ons**.
-
- 2. Double-click the add-on you want to change.
-
- 3. In the More Information dialog, click **Copy** and then click **Close**.
-
- 4. Open Notepad and paste the information for the add-on.
-
- 5. On the Manage Add-ons windows, click **Close**.
-
- 6. On the Internet Options dialog, click **Close** and then close IE.
-
-2. From the copied information, select and copy just the **Class ID** value.
-
- > [!NOTE]
- > You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
-
-3. Open the Group Policy Management Editor and go to: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
-
**-OR-**
-Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
-
-4. Open the **Add-on List** Group Policy Object, select **Enabled**, and then click **Show**.
The Show Contents dialog appears.
-
-6. In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
-
-6. In **Value**, enter one of the following:
-
- - **0**. The add-on is disabled and your employees can’t change it.
-
- - **1**. The add-on is enabled and your employees can’t change it.
-
- - **2**. The add-on is enabled and your employees can change it.
-
-7. Close the Show Contents dialog.
-
-7. In the Group Policy editor, go to: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.
-
-8. Double-click **Automatically activate/enable newly installed add-ons** and select **Enabled**.
Enabling turns off the message prompting you to Enable or Don't enable the add-on.
-
-7. Click **OK** twice to close the Group Policy editor.
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
deleted file mode 100644
index e284e24e3f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Enhanced Protected Mode problems with Internet Explorer
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enhanced Protected Mode problems with Internet Explorer (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Enhanced Protected Mode problems with Internet Explorer
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Enhanced Protected Mode further restricts Protected Mode to deny potential attackers access to sensitive or personal information. If this feature is turned on, users might start to see errors asking them to turn it off, like **This webpage wants to run "npctrl.dll. If you trust this site, you can disable Enhanced Protected Mode for this site to run the control**. If your users click the **Disable** box, Enhanced Protected Mode is turned off for only the single visit to that specific site. After the user leaves the site, Enhanced Protected Mode is automatically turned back on.
-
-You can use your company’s Group Policy to turn Enhanced Protected Mode on or off for all users. For more information, see the [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md) information in this guide.
-
-For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](/archive/blogs/ieinternals/understanding-enhanced-protected-mode) and the [Enhanced Protected Mode and Local Files](https://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
deleted file mode 100644
index e5e3c31095..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
-author: dansimp
-ms.prod: ie11
-ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Enterprise Mode for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
-
-## In this section
-
-|Topic |Description |
-|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
-|[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode. |
-|[Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) |Guidance about how to turn on local control of Enterprise Mode and how to use ASP or the GitHub sample to collect data from your local computers. |
-|[Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) |Guidance about how to turn on Enterprise Mode and set up a site list, using Group Policy or the registry. |
-|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
-|[Check for a new Enterprise Mode site list xml file](check-for-new-enterprise-mode-site-list-xml-file.md) |Guidance about how the Enterprise Mode functionality looks for your updated site list. |
-|[Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md) |Guidance about how to turn on local control of Enterprise Mode, using Group Policy or the registry.|
-|[Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) |Guidance about how to use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
-|[Use the Enterprise Mode Site List Portal](use-the-enterprise-mode-portal.md) |Guidance about how to set up and use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
-|[Using Enterprise Mode](using-enterprise-mode.md) |Guidance about how to turn on either IE7 Enterprise Mode or IE8 Enterprise Mode. |
-|[Fix web compatibility issues using document modes and the Enterprise Mode Site List](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md) |Guidance about how to decide and test whether to use document modes or Enterprise Mode to help fix compatibility issues. |
-|[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. |
-|[Remove sites from a local compatibility view list](remove-sites-from-a-local-compatibililty-view-list.md) |Guidance about how to remove websites from a device's local compatibility view list. |
-|[Turn off Enterprise Mode](turn-off-enterprise-mode.md) |Guidance about how to stop using your site list and how to turn off local control, using Group Policy or the registry. |
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
deleted file mode 100644
index e486ed248d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ /dev/null
@@ -1,133 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Enterprise Mode schema v.1 guidance
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-
-## Enterprise Mode schema v.1 example
-The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
-
-> [!IMPORTANT]
-> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules> |Internet Explorer 11 and Microsoft Edge |
-|<emie> |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules>
For IPv6 ranges:
<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules>
**or**
For IPv4 ranges:<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules> | Internet Explorer 11 and Microsoft Edge |
-|<docMode> |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.
**Example**
<rules version="205">
<docmode>
<domain docMode="7">contoso.com</domain>
</docmode>
</rules> |Internet Explorer 11 |
-|<domain> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
**Example**
<emie>
<domain>contoso.com:8080</domain>
</emie> |Internet Explorer 11 and Microsoft Edge |
-|<path> |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
**Example**
<emie>
<domain exclude="true">fabrikam.com
<path exclude="false">/products</path>
</domain>
</emie>
Where `https://fabrikam.com` doesn't use IE8 Enterprise Mode, but `https://fabrikam.com/products` does. |Internet Explorer 11 and Microsoft Edge |
-
-### Schema attributes
-This table includes the attributes used by the Enterprise Mode schema.
-
-|Attribute|Description|Supported browser|
-|--- |--- |--- |
-|version|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
-|exclude|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
**Example** <emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
**Example**<docMode>
<domain exclude="false">fabrikam.com
<path docMode="9">/products</path>
</domain>
</docMode>|Internet Explorer 11|
-|doNotTransition| Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
**Example**<emie>
<domain doNotTransition="false">fabrikam.com
<path doNotTransition="true">/products</path>
</domain>
</emie>
**Example**<emie>
<domain exclude="true">fabrikam.com
<path forcecompatview="true">/products</path>
</domain>
</emie><docMode> |
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode>
|
-|You can specify exact URLs by listing the full path. |<emie>|
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>
|
-|You can nest paths underneath domains. |<emie> |
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie>
|
-|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie> |
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie>
|
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
deleted file mode 100644
index 5af6fab521..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Enterprise Mode schema v.2 guidance
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-
-> [!IMPORTANT]
-> If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-## Enterprise Mode schema v.2 updates
-Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
-
-- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema.
-
-- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema.
-
-You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema.
-
-### Enterprise Mode v.2 schema example
-The following is an example of the v.2 version of the Enterprise Mode schema.
-
-> [!IMPORTANT]
-> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example**
<site-list version="205">
| Internet Explorer 11 and Microsoft Edge |
-|<site> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
**Example** <site url="contoso.com">
<compat-mode>default</compat-mode>
<open-in>none</open-in>
</site>
**or** For IPv4 ranges:
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
You can also use the self-closing version, <url="contoso.com" />, which also sets:
**Example**
**or**
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
</site>
For IPv4 ranges:<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site><site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
**Examples**<site url="contoso.com">
<open-in>none</open-in>
</site>
Where
**Example**<site url="contoso.com/travel">
In this example, if `https://contoso.com/travel` is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. | Internet Explorer 11 and Microsoft Edge|
-|version |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | Internet Explorer 11 and Microsoft Edge|
-|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<open-in allow-redirect="true">IE11 </open-in>
</site>
**Note**
Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both `http://contoso.com` and `https://contoso.com`.
**Example**<site url="contoso.com:8080">
In this example, going to `https://contoso.com:8080` using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
-
-### Deprecated attributes
-These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
-
-|Deprecated attribute|New attribute|Replacement example|
-|--- |--- |--- |
-|forceCompatView|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
-|docMode|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
-|doNotTransition|<open-in>|Replace:
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
<doNotTransition="true"> with <open-in>none</open-in>|
-|<domain> and <path>|<site>|Replace:<emie>
With:
<domain>contoso.com</domain>
</emie><site url="contoso.com"/>
**-AND-**
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
Replace:<emie>
<domain exclude="true" donotTransition="true">contoso.com
<path forceCompatView="true">/about</path>
</domain>
</emie>
With:<site url="contoso.com/about">
<compat-mode>IE7Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>|
-
-While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
-
-> [!IMPORTANT]
-> Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
-
-### What not to include in your schema
-We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-
-- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
-- Don’t use wildcards.
-- Don’t use query strings, ampersands break parsing.
-
-## Related topics
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 602eeb31b1..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. This file includes all of your URLs, including your compatibility mode selections and should be stored somewhere safe. If your list gets deleted by mistake you can easily import this file and return everything back to when this file was last saved.
-
-**Important**
-This file is not intended for distribution to your managed devices. Instead, it is only for transferring data and comments from one manager to another. For example, if one administrator leaves and passes the existing data to another administrator. Internet Explorer doesn’t read this file.
-
- **To export your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Export**.
-
-2. Export the file to your selected location. For example, `C:\Users\
-Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual.
-
-### When do I use document modes versus Enterprise Mode?
-While the `
-If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](/previous-versions/windows/internet-explorer/ie-developer/samples/dn255001(v=vs.85)).
-
-3. If none of the document modes fix your issue, change the **Browser Profile** to **Enterprise**, pick the mode you want to test with starting with **8** (IE8 Enterprise Mode), and then test your broken scenario.
-
-### Add your site to the Enterprise Mode site list
-After you’ve figured out the document mode that fixes your compatibility problems, you can add the site to your Enterprise Mode site list.
-
-**Note**
-There are two versions of the Enterprise Mode site list schema and the Enterprise Mode Site List Manager, based on your operating system. For more info about the schemas, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) or [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). For more info about the different site list management tools, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
-
- **To add your site to the site list**
-
-1. Open the Enterprise Mode Site List Manager, and click **Add**.
-
- 
-
-2. Add the **URL** and pick the document mode from the **Launch in** box. This should be the same document mode you found fixed your problems while testing the site.
-Similar to Enterprise Mode, you can specify a document mode for a particular web path—such as contoso.com/ERP—or at a domain level. In the above, the entire contoso.com domain loads in Enterprise Mode, while microsoft.com is forced to load into IE8 Document Mode and bing.com loads in IE11.
-
-**Note**
-For more information about Enterprise Mode, see [What is Enterprise Mode?](what-is-enterprise-mode.md) For more information about the Enterprise Mode Site List Manager and how to add sites to your site list, see [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
-
-
-### Review your Enterprise Mode site list
-Take a look at your Enterprise Mode site list and make sure everything is the way you want it. The next step will be to turn the list on and start to use it in your company. The Enterprise Mode Site List Manager will look something like:
-
-
-
-And the underlying XML code will look something like:
-
-``` xml
-
-Another possibility is that redirection happens multiple times, with an intermediary site experiencing compatibility issues. For example, an employee types a short URL that then redirects multiple times, finally ending up on a non-intranet site. In this situation, you might want to add the intermediary URLs to your Enterprise Mode site list, in case there’s logic in one of them that has compatibility issues.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
deleted file mode 100644
index 93486e7113..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Advanced Group Policy Management (AGPM) is an add-on license that available for the Microsoft Desktop Optimization Pack (MDOP). This license gives you change control and a role assignment-model that helps optimize Group Policy management and reduce the risk of widespread failures.
-
-From AGPM you can:
-
-- **Edit GPOs outside of your production environment.** Your GPOs are stored in an outside archive for editing, reviewing, and approving. Then, when you deploy, AGPM moves the GPOs to your production environment.
-
-- **Assign roles to your employees.** You can assign 3 roles to your employees or groups, including:
-
- - **Reviewer.** Can view and compare GPOs in the archive. This role can't edit or deploy GPOs.
-
- - **Editor.** Can view, compare, check-in and out, and edit GPOs in the archive. This role can also request GPO deployment.
-
- - **Approver.** Can approve GPO creation and deployment to the production environment.
-
-- **Manage your GPO lifecycle with change control features.** You can use the available version-control, history, and auditing features to help you manage your GPOs while moving through your archive, to your editing process, and finally to your GPO deployment.
-
-**Note**
-For more information about AGPM, and to get the license, see [Advanced Group Policy Management 4.0 Documents](https://www.microsoft.com/download/details.aspx?id=13975).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
deleted file mode 100644
index b56fd8d946..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-author: dansimp
-ms.prod: windows-client
-ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-A Microsoft Management Console (MMC)-based tool that uses scriptable interfaces to manage Group Policy. The 32-bit and 64-bit versions are included with Windows Server R2 with Service Pack 1 (SP1) and Windows Server 2012 R2.
-
-## Why use the GPMC?
-The GPMC lets you:
-
-- Import, export, copy, paste, backup and restore GPOs.
-
-- Search for existing GPOs.
-
-- Create reports, including providing the Resultant Set of Policy (RSoP) data in HTML reports that you can save and print.
-
-- Use simulated RSoP data to prototype your Group Policy before implementing it in the production environment.
-
-- Obtain RSoP data to view your GPO interactions and to troubleshoot your Group Policy deployment.
-
-- Create migration tables to let you import and copy GPOs across domains and across forests. Migration tables are files that map references to users, groups, computers, and Universal Naming Convention (UNC) paths in the source GPO to new values in the destination GPO.
-
-- Create scriptable interfaces to support all of the operations available within the GPMC. You can't use scripts to edit individual policy settings in a GPO.
-
-For more information about the GPMC, see [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) on TechNet.
-
-## Searching for Group Policy settings
-To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](https://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
deleted file mode 100644
index 7e8c419582..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy and Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-
-## In this section
-
-|Topic |Description |
-|----------------------------------------------------|-----------------------------------------------------------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Info about many of the new group policy settings added for Internet Explorer 11. |
-|[Group Policy management tools](group-policy-objects-and-ie11.md) |Guidance about how to use Microsoft Active Directory Domain Services (AD DS) to manage your Group Policy settings. |
-|[ActiveX installation using group policy](activex-installation-using-group-policy.md) |Info about using the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. |
-|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatibility-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. |
-|[Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md) |Info about Group Policy preferences, as compared to Group Policy settings. |
-|[Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md) |Info about Administrative Templates, including where to store them and the related Group Policy settings. |
-|[Enable and disable add\-ons using administrative templates and group policy](enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) |Guidance about how to use your local Group Policy editor or the CLSID and Administrative Templates to manage your Group Policy objects.
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
deleted file mode 100644
index c3a615888f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-A Microsoft Management Console (MMC)-based tool that manages both computer and user-related configurations for an individual computer policy. This tool is included with Windows® 7 Service Pack 1 (SP1) and Windows 8.1.
-
-Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725970(v=ws.11)).
-
-|Computer configuration |User configuration |
-|-----------------------|-------------------|
-|Windows settings:
|Windows settings:
|
-|Administrative templates:
|Administrative templates:
|
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
deleted file mode 100644
index 12b360b126..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Group Policy suggestions for compatibility with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and compatibility with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 has many Group Policy entries that can be configured for keeping your environment managed and safe. This table includes all of our recommendations around security, performance, and compatibility with the previous versions of Internet Explorer, regardless of which Zone the website is in.
-
-|Activity |Location |Setting the policy object |
-|---------------------------------|----------------------------------------------|-------------------------------------------------------------------------|
-|Turn on Compatibility View for all intranet zones |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Turn on IE Standards Mode for local intranet** , and then click **Disabled**. |
-|Turn on Compatibility View for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Windows Internet Explorer 7 sites** , and then click **Enabled**.Users will be able to add or remove sites manually to their local Compatibility View list, but they won’t be able to remove the sites you specifically added. |
-|Turn on Quirks mode for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Quirks Mode sites**, and then click **Enabled**. |
-|Ensure your users are using the most up-to-date version of Microsoft’s compatibility list. |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Include updated Web site lists from Microsoft**, and then click **Enabled**. |
-|Restrict users from making security zone configuration changes. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel` |Double-click **Disable the Security Page**, and then click **Enabled**. |
-|Control which security zone settings are applied to specific websites. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel\Security Page` |Double-click **Site to Zone Assignment List**, click **Enabled**, and then enter your list of websites and their applicable security zones. |
-|Turn off Data Execution Prevention (DEP). |`Administrative Templates\ Windows Components\Internet Explorer\Security Features` |Double-click **Turn off Data Execution Prevention**, and then click **Enabled**. |
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
deleted file mode 100644
index 4e6daed0d1..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview of the available Group Policy management tools
-author: dansimp
-ms.prod: windows-client
-ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy management tools (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy management tools
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Group Policy, based on Microsoft Active Directory Domain Services (AD DS), lets you manage your organization's computer and user settings as part of your Group Policy objects (GPOs), which are added and changed in the Group Policy Management Console (GPMC). GPOs can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. The most effective way to target a specific GPO is to use Windows Management Instrumentation (WMI) filters. Like, creating a WMI filter that applies a GPO only to computers with a specific make and model.
-
-By using Group Policy, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple Internet Explorer 11 security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
-
-**Note**
-For more information about Group Policy, see the [Group Policy TechCenter](/windows/deployment/deploy-whats-new). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
-
-## Managing settings with GPOs
-After deploying IE11 to your organization, you can continue to manage the browser settings by using Active Directory Domain Services (AD DS) together with the following Group Policy-related setting management groups:
-
-- [Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md). Used to manage registry-based policies and options.
-
-- [Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md). Used to set up and manage options that can be changed by the user after installation.
-
-**Note**
-Whenever possible, we recommend that you manage IE11 using Administrative Templates, because these settings are always written to secure policy branches in the registry. In addition, we recommend that you deploy using standard user accounts instead of letting your users log on to their computers as administrators. This helps to prevent your users from making unwanted changes to their systems or overriding Group Policy settings.
-
-
-Users won't be able to use the IE11 user interface or the registry to change any managed settings on their computers. However, they will be able to change many of the preferences associated with the settings you set up using the Internet Explorer Administration Kit 11 (IEAK 11).
-
-## Which GPO tool should I use?
-You can use any of these tools to create, manage, view, and troubleshoot Group Policy objects (GPOs). For information about each, see:
-
-- [Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11](group-policy-and-group-policy-mgmt-console-ie11.md). Provides a single location to manage all GPOs, WMI filters, and Group Policy–related permissions across multiple forests in an organization.
-
-- [Group Policy, the Local Group Policy Editor, and Internet Explorer 11](group-policy-and-local-group-policy-editor-ie11.md). Provides a user interface that lets you edit settings within individual GPOs.
-
-- [Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11](group-policy-and-advanced-group-policy-mgmt-ie11.md). An add-on license for the Microsoft Desktop Optimization Pack (MDOP) that helps to extend Group Policy for Software Assurance customers.
-
-- [Group Policy, Windows Powershell, and Internet Explorer 11](group-policy-windows-powershell-ie11.md). A command-line shell and scripting language that helps automate Windows and application administration on a single computer locally, or across many computers remotely.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
deleted file mode 100644
index b30e90d746..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Info about Group Policy preferences versus Group Policy settings
-author: dansimp
-ms.prod: ie11
-ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group policy preferences and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group policy preferences and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Group Policy preferences are less strict than Group Policy settings, based on:
-
-| Type |Group Policy preferences |Group Policy settings |
-|-----|-------------------------|----------------------|
-|Enforcement |
|
|
-|Flexibility |Lets you create preference items for registry settings, files, and folders. |
|
-|Local Group Policy |Not available |Available
-|Awareness |Supports apps that aren't Group Policy-aware |Requires apps to be Group Policy-aware |
-|Storage |
|
|
-|Targeting and filtering |
|
|
-
-
-For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
deleted file mode 100644
index 8cec1052e4..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134223(v=ws.11)).
-
-## Group Policy Object-related Log Files
-You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
deleted file mode 100644
index 8a23dbf697..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, Shortcut Extensions, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, Shortcut Extensions, and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Group Policy includes the Shortcuts preference extension, which lets you configure shortcuts to:
-
-- **File system objects.** Traditional shortcuts that link to apps, files, folders, drives, shares, or computers. For example, linking a shortcut to an app from the **Start** screen.
-
-- **URLs.** Shortcuts to webpages or FTP sites. For example, a link to your intranet site from your employee's **Favorites** folder.
-
-- **Shell objects.** Shortcuts to objects that appear in the shell namespace, such as printers, desktop items, Control Panel items, the Recycle Bin, and so on.
-
-## How do I configure shortcuts?
-You can create and configure shortcuts for any domain-based Group Policy Object (GPO) in the Group Policy Management Console (GPMC).
-
- **To create a new Shortcut preference item**
-
-1. Open GPMC, right-click the Group Policy object that needs the new shortcut extension, and click **Edit**.
-
-2. From **Computer Configuration** or **User Configuration**, go to **Preferences**, and then go to **Windows Settings**.
-
-3. Right-click **Shortcuts**, click **New**, and then choose **Shortcut**.
-
-4. Choose what the shortcut should do, including **Create**, **Delete**, **Replace**, or **Update**.
-
-5. Type the required shortcut settings and your comments into the **Description** box, and click **OK**.
-
-For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730592(v=ws.11)) and [Configure a Shortcut Item](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753580(v=ws.11)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
deleted file mode 100644
index c3f3970e4d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
-author: dansimp
-ms.prod: windows-client
-ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, Windows Powershell, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, Windows Powershell, and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Your domain-joined Group Policy Objects (GPOs) can use any of Group Policy-related “cmdlets” that run within Windows PowerShell.
-
-Each cmdlet is a single-function command-line tool that can:
-
-- Create, edit, remove, back up, and import GPOs.
-
-- Create, update, and remove Group Policy links.
-
-- Set inheritance flags and permissions on organizational units (OU) and domains.
-
-- Configure registry-based policy settings and registry settings for Group Policy preferences.
-
-For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759177(v=ws.11)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
deleted file mode 100644
index c8b17e2ff9..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ /dev/null
@@ -1,144 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: A high-level overview of the delivery process and your options to control deployment of Internet Explorer through automatic updates.
-author: dansimp
-ms.author: dansimp
-ms.manager: dansimp
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Internet Explorer 11 delivery through automatic updates
-ms.sitesec: library
-ms.date: 05/22/2018
----
-
-# Internet Explorer 11 delivery through automatic updates
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates.
-
-- [Automatic updates delivery process](#automatic-updates-delivery-process)
-
-- [Internet Explorer 11 automatic upgrades](#internet-explorer-11-automatic-upgrades)
-
-- [Options for blocking automatic delivery](#options-for-blocking-automatic-delivery)
-
-- [Prevent automatic installation of Internet Explorer 11 with WSUS](#prevent-automatic-installation-of-internet-explorer-11-with-wsus)
-
-## Automatic updates delivery process
-
-Internet Explorer 11 only downloads and installs if it’s available for delivery through Automatic Updates; and Automatic Updates only offer Internet Explorer 11
-to users with local administrator accounts. User’s without local administrator accounts won’t be prompted to install the update and will continue using their
-current version of Internet Explorer.
-
-Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10. If you decide you don’t want Internet Explorer 11, and you’re running Windows 7 SP1 or Windows Server 2008 R2 with SP1, you can uninstall it from the **View installed updates** section of the **Uninstall an update** page of the Control Panel.
-
-> [!NOTE]
-> If a user installs Internet Explorer 11 and then removes it, it won’t be re-offered to that computer through Automatic Updates. Instead, the user will have to manually re-install the app.
-
-## Internet Explorer 11 automatic upgrades
-
-Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11.
-
-Users who were automatically upgraded to Internet Explorer 11 can decide to uninstall Internet Explorer 11. However, Internet Explorer 11 will still appear as an optional update through Windows Update.
-
-## Options for blocking automatic delivery
-
-If you use Automatic Updates in your company, but want to stop your users from automatically getting Internet Explorer 11, do one of the following:
-
-- **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
-
- > [!NOTE]
- > The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.yml).
-
-- **Use an update management solution to control update deployment.**
- If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Microsoft Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
-
- > [!NOTE]
- > If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
-
-Additional information on Internet Explorer 11, including a Readiness Toolkit, technical overview, in-depth feature summary, and Internet Explorer 11 download is available on the [Internet Explorer 11 page of the Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge/dn262703.aspx).
-
-## Availability of Internet Explorer 11
-
-Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Configuration Manager and WSUS.
-
-## Prevent automatic installation of Internet Explorer 11 with WSUS
-
-Internet Explorer 11 will be released to WSUS as an Update Rollup package. Therefore, if you’ve configured WSUS to “auto-approve” Update Rollup packages, it’ll be automatically approved and installed. To stop Internet Explorer 11 from being automatically approved for installation, you need to:
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft
- Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves an update that is classified as
- Update Rollup, and then click **Edit.**
-
- > [!NOTE]
- > If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
- > [!NOTE]
- > The properties for this rule will resemble the following:
-
-6. Clear the **Update Rollup** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary to deploy IE11.
-
-## In this guide
-|Topic |Description |
-|------|------------|
-|[Change history for Internet Explorer 11](change-history-for-internet-explorer-11.md) |Lists new and updated topics in the Internet Explorer 11 documentation for Windows 10. |
-|[System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md) |IE11 is available for a number of systems and languages. This topic provides info about the minimum system requirements and language support. |
-|[List of updated features and tools - Internet Explorer 11 (IE11)](updated-features-and-tools-with-ie11.md) |IE11 includes several new features and tools. This topic includes high-level info about the each of them. |
-|[Install and Deploy Internet Explorer 11 (IE11)](install-and-deploy-ie11.md) |Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps. |
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Use IE to collect data on computers running Windows Internet Explorer 8 through IE11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. |
-|[Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) |Use the topics in this section to learn how to set up and use Enterprise Mode, the Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal in your company. |
-|[Group Policy and Internet Explorer 11 (IE11)](group-policy-and-ie11.md) |Use the topics in this section to learn about Group Policy and how to use it to manage IE. |
-|[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
-|[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |
-|[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called out-of-date ActiveX control blocking. |
-|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953). |
-|[What is the Internet Explorer 11 Blocker Toolkit?](what-is-the-internet-explorer-11-blocker-toolkit.md) |The IE11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update. |
-|[Missing Internet Explorer Maintenance (IEM) settings for Internet Explorer 11](missing-internet-explorer-maintenance-settings-for-ie11.md) |The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).
Ignore any warnings that say, "Skipping invalid CAB file". This shows up because the **Import OS Packages** wizard skips the IE11\_Support.cab file, which isn't an actual update file.
-
-4. After the import finishes, click **Finish**.
-
-### Offline servicing with MDT
-
-You can add the IE11 update while you're performing offline servicing, or slipstreaming, of your Windows images. This method lets you deploy IE11 without needing any additional installation after you've deployed Windows.
-
-These articles have step-by-step details about adding packages to your Windows images:
-
-- For Windows 8.1, see [Add or Remove Packages Offline Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824838(v=win.10)).
-
-- For Windows 7 SP1, see [Add or Remove Packages Offline](/previous-versions/windows/it-pro/windows-7/dd744559(v=ws.10)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
deleted file mode 100644
index b8083e1f8d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)). Complete these steps for each operating system and platform combination.
-
- **To install IE11**
-
-1. Download and approve the [System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md).
-
-2. Create a software distribution package that includes the IE11 installation package.
-
-3. Create a program that includes the command-line needed to run the IE11 installation package. To run the package silently, without restarting and without checking the Internet for updates, use:`ie11_package.exe /quiet /norestart /update-no`.
-
-4. Move the installation package to your distribution points, and then advertise the package.
-
-You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](https://go.microsoft.com/fwlink/p/?LinkId=214266).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
deleted file mode 100644
index d0d9d17be1..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using your network
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using your network (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using your network
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can install Internet Explorer 11 (IE11) over your network by putting your custom IE11 installation package in a shared network folder and letting your employees run the Setup program on their own computers. You can create the network folder structure manually, or you can run Internet Explorer Administration Kit 11 (IEAK 11).
-
-**Note**
If you support multiple architectures and operating systems, create a subfolder for each combination. If you support multiple languages, create a subfolder for each localized installation file.
-
- **To manually create the folder structure**
-
-- Copy your custom IE11 installation file into a folder on your network, making sure it's available to your employees.
-
- **To create the folder structure using IEAK 11**
-
-- Run the Internet Explorer Customization Wizard 11 in IEAK 11, using the **Full Installation Package** option.
Use the localized versions of the IE Customization Wizard 11 to create localized IE11 installation packages.
-
-## Related topics
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
deleted file mode 100644
index d593de27c6..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using third-party tools (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using third-party tools
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can install Internet Explorer 11 (IE11) using third-party electronic software distribution (ESD) systems and these command-line options:
-
-## Setup Modes
-
-|Command-line options |Description |
-|---------------------|------------------------------------------------------|
-|`/passive` |Installs without customer involvement. |
-|`/quiet` |Installs without customer involvement and without showing the UI. |
-
-## Setup Options
-
-|Command-line options |Description |
-|---------------------|------------------------------------------------------|
-|`/update-no` |Installs without checking for updates.
If you don't use this option, you'll need an Internet connection to finish your installation. |
-|`/no-default` |Installs without making IE11 the default web browser. |
-|`/closeprograms` |Automatically closes running programs. |
-
-
-## Restart Options
-
-|Command-line options |Description |
-|---------------------|------------------------------------------------------|
-|`/norestart` |Installs without restarting the computer. |
-|`/forcerestart` |Installs and restarts after installation. |
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
deleted file mode 100644
index 07b0485309..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
-
- **To import from Windows Update to WSUS**
-
-1. Open your WSUS admin site. For example, `https://
|On the **Browser User Interface** page of IEAK 11, click **Add**, type your new toolbar caption, action, and icon, and if the button should appear by default, and then click **OK**. You can also edit, remove, or delete an existing toolbar button from this page. |
-|Custom logo and animated bitmaps |Lets you replace the static and animated logos in the upper-right corner of the IE window with customized logos. |This setting isn't available anymore. |
-
-
-### Connection replacements
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Connection settings|Lets you import your connection settings from a previously set up computer. These settings define how your employees interact with the connection settings on the **System Polices and Restrictions** page. You can also remove old dial-up connections settings from your employee's computers.|In the **Internet Settings Group Policy Preferences** dialog box, click the **Connections** tab, and set up your proxy settings.
Advanced IEM Settings were shown under **Programs** and only available when running in **Preference** mode.
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Corporate settings |Specifies the location of the file with the settings you use to make IE work best in your organization. |On the Additional Settings page of IEAK 11, expand Corporate Settings, and then customize how your organization handles temporary Internet files, code downloads, menu items, and toolbar buttons. |
-|Internet settings |Specifies the location of the file that includes your default IE settings. |In the Internet Settings Group Policy Preferences dialog box, click the Advanced tab, and then update your Internet-related settings, as required
This functionality is only available in Internet Explorer for the desktop.
-
- **To change your Compatibility View settings**
-
-1. Open Internet Explorer for the desktop, click **Tools**, and then click **Compatibility View settings**.
-
-2. In the **Compatibility View Settings** box, add the problematic website URL, and then click **Add**.
We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting. |
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.
| IE11 in Windows 10 | This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.
By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
-| Allow VBScript to run in Internet Explorer |
| Internet Explorer 11 | This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.
If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
(Internet, Restricted Zones) |
| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
(Intranet, Trusted, Local Machine Zones) |
| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you disable or don’t configure this setting, the notification will be shown. |
-| Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-| Limit Site Discovery output by Zone | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
**Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:
**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:
You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-| Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data | Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History | At least Windows Internet Explorer 9 | **In Internet Explorer 9 and Internet Explorer 10:**
This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.
This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.
If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. |
-| Show message when opening sites in Microsoft Edge using Enterprise Mode | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1607 | This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (
Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. |
-| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
-| Turn on Site Discovery WMI output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.
Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-| Turn on Site Discovery XML output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.
Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-| Use the Enterprise Mode IE website list | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1511 | This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.
Microsoft Edge doesn't support ActiveX controls. |
-|Windows 8.1 and Windows 8.1 Update |All supported versions of IE |
-|Windows 7 SP1 |All supported versions of IE |
-|Windows Server 2012 |All supported versions of IE |
-|Windows Server 2008 R2 SP1 |All supported versions of IE |
-|Windows Server 2008 SP2 |Windows Internet Explorer 9 only |
-|Windows Vista SP2 |Windows Internet Explorer 9 only |
-
-For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](blocked-out-of-date-activex-controls.md).
-
-
-## What does the out-of-date ActiveX control blocking notification look like?
-When IE blocks an outdated ActiveX control, you’ll see a notification bar similar to this, depending on your version of IE:
-
-**Internet Explorer 9 through Internet Explorer 11**
-
-
-
-**Windows Internet Explorer 8**
-
-
-
-Out-of-date ActiveX control blocking also gives you a security warning that tells you if a webpage tries to launch specific outdated apps, outside of IE:
-
-
-
-
-## How do I fix an outdated ActiveX control or app?
-From the notification about the outdated ActiveX control, you can go to the control’s website to download its latest version.
-
- **To get the updated ActiveX control**
-
-1. From the notification bar, tap or click **Update**.
If you don’t fully trust a site, you shouldn’t allow it to load an outdated ActiveX control. However, although we don’t recommend it, you can view the missing webpage content by tapping or clicking **Run this time**. This option runs the ActiveX control without updating or fixing the problem. The next time you visit a webpage running the same outdated ActiveX control, you’ll get the notification again.
-
- **To get the updated app**
-
-1. From the security warning, tap or click **Update** link.
If you don’t fully trust a site, you shouldn’t allow it to launch an outdated app. However, although we don’t recommend it, you can let the webpage launch the app by tapping or clicking **Allow**. This option opens the app without updating or fixing the problem. The next time you visit a webpage running the same outdated app, you’ll get the notification again.
-
-## How does IE decide which ActiveX controls to block?
-IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
-
-You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here:
-- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?LinkId=798230)
-- [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
-
-**Security Note:**
Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
-
-```
-reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVersionList /t REG_DWORD /d 0 /f
-```
-Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.
-
-## Out-of-date ActiveX control blocking
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
- on managed devices
-Out-of-date ActiveX control blocking includes four new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
-
-### Group Policy settings
-Here’s a list of the new Group Policy info, including the settings, location, requirements, and Help text strings. All of these settings can be set in either the Computer Configuration or User Configuration scope, but Computer Configuration takes precedence over User Configuration.
-
-**Important**
-Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone and the Trusted Sites Zone; therefore, intranet websites and line-of-business apps will continue to use out-of-date ActiveX controls without disruption.
-
-|Setting |Category path |Supported on |Help text |
-|--------|--------------|-------------|----------|
-|Turn on ActiveX control logging in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE saves log information for ActiveX controls.
|
-|Remove **Run this time** button for outdated ActiveX controls in IE |`reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v RunThisTimeEnabled /t REG_DWORD /d 0 /f`
|
-|Turn off blocking of outdated ActiveX controls for IE on specific domains |reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\Domain" /v contoso.com /t REG_SZ /f
|
-|Turn off blocking of outdated ActiveX controls for IE |`reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v VersionCheckEnabled /t REG_DWORD /d 0 /f`
|
-|Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |`reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v UpdateEnabled /t REG_DWORD /d 0 /f`
-
-## Inventory your ActiveX controls
-You can inventory the ActiveX controls being used in your company, by turning on the **Turn on ActiveX control logging in IE** setting:
-
-- **Windows 10:** Through a comma-separated values (.csv) file or through a local Windows Management Instrumentation (WMI) class.
-
-- **All other versions of Microsoft Windows:** Through a .csv file only.
-
-
-### Inventory your ActiveX controls by using a .CSV file
-If you decide to inventory the ActiveX controls being used in your company by turning on the **Turn on ActiveX control logging in IE** setting, IE logs the ActiveX control information to the `%LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode\VersionAuditLog.csv` file.
-
-Here’s a detailed example and description of what’s included in the VersionAuditLog.csv file.
-
-|Source URI |File path |Product version |File version |Allowed/Blocked |Reason |EPM-compatible |
-|-----------|----------|----------------|-------------|----------------|-------|---------------|
-|`https://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible |
-|`https://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible |
-
-**Where:**
-- **Source URI.** The URL of the page that loaded the ActiveX control.
-
-- **File path.** The location of the binary that implements the ActiveX control.
-
-- **Product version.** The product version of the binary that implements the ActiveX control.
-
-- **File version.** The file version of the binary that implements the ActiveX control.
-
-- **Allowed/Blocked** Whether IE blocked the ActiveX control.
-
-- **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](/troubleshoot/browsers/enhanced-protected-mode-add-on-compatibility).
Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
-
-- **Reason.** The ActiveX control can be blocked or allowed for any of these reasons:
-
-|Reason |Corresponds to |Description |
-|-------------------------|---------------|-------------------------------------------------|
-|Version not in blocklist |Allowed |The version of the loaded ActiveX control is explicitly allowed by the IE version list. |
-|Trusted domain |Allowed |The ActiveX control was loaded on a domain listed in the **Turn off blocking of outdated ActiveX controls for IE on specific domains** setting. |
-|File doesn’t exist |Allowed |The loaded ActiveX control is missing required binaries to run correctly. |
-|Out-of-date |Blocked |The loaded ActiveX control is explicitly blocked by the IE version list because it is out-of-date. |
-|Not in blocklist |Allowed |The loaded ActiveX control isn’t in the IE version list. |
-|Managed by policy |Allowed |The loaded ActiveX control is managed by a Group Policy setting that isn’t listed here, and will be managed in accordance with that Group Policy setting. |
-|Trusted Site Zone or intranet |Allowed |The ActiveX control was loaded in the Trusted Sites Zone or the Local Intranet Zone. |
-|Hardblocked |Blocked |The loaded ActiveX control is blocked in IE because it contains known security vulnerabilities. |
-|Unknown |Allowed or blocked |None of the above apply. |
-
-### Inventory your ActiveX controls by using a local WMI class
-For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
-
-#### Before you begin
-Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](https://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
-
-- **ConfigureWMILogging.ps1**. A Windows PowerShell script.
-
-- **ActiveXWMILogging.mof**. A managed object file.
-
-Before running the PowerShell script, you must copy both the .ps1 and .mof file to the same directory location, on the client computer.
-
- **To configure IE to use WMI logging**
-
-1. Open your Group Policy editor and turn on the `Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX control logging in IE` setting.
-
-2. On the client device, start PowerShell in elevated mode (using admin privileges) and run `ConfigureWMILogging.ps1` by by-passing the PowerShell execution policy, using this command:
- ```
- powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
- ```
- For more info, see [about_Execution_Policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies).
-
-3. **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
-
-The inventory info appears in the WMI class, `IEAXControlBlockingAuditInfo`, located in the WMI namespace, *root\\cimv2\\IETelemetry*. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
deleted file mode 100644
index 41a67c1f65..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Problems after installing Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/16/2017
----
-
-
-# Problems after installing Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After you install Internet Explorer 11 in your organization, you might run into the following issues. By following these suggestions, you should be able to fix them.
-
-## Internet Explorer is in an unusable state
-If IE11 gets into an unusable state on an employee's computer, you can use the **Reset Internet Explorer Settings (RIES)** feature to restore the default settings for many of the browser features, including:
-
-- Search scopes
-
-- Appearance settings
-
-- Toolbars
-
-- ActiveX® controls (resets to the opt-in state, unless they're pre-approved)
-
-- Branding settings created with IEAK 11
-
-RIES does not:
-
-- Clear the Favorites list, RSS feeds, or Web slices.
-
-- Reset connection or proxy settings.
-
-- Affect the applied Administrative Template Group Policy settings.
-
-RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://support.microsoft.com/windows/change-or-reset-internet-explorer-settings-2d4bac50-5762-91c5-a057-a922533f77d5).
-
-## IE is crashing or seems slow
-If you notice that CPU usage is running higher than normal, or that IE is frequently crashing or slowing down, you should check your browser add-ons and video card. By default, IE11 uses graphics processing unit (GPU) rendering mode. However, some outdated video cards and video drivers don't support GPU hardware acceleration. If IE11 determines that your current video card or video driver doesn't support GPU hardware acceleration, it'll use Software Rendering mode.
-
- **To check your browser add-ons**
-
-1. Start IE11 in **No Add-ons mode** by running the **Run** command from the **Start** menu, and then typing `iexplore.exe -extoff` into the box.
-
-2. Check if IE still crashes.
If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
-
-### Setting up, collecting, and viewing reports
-For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report.
-
- **To set up the sample**
-
-1. Set up a server to collect your Enterprise Mode information from your users.
-
-2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
-
-3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
-
-4. On the **Build** menu, tap or click **Build Solution**.
- Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
-
- 
-
- After you finish the publishing process, you need to test to make sure the app deployed successfully.
-
- **To test, deploy, and use the app**
-
-7. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
-
- ``` "Enable"="https://
-IE11 isn't supported on Windows 8 or Windows Server 2012.
-
-Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
-
-
-| Item | Minimum requirements |
-|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Computer/processor | 1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64) |
-| Operating system |
|
-| Memory |
|
-| Hard drive space | |
-| Drive | CD-ROM drive (if installing from a CD-ROM) |
-| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
-| Peripherals | Internet connection and a compatible pointing device |
-
-## Support for .NET Framework
-You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
-
-## Support for multiple languages
-IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](https://go.microsoft.com/fwlink/p/?LinkId=281818).
-
-Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
deleted file mode 100644
index ec77071c73..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Tips and tricks to manage Internet Explorer compatibility
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# Tips and tricks to manage Internet Explorer compatibility
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
-
-Jump to:
-- [Tips for IT professionals](#tips-for-it-professionals)
-- [Tips for web developers](#tips-for-web-developers)
-
-[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md) can be very effective in providing backward compatibility for older web apps. The Enterprise Mode Site List includes the ability to put any web app in any document mode, include IE8 and IE7 Enterprise Modes, without changing a single line of code on the website.
-
-
-
-Sites in the \
-Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
-
- **To turn off the site list using Group Policy**
-
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode.
-
-4. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
-
- 
-
- - **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
-
- - **Local network:** `"SiteList"="\\network\shares\sites.xml"`
-
- - **Local file:** `"SiteList"="file:///c:\\Users\\
|
-|Approver
(includes the App Manager and Group Head roles) |
|
-|Administrator |
|
-
-## Enterprise Mode Site List Portal workflow by employee role
-The following workflow describes how to use the Enterprise Mode Site List Portal.
-
-1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md)
-
-2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md)
-
-3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md)
-
-4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md)
-
-5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md)
-
-
-## Related topics
-- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
-
-- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md)
-
-- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
-
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index cbfcfecf93..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Use the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
-
-## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
-
-|Schema version |Operating system |Enterprise Site List Manager version |
-|-----------------|---------------|------------------------------------|
-|Enterprise Mode schema, version 2 (v.2) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), the XML is saved into the v.2 version of the schema.
For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).|
-|Enterprise Mode schema, version 1 (v.1) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema.
For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
-
-## Using the Enterprise Mode Site List Manager
-The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager.
-
-|Topic |Description |
-|------|------------|
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.2). |
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.1). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the Enterprise Mode Site List Manager (schema v.2). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
-|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.
-Because we’ve added the IE7 Enterprise Mode option, we’ve had to rename the original functionality of Enterprise Mode to be IE8 Enterprise Mode. We’ve also replaced Edge Mode with IE11 Document Mode, so you can explicitly use IE11 on Windows 10.
-
-## Turning on and using IE7 Enterprise Mode or IE8 Enterprise Mode
-For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to your webpages and apps, see:
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-
-For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
deleted file mode 100644
index 2090ed72ef..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use IEAK 11 while planning, customizing, and building the custom installation package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer Administration Kit 11 (IEAK 11) helps you set up, deploy, and maintain Internet Explorer 11.
-
-**Note**
IEAK 11 works in network environments, with or without Microsoft Active Directory.
-
-
-
-## Plan, Customize, and Build with the IEAK 11
-Consider these activities while planning, customizing, and building the custom installation package.
-
-### Plan
-Before you begin, you should:
-
-- **Check the operating system requirements.** Check that the requirements for the computer you're building your installation package from, and the computers you're installing IE11 to, all meet the system requirements for IEAK 11 and IE11. For Internet Explorer requirements, see [System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md). For IEAK 11 requirements, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
-
-- **Decide on your distribution method.** Decide how to distribute your custom installation package: Windows Update, Microsoft Configuration Manager, or your network.
-
-- **Gather URLs and branding and custom graphics.** Collect the URLs for your company's own **Home**, **Search**, and **Support** pages, plus any custom branding and graphic files for the browser toolbar button and the **Favorites** list icons.
-
-- **Identify trusted network servers.** Decide which servers your employees should use to install the custom IE package. These servers need to be listed as trusted sites.
-
-- **Set up automatic detection and configuration settings.** Decide whether to automatically customize IE11 the first time it's started.
-
-- **Identify custom components for uninstallation.** Decide whether to include any custom uninstallation programs. Uninstallation programs let your employees remove your custom components through **Uninstall or change a program** in the Control Panel.
-
-- **Identify ActiveX controls.** Decide if you'll use ActiveX controls in your company. If you already use ActiveX, you should get an inventory of your active controls.
-
-### Customize and build
-After installing IE11 and the IEAK 11, you should:
-
-- **Prepare your build computer.** Create your build environment on the computer you're using to build the custom package.
-
-- **Create your branding and custom graphics.** If you don't have any, create custom branding and graphic files for the browser toolbar button and icons in your **Favorites** list.
-
-- **Specify your servers as trusted sites.** Identify your installation servers as trusted sites, in the **Trusted sites zone** of the **Internet Options** box.
-
-- **Turn on automatic detection and configuration settings (Optional).** Set up your network so that IE is automatically customized the first time it's started.
-
-- **Set up custom components for uninstallation.** Create the custom .inf file you'll use to register your custom uninstallation programs.
-
-- **Set up ActiveX controls.** Add any new ActiveX controls to the Axaa.adm file, using a text editor.
-
-- **Create a custom browser package.** Create your custom installation package, using IE Customization Wizard 11. For more information about using the wizard, see [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](../ie11-ieak/ieak11-wizard-custom-options.md).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
deleted file mode 100644
index 0f65a6f4ac..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use Setup Information (.inf) files to create installation packages.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using Setup Information (.inf) files to create packages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Setup Information (.inf) files to create install packages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](/windows-hardware/drivers/install/).
-
- **To add uninstallation instructions to the .inf files**
-
-- Open the Registry Editor (regedit.exe) and add these registry keys:
- ```
- HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"
- HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString",,"command-line"
- ```
- Where **"description"** is the name that shows up in the **Uninstall or change a program** box and **"command-line"** is the command that runs after the component is picked.
-
- Make sure your script removes the uninstallation registry key, too. Otherwise, the component name will continue to show up in the Uninstall or change a program.
-
-## Limitations
-.Inf files have limitations:
-
-- You can't delete directories.
-
-- You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](/windows-hardware/drivers/install/inf-renfiles-directive).
-
-- You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](/windows-hardware/drivers/install/inf-copyfiles-directive).
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
deleted file mode 100644
index a31c831abd..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify your changes using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-> [!Important]
-> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
-
-- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
-
-- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
-
-- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry.
-
-## Verify and send the change request to Approvers
-The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful.
-
-**To verify changes and send to the Approver(s)**
-1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**.
-
- The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval.
-
-
-**To rollback your pre-production changes**
-1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**.
-
- The change request and issue info are sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment.
-
- After the Requester rolls back the changes, the request can be updated and re-submitted.
-
-
-## View rolled back change requests
-The original Requester and the Administrator(s) group can view the rolled back change requests.
-
-**To view the rolled back change request**
-
-- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane.
-
- All rolled back change requests appear, with role assignment determining which ones are visible.
-
-## Next steps
-If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
deleted file mode 100644
index 1ccd3e4d0c..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-## Verify and sign off on the update in the production environment
-The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful.
-
-**To verify the changes and sign off**
-- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**.
-
- The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off.
-
-
-**To rollback production changes**
-1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results.
-
-2. Add a description about the issue into the **Change description** box, and then click **Send failure details**.
-
- The info is sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the production environment.
-
- After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists.
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
deleted file mode 100644
index 9aa736bacb..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List.
-
-**To view the active Enterprise Mode Site List**
-1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page.
-
- The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
-
-2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser.
-
-
-**To export the active Enterprise Mode Site List**
-1. On the **Production sites list** page, click **Export**.
-
-2. Save the ProductionSiteList.xlsx file.
-
- The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
deleted file mode 100644
index f2db72080d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# View the available Enterprise Mode reports from the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Administrators can view the Microsoft-provided Enterprise Mode reports from the Enterprise Mode Site List Portal.
-
-**To view the reports**
-1. Open the Enterprise Mode Site List Portal and click the **Enterprise Mode reports** icon in the upper-right area of the page.
-
- The **Enterprise Mode reports** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
-
-2. Use the calendars to provide the **From date** and **To date**, determining the span of time the report covers.
-
-3. Click **Apply**.
-
- The reports all change to reflect the appropriate timeframe and group, including:
-
- - **Total number of websites in the site list.** A box at the top of the reports page that tells you the total number of websites included in the Enterprise Mode Sit List.
-
- - **All websites by docmode.** Shows how many change requests exist, based on the different doc modes included in the **App best viewed in** field.
-
- - **All websites by browser.** Shows how many apps require which browser, including **IE11**, **MSEdge**, or **None**.
-
- - **All requests by status.** Shows how many change requests exist, based on each status.
-
- - **All requests by change type.** Shows how many change requests exist, based on the **Requested change** field.
-
- - **Request status by group.** Shows how many change requests exist, based on both group and status.
-
- - **Reasons for request.** Shows how many change request reasons exist, based on the **Reason for request** field.
-
- - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
deleted file mode 100644
index 613d58863c..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: virtualization
-description: Virtualization and compatibility with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Virtualization and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Virtualization and compatibility with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-If your company is considering upgrading to the latest version of Internet Explorer, but is hesitant because of a large number of web apps that need to be tested and moved, we recommend that you consider virtualization. Virtualization lets you set up a virtual environment where you can run earlier versions of IE.
-
-**Important**
-We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](/previous-versions//dn384049(v=vs.85)) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
-
-The Microsoft-supported options for virtualizing web apps are:
-
-- **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](/microsoft-desktop-optimization-pack/medv-v2/).
-
-- **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](/previous-versions/windows/it-pro/windows-8.1-and-8/hh857623(v=ws.11)).
-
-6. Clear the **Update Rollup** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-
-After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Synchronizations**.
-
-3. Click **Synchronize Now**.
-
-4. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
-
-5. Choose **Unapproved** in the **Approval**drop down box.
-
-6. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
-
-> [!NOTE]
-> There may be multiple updates, depending on the imported language and operating system updates.
-
-### Optional - Reset update rollups packages to auto-approve
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves updates of different classifications, and then click **Edit**.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
-6. Check the **Update Rollups** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-
-> [!NOTE]
-> Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server won’t cause this update to be auto-approved.
-
-
-
-## Additional resources
-
-- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-
-- [Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions](../ie11-faq/faq-ie11-blocker-toolkit.yml)
-
-- [Internet Explorer 11 FAQ for IT pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-
-- [Internet Explorer 11 delivery through automatic updates](ie11-delivery-through-automatic-updates.md)
-
-- [Internet Explorer 11 deployment guide](./index.md)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
deleted file mode 100644
index dd8e3bcce6..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Workflow-based processes for employees using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-
-# Workflow-based processes for employees using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn how to perform the available Enterprise Mode Site List Portal processes, based on workflow.
-
-## In this section
-|Topic |Description |
-|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
-|[Create a change request using the Enterprise Mode Site List Portal](create-change-request-enterprise-mode-portal.md)|Details about how the Requester creates a change request in the Enterprise Mode Site List Portal.|
-|[Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md)|Details about how the Requester tests a change request in the pre-production environment of the Enterprise Mode Site List Portal.|
-|[Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md)|Details about how the Approver(s) approve a change request in the Enterprise Mode Site List Portal.|
-|[Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md)|Details about how the Requester schedules the approved change request update in the Enterprise Mode Site List Portal.|
-|[Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md)|Details about how the Requester tests an update in the production environment of the Enterprise Mode Site List Portal.|
-|[View the apps currently on the Enterprise Mode Site List](view-apps-enterprise-mode-site-list.md)|Details about how anyone with access to the portal can review the apps already on the active Enterprise Mode Site List.|
-|[View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](view-enterprise-mode-reports-for-portal.md) |Details about how the Administrator can view the view the Microsoft-provided Enterprise Mode reports from the Enterprise Mode Site List Portal. |
-
-
-## Related topics
-- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
-
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
deleted file mode 100644
index 96fce41e4b..0000000000
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
+++ /dev/null
@@ -1,250 +0,0 @@
-### YamlMime:FAQ
-metadata:
- ms.localizationpriority: medium
- ms.mktglfcycl: explore
- description: Frequently asked questions about Internet Explorer 11 for IT Pros
- author: dansimp
- ms.prod: ie11
- ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
- ms.reviewer:
- audience: itpro
- manager: dansimp
- ms.author: dansimp
- title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
- ms.sitesec: library
- ms.date: 10/16/2017
- ms.topic: faq
-title: Internet Explorer 11 - FAQ for IT Pros
-summary: |
- [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
- Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What operating system does IE11 run on?
- answer: |
- - Windows 10
-
- - Windows 8.1
-
- - Windows Server 2012 R2
-
- - Windows 7 with Service Pack 1 (SP1)
-
- - Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-
- - question: |
- How do I install IE11 on Windows 10, Windows 8.1, or Windows Server 2012 R2?
- answer: |
- IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
-
- - question: |
- How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?
- answer: |
- You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
-
- - question: |
- How does IE11 integrate with Windows 8.1?
- answer: |
- IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
-
- - question: |
- What are the new or improved security features?
- answer: |
- IE11 offers improvements to Enhanced Protected Mode, password manager, and other security features. IE11 also turns on Transport Layer Security (TLS) 1.2 by default.
-
- - question: |
- How is Microsoft supporting modern web standards, such as WebGL?
- answer: |
- Microsoft is committed to providing an interoperable web by supporting modern web standards. Doing this lets developers use the same markup across web browsers, helping to reduce development and support costs.
- The preinstalled version of Adobe Flash isn't supported on IE11 running on either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. However, you can still download and install the separate Adobe Flash plug-in.
-
- - question: |
- Can I replace IE11 on Windows 8.1 with an earlier version?
- answer: |
- No. Windows 8.1 doesn't support any of the previous versions of IE.
-
- - question: |
- Are there any new Group Policy settings in IE11?
- answer: |
- IE11 includes all of the previous Group Policy settings you've used to manage and control web browser configuration since Internet Explorer 9. It also includes the following new Group Policy settings, supporting new features:
-
- - Turn off Page Prediction
-
- - Turn on the swiping motion for Internet Explorer for the desktop
-
- - Allow Microsoft services to provide more relevant and personalized search results
-
- - Turn off phone number detection
-
- - Allow IE to use the SPDY/3 network protocol
-
- - Let users turn on and use Enterprise Mode from the **Tools** menu
-
- - Use the Enterprise Mode IE website list
-
- For more information, see [New group policy settings for IE11](../ie11-deploy-guide/new-group-policy-settings-for-ie11.md).
-
-
- - question: |
- Where can I get more information about IE11 for IT pros?
- answer: |
- Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
-
-
-
- - question: |
- Can I customize settings for IE on Windows 8.1?
- answer: |
- Settings can be customized in the following ways:
-
- - IE11 **Settings** charm.
-
- - IE11-related Group Policy settings.
-
- - IEAK 11 for settings shared by both IE and Internet Explorer for the desktop.
-
- - question: |
- Can I make Internet Explorer for the desktop my default browsing experience?
- answer: |
- Group Policy settings can be set to open either IE or Internet Explorer for the desktop as the default browser experience. Individual users can configure their own settings in the **Programs** tab of **Internet Options**. The following table shows the settings and results:
-The customizations you make on this page apply only to Internet Explorer for the desktop.
-
- **To use the Accelerators page**
-
-1. Click **Import** to automatically import your existing accelerators from your current version of IE into this list.
-
-2. Click **Add** to add more accelerators.
-ActiveX controls are supported in Internet Explorer for the desktop for Windows 7 and Windows 8.1. They are not supported on the immersive version of Internet Explorer for Windows 8.1.
-
-## Scenario 1: Limited Internet-only use of ActiveX controls
-While you might not care about your employees using ActiveX controls while on your intranet sites, you probably do want to limit ActiveX usage while your employee is on the Internet. By specifying and pre-approving a set of generic controls for use on the Internet, you’re able to let your employees use the Internet, but you can still limit your company’s exposure to potentially hazardous, non-approved ActiveX controls.
-
-For example, your employees need to access an important Internet site, such as for a business partner or service provider, but there are ActiveX controls on their page. To make sure the site is accessible and functions the way it should, you can visit the site to review the controls, adding them as new entries to your `
-This page only appears if you’re using the **Internal** version of the wizard.
-
-You can set your proxy settings using Internet setting (.ins) files. You can also configure and maintain your advanced proxy settings using JScript (.js), JavaScript (.jvs), or proxy auto-configuration (.pac) script files. When you provide an auto-proxy script, IE dynamically determines whether to connect directly to a host or to use a proxy server.
-
-You can use the Domain Name System (DNS) and the Dynamic Host Configuration Protocol (DHCP) naming systems to detect and change a browser’s settings automatically when the employee first starts IE on the network. For more info, see [Set up auto detection for DHCP or DNS servers using IEAK 11](auto-detection-dhcp-or-dns-servers-ieak11.md), or refer to the product documentation for your DNS and DHCP software packages.
-
-**To check the existing settings on your employee’s devices**
-
-1. Open IE, click **Tools**, click **Internet Options**, and then click the **Connections** tab.
-
-2. Click **LAN Settings** and make sure that the **Use automatic configuration script** box is selected, confirming the path and name of the file in the **Address** box.
-
-**To use the Automatic Configuration page**
-
-1. Check the **Automatically detect configuration settings** box to automatically detect browser settings.
-
-2. Check the **Enable Automatic Configuration** box if you plan to automatically change your IE settings after deployment, using configuration files. You can then:
-
- - Type the length of time (in minutes) for how often settings are to be applied in your company. Putting zero (**0**), or nothing, in this box will cause automatic configuration to only happen when the computer’s restarted.
-
- - Type the location to your .ins file. You can edit this file directly to make any necessary changes.
-
- The updates will take effect the next time your employee starts IE, or during your next scheduled update.
-
- - Type the location to your automatic proxy script file.
-
- **Note**
- If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `https://share/test.ins`.
-
-3. Click **Next** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page or **Back** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
deleted file mode 100644
index fadc8246a0..0000000000
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Set up auto detection for DHCP or DNS servers using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set up auto detection for DHCP or DNS servers using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Set up your network to automatically detect and customize Internet Explorer 11 when it’s first started. Automatic detection is supported on both Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), letting your servers detect and set up your employee’s browser settings from a central location, using a configuration URL (.ins file) or a JavaScript proxy configuration file (.js, .jvs, or .pac).
-
-Before you can set up your environment to use automatic detection, you need to turn the feature on.
-
-**To turn on the automatic detection feature**
-
-- Open Internet Explorer Administration Kit 11 (IEAK 11), run the IE Customization Wizard 11 and on the **Automatic Configuration** page, check **Automatically detect configuration settings**. For more information, see [Use the Automatic Configuration page in the IEAK 11 Wizard](auto-config-ieak11-wizard.md).
-
-## Automatic detection on DHCP and DNS servers
-Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
- Your DHCP servers must support the DHCPINFORM message, to obtain the DHCP options.
-
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses. To use this, you have to set up either the host record or the CNAME alias record in the DNS database file.
-
- DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
-
-**To set up automatic detection for DHCP servers**
-
-- Open the [DHCP Administrative Tool](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd145324(v=ws.10)), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](/previous-versions/tn-archive/bb794881(v=technet.10)).
-
- **Examples:**
- `https://www.microsoft.com/webproxy.pac`
- `https://marketing/config.ins`
- `https://123.4.567.8/account.pac`
- `
- `corserv IN A 192.55.200.143`
- `nameserver2 IN A 192.55.200.2`
- `mailserver1 IN A 192.55.200.51`
-
For more info about creating a WPAD entry, see Creating a WPAD entry in DNS.
-
-2. After the database file propagates to the server, the DNS name, `wpad.
-IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad.
-You must run the **Automatic Version Synchronization** page once for each operating system and language combination of IE.
-
-The **Automatic Version Synchronization** page tells you:
-
-- **Version available on your machine**. The version of IE11 that’s running on the computer that’s also running the IE Customization Wizard 11.
-
-- **Latest version available on web**. The most recently released version of the IE Customization Wizard 11. To get this value, the wizard compares the version of IE on your computer to the latest version of IE on the **Downloads** site. If the versions are different, you’ll be asked to update your version of IE.
-
-- **Disk space required**. The amount of space on your hard drive needed to update the browser.
-
-- **Disk space available**. The amount of hard drive space available on the computer that’s running the IE Customization Wizard 11.
-
-
-**To use the Automatic Version Synchronization page**
-
-1. Click **Synchronize**.
| Determines the default browser behavior. |
-|CMBitmapName | `
| Determines whether to use a custom Connection Manager profile. |
-|CompanyName |`
|Determines whether to encode the **[Favorites]** section for versions of IE earlier than 5.0. |
-|FavoritesDelete |*hexadecimal:* `0x89` |Lets you remove all existing Favorites and Quick Links. |
-|FavoritesOnTop |
|Determines whether to put new favorite items at the top of the menu. |
-|IE4 Welcome Msg |
|Determines whether a **Welcome** page appears. |
-|Language ID |`
|Determines whether to optimize the Active Setup Wizard for download. |
-|SilentInstall |
|Determines whether Windows Update Setup runs interactively on the employee’s computer.
This only appears for the **Internal** version of the IEAK 11. |
-|StealthInstall |
|Determines whether Windows Update Setup shows error messages and dialog boxes.
This only appears for the **Internal** version of the IEAK 11. |
-|Toolbar Bitmap |`
|The version of IEAK 11 being used. |
-|User Agent |`
|Determines whether the IE 4.x integrated shell is included in this package. |
-|Win32DownloadSite |`
The customizations you make on this page apply only to Internet Explorer for the desktop.
-
- **To use the Browser User Interface page**
-
-1. Check the **Customize Title Bars** box so you can add your custom text to the **Title Bar Text** box.
Only Administrators can use this option.
-
-3. Click **Add** to add new toolbar buttons.
|Determines whether to delete the existing custom toolbar buttons. |
-|HotIcon0 |`
|Determines whether to show the new button on the toolbar by default. |
-|ToolTipText0 |`
Using the options on the **Additional Settings** page of the wizard, you can let your employees change their connection settings. For more information see the [Additional Settings](additional-settings-ieak11-wizard.md) page. You can also customize additional connection settings using the **Automatic Configuration** page in the wizard. For more information see the [Automatic Configuration](auto-config-ieak11-wizard.md) page.
-
-**To view your current connection settings**
-
-1. Open IE, click the **Tools** menu, click **Internet Options**, and then click the **Connections** tab.
-
-2. Click **Settings** to view your dial-up settings and click **LAN Settings** to view your network settings.
-
-**To use the Connection Settings page**
-
-1. Decide if you want to customize your connection settings. You can pick:
-
- - **Do not customize Connection Settings.** Pick this option if you don’t want to preset your employee’s connection settings.
-
- - **Import the current Connection Settings from this machine.** Pick this option to import your connection settings from your computer and use them as the preset for your employee’s connection settings.
-
- **Note**
If you want to change any of your settings later, you can click **Modify Settings** to open the **Internet Properties** box, click the **Connection Settings** tab, and make your changes.
-
-2. Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
-
-3. Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
-
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
deleted file mode 100644
index 0e7777a64e..0000000000
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the ConnectionSettings .INS file to review the network connections for install (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the ConnectionSettings .INS file to review the network connections for install
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about the network connection settings used to install your custom package. This section creates a common configuration on all of your employee’s computers.
-
-|Name |Value |Description |
-|-----------|---------------------------|-------------|
-|ConnectName0 |`
|Determines whether to remove the existing connection settings during installation of your custom package. |
-|Option |
This only appears for the **Internal** version of the IEAK 11.
|Determines whether an employee can import connection settings into the Internet Explorer Customization Wizard. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
deleted file mode 100644
index 0befbc922f..0000000000
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: How to create your folder structure on the computer that you’ll use to build your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Create the build computer folder structure using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Create the build computer folder structure using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Create your build environment on the computer that you’ll use to build your custom browser package. Your license agreement determines your folder structure and which version of Internet Explorer Administration Kit 11 (IEAK 11) you’ll use: **Internal** or **External**.
-
-|Name |Version |Description |
-|-----------------|----------------------|---------------------------------------------------------|
-|`\
|
-|Prep your environment and get all of the info you'll need for running IEAK 11 |
|
-|Run the Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard |
|
-|Review your policy settings and create multiple versions of your install package. |
|
-|Review the general IEAK Customization Wizard 11 information, which applies throughout the process. |
For deployment instructions, additional troubleshooting, and post-installation management, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
|
-
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
deleted file mode 100644
index 5d88bfa81a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Create multiple versions of your custom package using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Create multiple versions of your custom package using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You'll need to create multiple versions of your custom browser package if:
-
-- You support more than 1 version of the Windows operating system.
-
-- You support more than 1 language.
-
-- You have custom installation packages with only minor differences. For example, having a different phone number or a different set of URLs in the **Favorites** folder.
-
-The Internet Explorer Customization Wizard 11 stores your original settings in the Install.ins file and will show them each time you re-open the wizard. For more info about .ins files, see [Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md).
-
-**To create multiple versions of your browser package**
-
-1. Use the Internet Explorer Customization Wizard 11 to create a custom browser package. For more info about how to run the wizard, start with the [Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md) topic.
-
-2. Go to the Cie\Custom folder and rename the Install.ins file to a name that reflects the version. Like, if you need a version for your employees in Texas, you could name the file Texas.ins.
-
-3. Run the wizard again, choosing the newly renamed folder as the destination directory for your output files.
Except for the **Title bar** text, **Favorites**, **Links bar**, **Home** page, and **Search bar**, we recommend that you keep all of your wizard settings the same for all of your build computers.
-
-4. Repeat this process until you’ve created a package for each version of your custom installation package.
-
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
deleted file mode 100644
index ba3904ae39..0000000000
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use Setup information (.inf) files to uninstall custom components (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use uninstallation .INF files to uninstall custom components
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The Internet Explorer Administration Kit 11 (IEAK 11) uses Setup information (.inf) files to provide installation instructions for your custom browser packages. You can also use this file to uninstall your custom components by removing the files, registry entries, and shortcuts, and adding your custom component to the list of programs that can be uninstalled from **Uninstall or change a program**.
-
-**To uninstall your custom components**
-
-1. Open the Registry Editor and add a new key and value to:
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"`
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString”",,"command-line"`
You should sign any custom code that’s being downloaded over the Internet. The default settings of Internet Explorer 11 will automatically reject any unsigned code. For more info about digitally signing custom components, see [Security features and IEAK 11](security-and-ieak11.md).
-
-**To use the Custom Component page**
-
-1. Click **Add**.
You should install your component before IE if you need to run a batch file to configure your employee settings. You should install your component after IE if you plan to install software updates.
-
-4. Check the **Only install if IE is installed successfully** box if your component should only install if IE installs successfully. For example, if you’re installing a security update that requires IE.
-
-5. If your component is a .cab file, you must provide the extraction command into the **Command** box.
-
-6. If your component has its own globally unique identifier (GUID), replace the value in the **GUID** box. Otherwise, keep the automatically generated GUID.
-
-7. Describe your component using up to 511 characters in the **Description** box.
-
-8. Type any command-line options that need to run while installing your component into the **Parameters** box. For example, if you want your component to install silently, without prompts. For more info about using options, see [IExpress command-line options](iexpress-command-line-options.md).
-
-9. Type the value that Microsoft Update Setup uses to check that the component installed successfully into the **Uninstall Key** box. This check is done by comparing your value to the value in the `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ApplicationName` key.
-
-10. Type a numeric serial number for your component into the **Version** box, using this format: *xxxx*, *xxxxxx*, *xxxx*, *xxxx*.
-
-11. Click **Add**.
If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location.
-
-2. On the **Additional Settings** page of the IEAK 11, click **Internet Settings**, and then click **Advanced Settings**.
-
-3. Go to the section labeled **Searching** and type *intranet* into the **Search Provider Keyword** box.
-
-**To redirect to a different site than the one provided by the search results**
-
-- In the **Advanced Settings** section, go to the section labeled **Searching** and change the **When searching from the address bar** setting to **Just go to the most likely site**.
-
-**To disable Automatic Search**
-
-- In the **Advanced Settings** section, go to the section labeled **Searching** and change the **When searching from the address bar** setting to **Do not search from the address bar**.
-
-### Automatic Search parameters
-You must replace the Automatic Search script file parameters, *%1* and *%2* so they’re part of the actual URL.
-
-|Parameter |Value |
-|----------|--------------------------------------------------------|
-|1% |The text string typed by an employee into the **Address** bar. |
-|2% |The type of search chosen by an employee. This can include:
|
-
-### Sample Automatic Search script
-This is a VBScript-based sample of an .asp Automatic Search script.
-
-```
-<%@ Language=VBScript %>
-<%
-' search holds the words typed in the Address bar
-' by the user, without the "go" or
-' "find" or any delimiters like
-' "+" for spaces.
-' If the user typed
-' "Apple pie," search = "Apple pie."
-' If the user typed
-' "find Apple pie," search = "Apple pie."
-
-search = Request.QueryString("MT")
-search = UCase(search)
-searchOption = Request.QueryString("srch")
-
-' This is a simple if/then/else
-' to redirect the browser to the site
-' of your choice based on what the
-' user typed.
-' Example: expense report is an intranet page
-' about filling out an expense report
-
-if (search = "NEW HIRE") then
-Response.Redirect("https://admin/hr/newhireforms.htm")
-elseif (search = "LIBRARY CATALOG") then
-Response.Redirect("https://library/catalog")
-elseif (search = "EXPENSE REPORT") then
-Response.Redirect("https://expense")
-elseif (search = "LUNCH MENU") then
-Response.Redirect("https://cafe/menu/")
-else
-
-' If there is not a match, use the
-' default IE autosearch server
-Response.Redirect("https://auto.search.msn.com/response.asp?MT="
-+ search + "&srch=" + searchOption +
-"&prov=&utf8")
-end if
-%>
-```
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
deleted file mode 100644
index 7d0a2f9882..0000000000
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the ExtRegInf .INS file to specify your installation files and mode (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the ExtRegInf .INS file to specify installation files and mode
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about how to specify your Setup information (.inf) files and the installation mode for your custom components.
-
-|Name |Value |Description |
-|-----------|---------|------------------------------------------------------------------------------------------------------------------|
-|Chat |*string* |The name of the .inf file and the install mode for components. For example, *,chat.inf,DefaultInstall. |
-|Conf |*string* |The name of the .inf file and the install mode for components. For example, *,conf.inf,DefaultInstall. |
-|Inetres |*string* |The name of the .inf file and the install mode for components. For example, *,inetres.inf,DefaultInstall. |
-|Inetset |*string* |The name of the .inf file and the install mode for components. For example, *,inetset.inf,DefaultInstall. |
-|Subs |*string* |The name of the .inf file and the install mode for components. For example, *,subs.inf,DefaultInstall. |
-|ConnectionSettings |*string* |The name of the .inf file and the install mode for components. For example, *,connect.inf,DefaultInstall. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
deleted file mode 100644
index 030dc054d2..0000000000
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ /dev/null
@@ -1,113 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Favorites, Favorites Bar, and Feeds** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add:
-
-- **Links.** Used so your employees can quickly connect with your important websites. These links can appear in the **Links** folder or on the **Favorites Bar**.
-
-- **Web Slices.** Used so your employees can subscribe to a section of a webpage, tracking information as it changes, such as for weather reports, stock prices, or the progress of an auction item.
-
-- **Feeds.** Used so your employees can quickly access your recommended RSS feeds. While you can’t import a folder of RSS feeds, you can add new links.
-
-Although we provide default items in the **Favorites, Favorites Bar, and Feeds** area, you can remove any of the items, add more items, or add new folders and links as part of your custom package. The customizations you make on this page only apply to Internet Explorer for the desktop.
-
-**To work with Favorites**
-
-1. To import your existing folder of links, pick **Favorites**, and then click **Import**.
-
-2. Go to your existing link folder, most likely in the `
|Determines if the **Favorites** item is available for offline browsing. |
-|Title1 |`
Your choices on this page determine what wizard pages appear.
-
-**To use the Feature Selection page**
-
-1. Check the box next to each feature you want to include in your custom installation package.
-You can create a custom installation package on your hard drive and move it to an Internet or intranet server, or you can create it directly on a server. If you create the package on a web server that’s running from your hard drive, use the path to the web server as the destination folder location. Whatever location you choose, it must be protected by appropriate access control lists (ACLs). If the location is not protected, the custom package may be tampered with.
-
-**To use the File Locations page**
-
-1. Browse to the location where you’ll store your finished custom IE installation package and the related subfolders.
Subfolders are created for each language version, based on operating system and media type. For example, if your destination folder is `C:\Inetpub\Wwwroot\Cie\Dist`, then the English-language version is created as `C:\Inetpub\Wwwroot\Cie\Dist\Flat\Win32\En` subfolders.
-
-2. Click **Advanced Options**.
-You must run Automatic Version Synchronization at least once to check for updated components.
-
-4. Browse to your .ins file location, and then click **Open**.
You must never edit a .sed file. |
-|.spc |The software publishing certificate file, which includes:
|
-
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
deleted file mode 100644
index 9d6fe74f8a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **First Run Wizard and Welcome Page Options** page of the Internet Explorer Customization Wizard 11 lets you decide what your employee’s see the first time they log on to IE, based on their operating system.
-
-- **Windows 8.1 Update and newer.** No longer includes a **Welcome** page, so if you pick the **Use Internet Explorer 11 Welcome Page** or the **Use a custom Welcome page** option, IEAK creates an initial **Home** page that loads before all other **Home** pages, as the first tab. This only applies to the Internet Explorer for the desktop.
-
-- **Windows 7 SP1.** You can disable the first run page for Windows 7 SP1 and then pick a custom **Welcome** page to show instead. If you don’t customize the settings on this page, your employees will see the default IE **Welcome** page.
-
-**To use the First Run Wizard and Welcome Page Options page**
-
-1. Check the **Use IE11 First Run wizard (recommended)** box to use the default First Run wizard in IE.
Check your license agreement to make sure this customization is available.
-
-|Graphic |Type and description |
-|-----------------------|----------------------------------------------------------------------|
-|Browser toolbar button |2 icon (.ico) files with color images for active and inactive states. |
-|Favorites List icons |1 icon (.ico) file for each new URL. |
-
-Your icons must use the .ico file extension, no other image file extension works.
-
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
deleted file mode 100644
index 2da43b7f38..0000000000
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Hardware and software requirements for Internet Explorer 11 and the IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Hardware and software requirements for Internet Explorer 11 and the IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Before you can use the Internet Explorer Administration Kit 11 and the Internet Explorer Customization Wizard 11, you must first install Internet Explorer 11. For more info about installing IE11, see the [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md) page.
-
-## Hardware requirements
-Before you start the Internet Explorer Customization Wizard 11, you must check to see how much disk space you have on the drive you're going to use to build the IE11 install package. This drive can be on the same device as the one running the wizard; it just needs to have a secure destination folder.
-
-Before you start to create your install package, you must meet all of the [Internet Explorer 11 requirements](../ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md), plus:
-
-- Up to 100 megabytes (MB) of disk space, depending on how many components you include in the installation package.
-
-- An additional 100 MB of disk space for each custom installation package built. Different media types are considered separate packages.
-
-## Software requirements
-The device you're going to use to build your install packages must be running Internet Explorer 11, on one of these operating systems:
-
-- Windows 10
-The device you're going to use to run IEAK 11 must be running the same version of the operating system as the device where you'll build your install packages.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
deleted file mode 100644
index 6c46e306f3..0000000000
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the HideCustom .INS file to hide the GUID for each custom component (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the HideCustom .INS file to hide the GUID for each custom component
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about whether to hide the globally unique identifier (GUID) for each of your custom components.
-
-|Name |Value |Description |
-|------|-------------------------------------------------------------------------------------|-----------------------------------------------|
-|GUID |
|Determines whether this is a hidden component. |
-
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
deleted file mode 100644
index c9d24160a9..0000000000
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Reference about the command-line options and return codes for Internet Explorer Setup.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Internet Explorer Setup command-line options and return codes (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Internet Explorer Setup command-line options and return codes
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can use command-line options along with a tool like IExpress to package your custom version of Internet Explorer and to perform a batch installation across your organization.
-
-## IE Setup command-line options
-These command-line options work with IE Setup:
-
-`[/help] [/passive | /quiet] [/update-no] [/no-default] [/nobackup] [/ieak-full:
The employee cancelled Setup and is then asked to confirm:
If the cancellation is confirmed, Setup will quit as soon as all of the in-progress tasks are done, like copying or extracting files. |
-
-## Related topics
-- [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
-- [Express Wizard command-line options](iexpress-command-line-options.md)
-
diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
deleted file mode 100644
index 8a02248b90..0000000000
--- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. Use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
-author: dansimp
-ms.author: dansimp
-ms.manager: dougkim
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Internet Explorer Administration Kit (IEAK) information and downloads
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# Internet Explorer Administration Kit (IEAK) information and downloads
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
->Applies to: Windows 10
-
-The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. To find more information on the IEAK, see [What IEAK can do for you](what-ieak-can-do-for-you.md).
-
-
-## Internet Explorer Administration Kit 11 (IEAK 11)
-
-[IEAK 11 documentation](index.md)
-
-[IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-
-[IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.yml)
-
-[Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](before-you-create-custom-pkgs-ieak11.md)
-
-## Download IEAK
-
-To download, choose to **Open** the download or **Save** it to your hard drive first.
-
-:::row:::
- :::column span="":::
- [English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi)
-
- [Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi)
-
- [Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi)
-
- [Chinese (Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi)
-
- [Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi)
-
- [Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi)
-
- [Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi)
-
- [Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi)
-:::column-end:::
- :::column span="":::
- [French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi)
-
- [German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi)
-
- [Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi)
-
- [Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi)
-
- [Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi)
-
- [Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi)
-
- [Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi)
-
- [Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi)
-:::column-end:::
- :::column span="":::
- [Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi)
-
- [Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi)
-
- [Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi)
-
- [Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi)
-
- [Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi)
-
- [Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi)
-
- [Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi)
-
- [Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi)
-:::column-end:::
-:::row-end:::
-
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
deleted file mode 100644
index 0aa9964807..0000000000
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Review the options available to help you customize your browser install packages for deployment to your employee's devices.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use the Internet Explorer Administration Kit 11 (IEAK 11) and the Internet Explorer Customization Wizard 11 to customize your browser install packages for deployment to your employee's devices.
-
-## IE Customization Wizard 11 options
-IEAK 11 lets you customize a lot of Internet Explorer 11, including the IE and Internet Explorer for the desktop experiences. For more info about the experiences, see [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md). For info about which pages appear in the **Internal** or **External** version of IE Customization Wizard 11, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
-
-|Internet Explorer Customization Wizard 11 page |Browser experience |Description |
-|-----------------------------------------------|------------------------------------|-----------------------------|
-|[Custom Components](custom-components-ieak11-wizard.md) |Internet Explorer for the desktop |Add up to 10 additional components that your employees can install at the same time they install IE. |
-|[Internal install](internal-install-ieak11-wizard.md) |Internet Explorer for the desktop |Choose to set IE11 as the default browser.
This only applies to IE11 on Windows 7 SP1 |
-|[User Experience](user-experience-ieak11-wizard.md) |Internet Explorer for the desktop |Control the installation and restart experience for your employees.
You can turn off the entire **Suggested Sites** feature from this page. |
-|[Browsing Options](browsing-options-ieak11-wizard.md) |Doesn't apply. The choices that you make on this page affect only the items shown on the **Favorites, Favorites Bar, and Feeds** page. |Choose how to manage items in the **Favorites** folder, the **Favorites Bar**, and the **Feeds** folder. You can also turn off the Microsoft-default Favorites, Web slices, links, feeds, and accelerators. |
-|[First Run Wizard and Welcome Page Options](first-run-and-welcome-page-ieak11-wizard.md) |Internet Explorer for the desktop |Decide if the First Run wizard appears the first time an employee starts IE. You can also use the IE11 **Welcome** page, or link to a custom **Welcome** page. |
-|[Compatibility View](compat-view-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. For more information, see [Missing the Compatibility View Button](../ie11-deploy-guide/missing-the-compatibility-view-button.md). |
-|[Connection Manager](connection-mgr-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. |
-|[Connection Settings](connection-settings-ieak11-wizard.md) |Both |Choose whether to customize your connection settings. You can also choose to delete old dial-up connection settings. |
-|[Automatic Configuration](auto-config-ieak11-wizard.md) |Both |Choose whether to automatically detect configuration settings and whether to turn on and customize automatic configuration. |
-|[Proxy Settings](proxy-settings-ieak11-wizard.md) |Both |Turn on and set up your proxy servers.
We don't support Gopher Server anymore. |
-|[Add a Root Certification](add-root-certificate-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. |
-|[Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) |The **Security Zones and Privacy** settings are supported by both experiences. The **Content Ratings** are only supported on Internet Explorer for the desktop. |Decide if you want to:
|
-|[Programs](programs-ieak11-wizard.md) |Internet Explorer for the desktop |Decide your default programs or import your current settings. |
-|[Additional Settings](additional-settings-ieak11-wizard.md) |Both |Decide how to set up multiple IE settings that appear in the **Internet Options** box. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
deleted file mode 100644
index 391784b8a4..0000000000
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Reference about the command-line options for the IExpress Wizard.
-author: dansimp
-ms.prod: ie11
-ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: IExpress Wizard command-line options (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# IExpress Wizard command-line options
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-- Windows Server 2008 R2 with SP1
-
-Use command-line options with the IExpress Wizard (IExpress.exe) to control your Internet Explorer custom browser package extraction process.
-
-These command-line options work with IExpress:
-`Ie11setup
The customizations made on this page only apply to Internet Explorer for the desktop on Windows 7.
-
-**To use the Internal Install page**
-
-1. Pick either:
-
- - **Allow user to choose.** Lets your employees pick their own default browser.
Make sure that the language of your IEAK 11 installation matches the language of your custom IE11 package. If the languages don’t match, IEAK 11 won’t work properly.
-
-**To use the Language Selection page**
-
-1. Pick the language you want your custom IE11 installation package to use.
To keep your settings across multiple versions of the package, you can pick the same destination folder for all versions. The different language versions are then saved in separate subfolders within that destination folder. Like, for an English version, `C:\Cie\Build1\Flat\Win32_WIN8\en-US\` and for a German version, `C:\Cie\Build1\Flat\Win32_WIN8\de-DE\`.
-
-2. Click **Next** to go to the [Package Type Selection](pkg-type-selection-ieak11-wizard.md) page or **Back** to go to the [Platform Selection](platform-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
deleted file mode 100644
index 9eba34b5e1..0000000000
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ /dev/null
@@ -1,110 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Learn about the version of the IEAK 11 you should run, based on your license agreement.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/23/2018
----
-
-
-# Determine the licensing version and features to use in IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
-
-During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
-
-- **External Distribution as an Internet Service Provider (ISP), Internet Content Provider (ICP), or Developer.** If you are an ISP or an ICP, your license agreement also states that you must show the Internet Explorer logo on your packaging and promotional goods, as well as on your website.
- > [!IMPORTANT]
- > Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
-
-- **Internal Distribution via a Corporate Intranet.** This version is for network admins that plan to directly deploy IE11 into a corporate environment.
-
-## Available features by version
-
-| Feature | Internal | External |
-|-------------------------------------------|:--------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
-| Welcome screen |  |  |
-| File locations |  |  |
-| Platform selection |  |  |
-| Language selection |  |  |
-| Package type selection |  |  |
-| Feature selection |  |  |
-| Automatic Version Synchronization (AVS) |  |  |
-| Custom components |  |  |
-| Internal install |  |  |
-| User experience |  |  |
-| Browser user interface |  |  |
-| Search providers |  |  |
-| Important URLs – Home page and support |  |  |
-| Accelerators |  |  |
-| Favorites, Favorites bar, and feeds |  |  |
-| Browsing options |  |  |
-| First Run wizard and Welcome page options |  |  |
-| Connection manager |  |  |
-| Connection settings |  |  |
-| Automatic configuration |  |  |
-| Proxy settings |  |  |
-| Security and privacy settings |  |  |
-| Add a root certificate |  |  |
-| Programs |  |  |
-| Additional settings |  |  |
-| Wizard complete |  |  |
-
----
-
-
-## Customization guidelines
-
-Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
-
-- **External Distribution**
- This mode is available to anyone who wants to create a customized browser for distribution outside their company (for example, websites, magazines, retailers, non-profit organizations, independent hardware vendors, independent software vendors, Internet service providers, Internet content providers, software developers, and marketers).
-
-- **Internal Distribution**
- This mode is available to companies for the creation and distribution of a customized browser only to their employees over a corporate intranet.
-
-The table below identifies which customizations you may or may not perform based on the mode you selected.
-
-| **Feature Name** | **External Distribution** | **Internal Distribution** |
-|---------------------------------|:--------------------:|:-------------------:|
-| **Custom Components** | Yes | Yes |
-| **Title Bar** | Yes | Yes |
-| **Favorites** | One folder, containing any number of links. | Any number of folders/links. |
-| **Search Provider URLs** | Yes | Yes |
-| **Search Guide URL** | No | Yes |
-| **Online Support URL** | Yes | Yes |
-| **Web Slice** | Suggested maximum five Web Slices. | Any number of Web Slices. |
-| **Accelerator** | Search provider Accelerator must be the same as the search provider set for the Search Toolbox. We recommend that Any number of Accelerators/Accelerator Categories. Feature Name External Internal Accelerator category not exceed seven total categories, and each Accelerator category must be unique. We recommend each Accelerator category not have more than two Accelerators. The Accelerator display name should follow the syntax of verb + noun, such as "Map with Bing." | Any number of Accelerators/Accelerator Categories. |
-| **Homepage URLs** | Can add a maximum of three. | Unlimited. |
-| **First Run Wizard and Welcome Page Options** | Cannot remove Internet Explorer 11 First Run wizard. Can customize **Welcome** page. | Customizable. |
-| **RSS Feeds** | One folder, containing any number of links. | Any number of folders/links. |
-| **Browsing Options** | No | Yes |
-| **Security and Privacy Settings** | No | Can add any number of sites. |
-| **Corporate Options** (Latest Updates, Default Browser, Uninstall Info, Additional Settings) | No | Yes |
-| **User Experience** (Setup/Restart) | No | Yes |
-| **User Agent String** | Yes | Yes |
-| **Compatibility View** | Yes | Yes |
-| **Connection Settings and Manage** | Yes | Yes |
-
-
-Support for some of the Internet Explorer settings on the wizard pages varies depending on your target operating system. For more information, see [Internet Explorer Customization Wizard 11 options](./ieak11-wizard-custom-options.md).
-
-## Distribution guidelines
-
-Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
-
-- **External Distribution**
- You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy).
-
-- **Internal Distribution - corporate intranet**
- The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet.
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
deleted file mode 100644
index f628def610..0000000000
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Media .INS file to specify your install media (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Media .INS file to specify your install media
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The types of media on which your custom install package is available.
-
-|Name |Value |Description |
-|-----|------|-----------------|
-|Build_LAN |
|Determines whether you want to create a LAN-based installation package. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
deleted file mode 100644
index ae7b3c6150..0000000000
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Package Type Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Package Type Selection page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Package Type Selection** page of the Internet Explorer Customization Wizard 11 lets you pick which type of media you’ll use to distribute your custom installation package. You can pick more than one type, if you need it.
-
-**Important**
You can't create a full installation package for deployment to Windows 10 computers. That option only works for computers running Windows 7 or Windows 8.1.
-
-**To use the File Locations page**
-
-1. Check the **Full Installation Package** box if you’re going to build your package on, or move your package to, a local area network (LAN). This media package includes the Internet Explorer 11 installation files, and is named **IE11-Setup-Full.exe**, in the `
You can’t include custom components in a configuration-only package.
-
-3. Click **Next** to go to the [Feature Selection](feature-selection-ieak11-wizard.md) page or **Back** to go to the [Language Selection](language-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
deleted file mode 100644
index 67d9caac65..0000000000
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Platform Selection page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package.
-
-**To use the Platform Selection page**
-
-1. Pick the operating system and architecture for the devices on which you’re going to install the custom package.
To keep your settings across several operating system packages, you can specify the same destination folder. Then, after running the wizard, you can reuse the resulting .ins file. Any additional changes to the .ins file are saved. For more info about using .ins files, see [Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md). For more info about adding in your .ins file, see [Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md).
-
-2. Click **Next** to go to the [Language Selection](language-selection-ieak11-wizard.md) page or **Back** to go to the [File Locations](file-locations-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
deleted file mode 100644
index 4720c446af..0000000000
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Before you install your package over your network using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Before you install your package over your network using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Employees can install the custom browser package using a network server. However, you must either lower the intranet security level or make the server a trusted site.
-
-**To lower your intranet security**
-
-1. In Internet Explorer 11, click **Tools**, **Internet Options**, and then the **Security** tab.
-
-2. Click **Local intranet**, and then **Sites**.
-
-3. Uncheck **Automatically detect intranet network**, uncheck **Include all network paths (UNC)**, and then click **OK**.
-
-**To make your server a trusted site**
-
-1. From the **Security** tab, click **Trusted sites**, and then **Sites**.
-
-2. Type the location of the server with the downloadable custom browser package, and then click **Add**.
-
-3. Repeat this step for every server that will include the custom browser package for download.
-
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
deleted file mode 100644
index acfbbc74ae..0000000000
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Programs page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer.
-
-**Important**
The customizations you make on this page only apply to Internet Explorer for the desktop.
-
-**To use the Programs page**
-
-1. Determine whether you want to customize your connection settings. You can pick:
-
- - **Do not customize Program Settings.** Pick this option if you don’t want to set program associations for your employee’s devices.
If you want to change any of your settings, you can click **Modify Settings** to open the **Internet Properties** box, click **Set associations**, and make your changes.
-
-2. Click **Next** to go to the [Additional Settings](additional-settings-ieak11-wizard.md) page or **Back** to go to the [Add a Root Certificate](add-root-certificate-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
deleted file mode 100644
index 56a0823f9a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ /dev/null
@@ -1,185 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use proxy auto-configuration (.pac) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use proxy auto-configuration (.pac) files with IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-These are various ways you can use a proxy auto-configuration (.pac) file to specify an automatic proxy URL. We've included some examples here to help guide you, but you'll need to change the proxy names, port numbers, and IP addresses to match your organization's info.
-
-Included examples:
-- [Example 1: Connect directly if the host is local](#example-1-connect-directly-if-the-host-is-local)
-- [Example 2: Connect directly if the host is inside the firewall](#example-2-connect-directly-if-the-host-is-inside-the-firewall)
-- [Example 3: Connect directly if the host name is resolvable](#example-3-connect-directly-if-the-host-name-is-resolvable)
-- [Example 4: Connect directly if the host is in specified subnet](#example-4-connect-directly-if-the-host-is-in-specified-subnet)
-- [Example 5: Determine the connection type based on the host domain](#example-5-determine-the-connection-type-based-on-the-host-domain)
-- [Example 6: Determine the connection type based on the protocol](#example-6-determine-the-connection-type-based-on-the-protocol)
-- [Example 7: Determine the proxy server based on the host name matching the IP address](#example-7-determine-the-proxy-server-based-on-the-host-name-matching-the-ip-address)
-- [Example 8: Connect using a proxy server if the host IP address matches the specified IP address](#example-8-connect-using-a-proxy-server-if-the-host-ip-address-matches-the-specified-ip-address)
-- [Example 9: Connect using a proxy server if there are periods in the host name](#example-9-connect-using-a-proxy-server-if-there-are-periods-in-the-host-name)
-- [Example 10: Connect using a proxy server based on specific days of the week](#example-10-connect-using-a-proxy-server-based-on-specific-days-of-the-week)
-
-
-## Example 1: Connect directly if the host is local
-In this example, if the host is local, it can connect directly. However, if the server isn't local, it must connect through a proxy server. Specifically, the `isPlainHostName` function looks to see if there are any periods (.) in the host name. If the function finds periods, it means the host isn’t local and it returns false. Otherwise, the function returns true.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isPlainHostName(host))
- return "DIRECT";
- else
- return "PROXY proxy:80";
- }
-```
-## Example 2: Connect directly if the host is inside the firewall
-In this example, if the host is inside the firewall, it can connect directly. However, if the server is outside the firewall, it must connect through a proxy server. Specifically, the `localHostOrDomainIs` function only runs for URLs in the local domain. If the host domain name matches the provided domain information, the `dnsDomainIs` function returns true.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if ((isPlainHostName(host) ||
- dnsDomainIs(host, ".company.com")) &&
- !localHostOrDomainIs(host, "www.company.com") &&
- !localHostOrDoaminIs(host, "home.company.com"))
- return "DIRECT";
- else
- return "PROXY proxy:80";
-}
-```
-## Example 3: Connect directly if the host name is resolvable
-In this example, if the host name can be resolved, it can connect directly. However, if the name can’t be resolved, the server must connect through a proxy server. Specifically, this function requests the DNS server to resolve the host name it's passed. If the name can be resolved, a direct connection is made. If it can't, the connection is made using a proxy. This is particularly useful when an internal DNS server is used to resolve all internal host names.
-
-**Important**
The `isResolvable` function queries a Domain Name System (DNS) server. References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references `window.open(...)`, `alert(...)`, and `password(...)` all cause the proxy auto-configuration file to fail.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isResolvable(host))
- return "DIRECT";
- else
- return "PROXY proxy:80";
- }
-```
-
-## Example 4: Connect directly if the host is in specified subnet
-In this example, if the host is in a specified subnet, it can connect directly. However, if the server is outside of the specified subnet, it must connect through a proxy server. Specifically, the `isInNet` (host, pattern, mask) function returns true if the host IP address matches the specified pattern. The mask indicates which part of the IP address to match (255=match, 0=ignore).
-
-**Important**
The `isInNet` function queries a DNS server. References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references `window.open(...)`, `alert(...)`, and `password(...)` all cause the proxy auto-configuration file to fail.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isInNet(host, "999.99.9.9", "255.0.255.0"))
- return "DIRECT";
- else
- return "PROXY proxy:80";
- }
-```
-## Example 5: Determine the connection type based on the host domain
-In this example, if the host is local, the server can connect directly. However, if the host isn’t local, this function determines which proxy to use based on the host domain. Specifically, the `shExpMatch(str, shexp)` function returns true if `str` matches the `shexp` using shell expression patterns. This is particularly useful when the host domain name is one of the criteria for proxy selection.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isPlainHostName(host))
- return "DIRECT";
- else if (shExpMatch(host, "*.com"))
- return "PROXY comproxy:80";
- else if (shExpMatch(host, "*.edu"))
- return "PROXY eduproxy:80";
- else
- return "PROXY proxy";
- }
-```
-## Example 6: Determine the connection type based on the protocol
-In this example, the in-use protocol is extracted from the server and used to make a proxy selection. If no protocol match occurs, the server is directly connected. Specifically the `substring` function extracts the specified number of characters from a string. This is particularly useful when protocol is one of the criteria for proxy selection.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (url.substring(0, 5) == "http:") {
- return "PROXY proxy:80";
- }
- else if (url.substring(0, 4) == "ftp:") {
- return "PROXY fproxy:80";
- }
- else if (url.substring(0, 6) == "https:") {
- return "PROXY secproxy:8080";
- }
- else {
- return "DIRECT";
- }
- }
-```
-## Example 7: Determine the proxy server based on the host name matching the IP address
-In this example, the proxy server is selected by translating the host name into an IP address and then comparing the address to a specified string.
-
-**Important**
The `dnsResolve` function queries a DNS server. References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references `window.open(...)`, `alert(...)`, and `password(...)` all cause the proxy auto-configuration file to fail.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (dnsResolve(host) == "999.99.99.999") { // = https://secproxy
- return "PROXY secproxy:8080";
- }
- else {
- return "PROXY proxy:80";
- }
- }
-```
-## Example 8: Connect using a proxy server if the host IP address matches the specified IP address
-In this example, the proxy server is selected by explicitly getting the IP address and then comparing it to a specified string. If no protocol match occurs, the server makes a direct connection. Specifically, the `myIpAddress` function returns the IP address (in integer-period format) for the host that the browser is running on.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (myIpAddress() == "999.99.999.99") {
- return "PROXY proxy:80";
- }
- else {
- return "DIRECT";
- }
- }
-```
-## Example 9: Connect using a proxy server if there are periods in the host name
-In this example, the function looks to see if there are periods (.) in the host name. If there are any periods, the connection occurs using a proxy server. If there are no periods, a direct connection occurs. Specifically, the `dnsDomainLevels` function returns an integer equal to the number of periods in the host name.
-
-**Note**
This is another way to determine connection types based on host name characteristics.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (dnsDomainLevels(host) > 0) { // if the number of periods in host > 0
- return "PROXY proxy:80";
- }
- return "DIRECT";
- }
-```
-## Example 10: Connect using a proxy server based on specific days of the week
-In this example, the function decides whether to connect to a proxy server, based on the days of the week. Connecting on days that don’t fall between the specified date parameters let the server make a direct connection. Specifically the `weekdayRange(day1 [,day2] [,GMT] )` function returns whether the current system time falls within the range specified by the parameters `day1`, `day2`, and `GMT`. Only the first parameter is required. The GMT parameter presumes time values are in Greenwich Mean Time rather than the local time zone. This function is particularly useful for situations where you want to use a proxy server for heavy traffic times, but allow a direct connection when traffic is light.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if(weekdayRange("WED", "SAT", "GMT"))
- return "PROXY proxy:80";
- else
- return "DIRECT";
- }
-```
-
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
deleted file mode 100644
index 9def48f2d3..0000000000
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Proxy .INS file to specify a proxy server (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Proxy .INS file to specify a proxy server
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about whether to use a proxy server. If yes, this also includes the host names for the proxy server.
-
-|Name |Value |Description |
-|-----|------|------------|
-|FTP_Proxy_Server |`
|Determines whether to use a proxy server. |
-|Proxy_Override |`
|Determines whether to use a single proxy server for all services. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
deleted file mode 100644
index ba113af6cc..0000000000
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Proxy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Proxy Settings page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Proxy Settings** page of the Internet Explorer Customization Wizard 11 lets you pick the proxy servers used by your employees to connect for services required by the custom install package.
-
-Using a proxy server lets you limit access to the Internet. You can also use the **Additional Settings** page of the wizard to further restrict your employees from changing the proxy settings.
-
-**To use the Proxy Settings page**
-
-1. Check the **Enable proxy settings** box if you want to use proxy servers for any of your services.
-
-2. Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.
IE11 also uses this registry key to verify that the component installed successfully during setup.
-
-|Subkey |Data type |Value |
-|-------|----------|-----------|
-|DisplayName |*string* |Friendly name for your uninstall app. This name must match your **Uninstall Key** in the **Add a Custom Component** page of the Internet Explorer Customization Wizard 11. For more info, see the [Custom Components](custom-components-ieak11-wizard.md) page. |
-|UninstallString |*string* |Full command-line text, including the path, to uninstall your component. You must not use a batch file or a sub-process. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
deleted file mode 100644
index 52e023abde..0000000000
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: manage
-description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the RSoP snap-in to review policy settings (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using the Resultant Set of Policy (RSoP) snap-in to review policy settings
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772175(v=ws.11)).
-
-**To add the RSoP snap-in**
-
-1. On the **Start** screen, type *MMC*.
The Internet Explorer Customization Wizard 11 offers improved and extended search settings. However, you can still optionally include support for Search Suggestions and Favicons, as well as Accelerator previews by using an .ins file from a previous version of IEAK.
-
-**To use the Search Providers page**
-
-1. Click **Import** to automatically import your existing search providers from your current version of IE into this list.
-
-2. Click **Add** to add more providers.
To change your settings, click **Modify Settings** to open the **Internet Properties** box, and then click the **Security** and **Privacy** tabs to make your changes.
-
-2. Decide if you want to customize your content ratings. You can pick:
-
- - **Do not customize content ratings.** Pick this option if you don’t want to customize content ratings.
-
- - **Import the current content ratings settings.** Pick this option to import your content rating settings from your computer and use them as the preset for your employee’s settings.
Not all Internet content is rated. If you choose to allow users to view unrated sites, some of those sites could contain inappropriate material. To change your settings, click **Modify Settings** to open the **Content Advisor** box, where you can make your changes.
-
-3. Click **Next** to go to the [Add a Root Certificate](add-root-certificate-ieak11-wizard.md) page or **Back** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
deleted file mode 100644
index b4fd0c45b2..0000000000
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Security Imports .INS file to import security info (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Security Imports .INS file to import security info
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about how to import security information from your local device to your custom package.
-
-|Name |Value |Description |
-|-----|------|------------|
-|ImportAuthCode |
|Whether to import the existing Authenticode settings. |
-|ImportRatings |
|Whether to import the existing Content Ratings settings. |
-|ImportSecZones |
|Whether to import the existing Security Zone settings. |
-|ImportSiteCert |
|Whether to import the existing site certification authorities. |
-|Win16SiteCerts |
|Whether to use site certificates for computers running 16-bit versions of Windows. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
deleted file mode 100644
index e4fcd7c739..0000000000
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Info about some of the known issues using the Internet Exporer Customization Wizard and a custom Internet Explorer install package.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: 9e22cc61-6c63-4cab-bfdf-6fe49db945e4
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Troubleshoot custom package and IEAK 11 problems (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Troubleshoot custom package and IEAK 11 problems
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-While the Internet Explorer Customization Wizard has been around for quite a while, there are still some known issues that you might encounter while deploying or managing your custom IE install package.
-
-## I am unable to locate some of the wizard pages
-The most common reasons you will not see certain pages is because:
-
-- **Your licensing agreement with Microsoft.** Your licensing agreement determines whether you install the **Internal** or **External** version of the Internet Explorer Customization Wizard, and there are different features available for each version. For info about which features are available for each version, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
-
-- **Your choice of operating system.** Depending on the operating system you picked from the **Platform Selection** page of the wizard, you might not see all of the pages. Some features aren’t available for all operating systems. For more information, see [Use the Platform Selection page in the IEAK 11 Wizard](platform-selection-ieak11-wizard.md).
-
-- **Your choice of features.** Depending on what you selected from the **Feature Selection** page of the wizard, you might not see all of the pages. You need to make sure that the features you want to customize are all checked. For more information, see [Use the Feature Selection page in the IEAK 11 Wizard](feature-selection-ieak11-wizard.md).
-
-## Internet Explorer Setup fails on user's devices
-Various issues can cause problems during Setup, including missing files, trust issues, or URL monikers. You can troubleshoot these issues by reviewing the Setup log file, located at `IE11\_main.log` from the **Windows** folder (typically, `C:\Windows`). The log file covers the entire Setup process from the moment IE11Setup.exe starts until the last .cab file finishes, providing error codes that you can use to help determine the cause of the failure.
-
-### Main.log file codes
-
-|Code |Description |
-|-----|------------|
-|0 |Initializing, making a temporary folder, and checking disk space. |
-|1 |Checking for all dependencies. |
-|2 |Downloading files from the server. |
-|3 |Copying files from download location to the temporary installation folder. |
-|4 |Restarting download and retrying Setup, because of a time-out error or other download error. |
-|5 |Checking trust and checking permissions. |
-|6 |Extracting files. |
-|7 |Running Setup program (an .inf or .exe file). |
-|8 |Installation is finished. |
-|9 |Download finished, and all files are downloaded. |
-
-### Main.log error codes
-
-|Code |Description |
-|-----|------------|
-|80100003 |Files are missing from the download folder during installation. |
-|800bxxxx |An error code starting with 800b is a trust failure. |
-|800Cxxxx |An error code starting with 800C is a Urlmon.dll failure. |
-
-
-## Internet Explorer Setup connection times out
-Internet Explorer Setup can switch servers during the installation process to maintain maximum throughput or to recover from a non-responsive download site (you receive less than 1 byte in 2 minutes). If the connection times out, but Setup is able to connect to the next download site on the list, your download starts over. If however the connection times out and Setup can’t connect to a different server, it’ll ask if you want to stop the installation or try again.
-
-To address connection issues (for example, as a result of server problems) where Setup can’t locate another download site by default, we recommend you overwrite your first download server using this workaround:
-
-``` syntax
-
|Determines whether to automatically configure the customized browser on your employee’s device. |
-|AutoConfigJSURL |`
|Determines whether to show the **Welcome** page the first time the browser’s used on an employee’s device. |
-|Quick_Link_1 |`
|Determines whether to make the Quick Links available for offline browsing. |
-|Search_Page |`
|Determines whether to use a local Internet Settings (.ins) file |
-
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
deleted file mode 100644
index 364daedbbc..0000000000
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-author: dansimp
-ms.prod: ie11
-ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the User Experience page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
-
-**Note**
You’ll only see this page if you are running the **Internal** version of the Internet Explorer Customization Wizard 11.
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related articles
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 4b844f29a5..2b4ee820e3 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -2,13 +2,14 @@
title: How to Move the App-V Server to Another Computer (Windows 10/11)
description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
+ms.topic: article
---
# How to move the App-V server to another computer
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 7b2ef74380..8af6d33a4d 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -2,14 +2,14 @@
title: Operations for App-V (Windows 10/11)
description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Operations for App-V
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index cb7e615a02..aca5169513 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -2,13 +2,14 @@
title: Performance Guidance for Application Virtualization
description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
+ms.topic: article
---
# Performance Guidance for Application Virtualization
@@ -16,7 +17,7 @@ ms.technology: itpro-apps
**Applies to**:
- Windows 7 SP1
-- Windows 10
+- Windows 10
- Windows 11
- Server 2012 R2
- Server 2016
@@ -103,7 +104,7 @@ The following information displays the required steps to prepare the base image
#### Prepare the Base Image
-- **Performance**:
+- **Performance**:
- Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
- Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
@@ -120,7 +121,7 @@ The following information displays the required steps to prepare the base image
- `AppData\Local\Microsoft\AppV\Client\VFS`
- `AppData\Roaming\Microsoft\AppV\Client\VFS`
-- **Storage**:
+- **Storage**:
- Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
- Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
@@ -144,7 +145,7 @@ For critical App-V Client configurations and for a little more context and how-t
- **PreserveUserIntegrationsOnLogin**: If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting isn't configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*.
For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.
-
+
If you don't plan to pre-configure every available user package in the base image, use this setting.
- Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Integration`.
@@ -181,7 +182,7 @@ UE-V will only support removing the .lnk file type from the exclusion list in th
- If a user has an application installed on one device but not another with .lnk files enabled.
> [!Important]
-> This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
+> This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
Using the Microsoft Registry Editor (regedit.exe), navigate to `HKEY\_LOCAL\_MACHINE\Software\Microsoft\UEV\Agent\Configuration\ExcludedFileTypes` and remove `.lnk` from the excluded file types.
@@ -200,10 +201,10 @@ To enable an optimized sign-in experience, for example the App-V approach for th
- Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations.
> [!Note]
- >
+ >
> App-V is supported when using UPD only when the entire profile is stored on the user profile disk.
- >
- > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver doesn't handle UPD selected folders.
+ >
+ > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver doesn't handle UPD selected folders.
- Capturing changes to the locations, which constitute the user integrations, prior to session sign out.
@@ -246,50 +247,50 @@ Registry – HKEY\_CURRENT\_USER
This following process is a step-by-step walk-through of the App-V and UPM operations, and the users' expectations.
- **Performance**: After implementing this approach in the VDI/RDSH environment, on first login,
- - (Operation) A user-publishing/refresh is initiated.
+ - (Operation) A user-publishing/refresh is initiated.
(Expectation) If it's the first time that a user has published virtual applications (for example, non-persistent), this operation will take the usual duration of a publishing/refresh.
- (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
(Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-out process. This result will incur the same/similar overhead as persisting the user state.
-
+
**On subsequent logins**:
- (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
(Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (that is, package entitlements change), some may go away.
- - (Operation) Publishing/refresh will process unpublish and publish operations for changes in user package entitlements.
-
+ - (Operation) Publishing/refresh will process unpublish and publish operations for changes in user package entitlements.
+
(Expectation) If there are no entitlement changes, publishing will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity of virtual applications
- The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.
-
+ The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.
+
- (Operation) UPM solution will capture user integrations again at sign off.
-
+
(Expectation) Same as previous.
- **Outcome**:
+ **Outcome**:
- Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of sign in.
- The publishing/refresh will process changes to the users-entitled virtual applications, which impacts the experience.
- **Storage**: After implementing this approach in the VDI/RDSH environment, on first login
- - (Operation) A user-publishing/refresh is initiated.
+ - (Operation) A user-publishing/refresh is initiated.
(Expectation):
- If this instance is the first time a user has published virtual applications (for example, non-persistent), this will take the usual duration of a publishing/refresh.
- First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).
-
+
- (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
- (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-off process. This result will incur the same/similar overhead as persisting the user state.
-
+ (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-off process. This result will incur the same/similar overhead as persisting the user state.
+
**On subsequent logins**:
-
+
- (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
- (Operation) Add/refresh must pre-configure all user targeted applications.
@@ -300,7 +301,7 @@ This following process is a step-by-step walk-through of the App-V and UPM opera
- (Operation) Publishing/refresh will process unpublish and publish operations for changes to user package entitlements.
**Outcome**: Because the add/refresh must reconfigure all the virtual applications to the VM, the publishing refresh time on every login will be extended.
-
+
### Impact to Package Life Cycle
Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (unpublished) virtual application packages, it's recommended you update the base image to reflect these changes. To understand why review the following section:
@@ -380,7 +381,7 @@ Removing FB1 doesn't require the original application installer. After completin
"C:\\UpgradedPackages"
> [!Note]
- > This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
+ > This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
|Step|Considerations|Benefits|Tradeoffs|
|--- |--- |--- |--- |
@@ -398,7 +399,7 @@ When publishing a virtual application package, the App-V Client will detect if a
|Step|Considerations|Benefits|Tradeoffs|
|--- |--- |--- |--- |
|Selectively Employ Dynamic Configuration files|The App-V client must parse and process these Dynamic Configuration files.
Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.
Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.|Publishing times will improve if these files are used selectively or not at all.|Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.|
-
+
### Disabling a Dynamic Configuration by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index c391399dd5..76f89eae1f 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -2,14 +2,14 @@
title: App-V Planning Checklist (Windows 10/11)
description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V Planning Checklist
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 04e30a407c..1045a49e6e 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -2,14 +2,14 @@
title: Planning to Use Folder Redirection with App-V (Windows 10/11)
description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning to Use Folder Redirection with App-V
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 6d1dfd402c..9d934729e0 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -2,14 +2,14 @@
title: Planning for the App-V Server Deployment (Windows 10/11)
description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for the App-V server deployment
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index e0bf768b4b..e4fcf0c5ad 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -2,14 +2,14 @@
title: Planning for App-V (Windows 10/11)
description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for App-V
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 3f800f36de..cb1db35d6e 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -2,14 +2,14 @@
title: Planning for High Availability with App-V Server
description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for high availability with App-V Server
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 61f49df9b6..2ba0a00feb 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -2,14 +2,14 @@
title: Planning for the App-V Sequencer and Client Deployment (Windows 10/11)
description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for the App-V Sequencer and Client Deployment
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index 02914cd55b..6bdba43ddf 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -2,14 +2,14 @@
title: Planning for Deploying App-V with Office (Windows 10/11)
description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for deploying App-V with Office
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 478b1f8523..0649249186 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -2,14 +2,14 @@
title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10/11)
description: Planning to Deploy App-V with an Electronic Software Distribution System
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning to Deploy App-V with an electronic software distribution system
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 5cfdf7b332..64468df388 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -2,14 +2,14 @@
title: Planning to Deploy App-V (Windows 10/11)
description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning to Deploy App-V for Windows client
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index 95fad14736..3268e9610e 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -1,7 +1,7 @@
---
title: Preparing Your Environment for App-V (Windows 10/11)
description: Use this info to prepare for deployment configurations and prerequisites for Microsoft Application Virtualization (App-V).
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
author: aczechowski
@@ -9,7 +9,7 @@ manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Preparing your environment for App-V
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 9df6ba5e4c..38af8e2364 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -2,14 +2,14 @@
title: App-V Prerequisites (Windows 10/11)
description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V for Windows client prerequisites
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 2a86b56aff..de2ecd3c81 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -2,14 +2,14 @@
title: How to Publish a Connection Group (Windows 10/11)
description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Publish a Connection Group
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index 8d1b3b7041..0d5526bb14 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to publish a package by using the Management console (Windows 10/11)
description: Learn how the Management console in App-V can help you enable admin controls as well as publish App-V packages.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to publish a package by using the Management console
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 2c82592252..21136dd2bf 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -2,13 +2,14 @@
title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10/11)
description: How to Register and Unregister a Publishing Server by Using the Management Console
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
+ms.topic: article
---
# How to Register and Unregister a Publishing Server by Using the Management Console
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index f2df77ee92..eb9bee258f 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -2,13 +2,14 @@
title: Release Notes for App-V for Windows 10 version 1703 (Windows 10/11)
description: A list of known issues and workarounds for App-V running on Windows 10 version 1703 and Windows 11.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
+ms.topic: article
---
# Release Notes for App-V for Windows 10 version 1703 and later
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 00fd89be8c..4f33d2444c 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -2,13 +2,14 @@
title: Release Notes for App-V for Windows 10, version 1607 (Windows 10)
description: A list of known issues and workarounds for App-V running on Windows 10, version 1607.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
+ms.topic: article
---
# Release Notes for App-V for Windows 10, version 1607
@@ -17,7 +18,7 @@ ms.technology: itpro-apps
- Windows 10, version 1607
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607.
-
+
## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client
There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the prerequisite check fails and causes the MSI to fail.
@@ -28,20 +29,20 @@ There are MSI packages generated by an App-V sequencer from previous versions of
2. Ensure that you've installed the **MSI Tools** included in the Windows 10 SDK, available as follows:
- For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/windows/downloads).
-
+
- For the standalone Windows 10 SDK without other tools, see [Standalone Windows SDK](https://developer.microsoft.com/windows/downloads/windows-sdk).
3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin**
4. From an elevated Windows PowerShell prompt, navigate to the following folder:
-
- <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\\**
- By default, this path is:
**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer**
+ <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\\**
+
+ By default, this path is:
**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer**
5. Run the following command:
- `Update-AppvPackageMsi -MsiPackage "
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
+
+
+
+```Device
+./Vendor/MSFT/ApplicationControl/Policies/{Policy GUID}/PolicyInfo/BasePolicyId
+```
+
+
+
+
+The BasePolicyId of the Policy Indicated by the Policy GUID.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
##### Policies/{Policy GUID}/PolicyInfo/FriendlyName
@@ -453,6 +487,45 @@ TRUE/FALSE if the Policy is a System Policy, that's a policy managed by Microsof
+
+##### Policies/{Policy GUID}/PolicyInfo/PolicyOptions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
+
+
+
+```Device
+./Vendor/MSFT/ApplicationControl/Policies/{Policy GUID}/PolicyInfo/PolicyOptions
+```
+
+
+
+
+The PolicyOptions of the Policy Indicated by the Policy GUID.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
##### Policies/{Policy GUID}/PolicyInfo/Status
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index e7b2417319..b7c198fd13 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -1,14 +1,7 @@
---
title: AppLocker CSP
description: Learn more about the AppLocker CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 313a0a7700..11f10bf906 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,14 +1,7 @@
---
title: AppLocker DDF file
description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 6aea2cc955..85fa624e4a 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -1,14 +1,7 @@
---
title: AssignedAccess CSP
description: Learn more about the AssignedAccess CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 30739845c8..f5e0e84d26 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -1,14 +1,7 @@
---
title: AssignedAccess DDF file
description: View the XML file containing the device description framework (DDF) for the AssignedAccess configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -61,7 +54,7 @@ The following XML file contains the device description framework (DDF) for the A
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
@@ -499,7 +492,7 @@ The PFX isn't exportable when it's installed to TPM.
| Format | `bool` |
| Access Type | Add, Get, Replace |
| Default Value | true |
-| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
@@ -1975,7 +1968,7 @@ When a value of "2" is contained in PFXCertPasswordEncryptionType, specify the s
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Get, Replace |
-| Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
@@ -2073,7 +2066,7 @@ Optional. Used to specify if the private key installed is exportable (can be exp
| Format | `bool` |
| Access Type | Add, Get, Replace |
| Default Value | true |
-| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index d51b9201d5..7648af9a26 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,14 +1,7 @@
---
title: ClientCertificateInstall DDF file
description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the C
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ArchiveMaxDepth
+```
+
+
+
+
+Specify the maximum folder depth to extract from archive files for scanning. If this configuration is off or not set, the default value (0) is applied, and all archives are extracted up to the deepest folder for scanning.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
+
+### Configuration/ArchiveMaxSize
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ArchiveMaxSize
+```
+
+
+
+
+Specify the maximum size, in KB, of archive files to be extracted and scanned. If this configuration is off or not set, the default value (0) is applied, and all archives are extracted and scanned regardless of size.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
### Configuration/ASROnlyPerRuleExclusions
@@ -402,6 +490,485 @@ Apply ASR only per rule exclusions.
+
+### Configuration/BehavioralNetworkBlocks
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### Configuration/BehavioralNetworkBlocks/BruteForceProtection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionAggressiveness
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionAggressiveness
+```
+
+
+
+
+Set the criteria for when Brute-Force Protection blocks IP addresses.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Low: Only IP addresses that are 100% confidence malicious (default). |
+| 1 | Medium: Use cloud aggregation to block IP addresses that are over 99% likely malicious. |
+| 2 | High: Block IP addresses identified using client intelligence and context to block IP addresses that are over 90% likely malicious. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionConfiguredState
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionConfiguredState
+```
+
+
+
+
+Brute-Force Protection in Microsoft Defender Antivirus detects and blocks attempts to forcibly sign in and initiate sessions.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured: Apply defaults set by the antivirus engine and platform. |
+| 1 | Block: Prevent suspicious and malicious behaviors. |
+| 2 | Audit: Generate EDR detections without blocking. |
+| 4 | Off: Feature is disabled with no performance impact. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionExclusions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionExclusions
+```
+
+
+
+
+Specify IP addresses, subnets, or workstation names to exclude from being blocked by Brute-Force Protection. Note that attackers can spoof excluded addresses and names to bypass protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionMaxBlockTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionMaxBlockTime
+```
+
+
+
+
+Set the maximum time an IP address is blocked by Brute-Force Protection. After this time, blocked IP addresses will be able to sign-in and initiate sessions. If set to 0, internal feature logic will determine blocking time.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
+
+#### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionAggressiveness
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionAggressiveness
+```
+
+
+
+
+Set the criteria for when Remote Encryption Protection blocks IP addresses.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Low: Block only when confidence level is 100% (Default). |
+| 1 | Medium: Use cloud aggregation and block when confidence level is above 99%. |
+| 2 | High: Use cloud intel and context, and block when confidence level is above 90%. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionConfiguredState
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionConfiguredState
+```
+
+
+
+
+Remote Encryption Protection in Microsoft Defender Antivirus detects and blocks attempts to replace local files with encrypted versions from another device.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured: Apply defaults set for the antivirus engine and platform. |
+| 1 | Block: Prevent suspicious and malicious behaviors. |
+| 2 | Audit: Generate EDR detections without blocking. |
+| 4 | Off: Feature is off with no performance impact. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionExclusions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionExclusions
+```
+
+
+
+
+Specify IP addresses, subnets, or workstation names to exclude from being blocked by Remote Encryption Protection. Note that attackers can spoof excluded addresses and names to bypass protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionMaxBlockTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionMaxBlockTime
+```
+
+
+
+
+Set the maximum time an IP address is blocked by Remote Encryption Protection. After this time, blocked IP addresses will be able to reinitiate connections. If set to 0, internal feature logic will determine blocking time.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
### Configuration/DataDuplicationDirectory
@@ -540,7 +1107,7 @@ Defines the maximum data duplication quota in MB that can be collected. When the
-Define data duplication remote location for device control.
+Define data duplication remote location for Device Control. When configuring this setting, ensure that Device Control is Enabled and that the provided path is a remote path the user can access.
@@ -1841,8 +2408,8 @@ This setting enables the DNS Sinkhole feature for Network Protection, respecting
| Value | Description |
|:--|:--|
-| 1 (Default) | DNS Sinkhole is disabled. |
-| 0 | DNS Sinkhole is enabled. |
+| 0 | DNS Sinkhole is disabled. |
+| 1 (Default) | DNS Sinkhole is enabled. |
@@ -2209,7 +2776,7 @@ Allow managed devices to update through metered connections. Default is 0 - not
-This sets the reputation mode for Network Protection.
+This sets the reputation mode engine for Network Protection.
@@ -2226,6 +2793,15 @@ This sets the reputation mode for Network Protection.
| Default Value | 0 |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Use standard reputation engine. |
+| 1 | Use ESP reputation engine. |
+
+
@@ -2750,9 +3326,19 @@ Defines which device's primary ids should be secured by Defender Device Control.
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Regular Expression: `^RemovableMediaDevices|CdRomDevices|WpdDevices|PrinterDevices$` |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| RemovableMediaDevices | RemovableMediaDevices. |
+| CdRomDevices | CdRomDevices. |
+| WpdDevices | WpdDevices. |
+| PrinterDevices | PrinterDevices. |
+
+
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index e46a86acbd..2e65444a0f 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,14 +1,7 @@
---
title: Defender DDF file
description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/PageErrorCode
+```
+
+
+
+
+This node provides specific overall HRESULT causing a fatal error on the Device Preparation page. This node is valid only if the PageErrorPhase node's value isn't Unknown.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+## PageErrorDetails
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/PageErrorDetails
+```
+
+
+
+
+This node provides optional details for any fatal error on the Device Preparation page. This node is valid only if the PageErrorPhase node's value isn't Unknown, but not all errors will have details.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+## PageErrorPhase
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/PageErrorPhase
+```
+
+
+
+
+This node provides the specific phase that failed during the Device Preparation page. Values are an enum: 0 = Unknown; 1 = AgentDownload; 2 = AgentProgress.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Unknown. |
+| 1 | AgentDownload. |
+| 2 | AgentProgress. |
+
+
+
+
+
+
+
+
## PageSettings
diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md
index eb4efc4afa..cdccc95934 100644
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@@ -1,14 +1,7 @@
---
title: DevicePreparation DDF file
description: View the XML file containing the device description framework (DDF) for the DevicePreparation configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
Dependency URI: `Vendor/MSFT/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
|
+| Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn`
Dependency URI: `Syncml/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
|
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 7dd6bd406e..96ba92429a 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,14 +1,7 @@
---
title: DMAcc DDF file
description: View the XML file containing the device description framework (DDF) for the DMAcc configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/HealthAttestation/AttestErrorMessage
+```
+
+
+
+
+AttestErrorMessage maintains the error message for the last attestation session, if returned by the attestation service.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
## AttestStatus
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 55bf10d11f..d68e4952d2 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,14 +1,7 @@
---
title: HealthAttestation DDF file
description: View the XML file containing the device description framework (DDF) for the HealthAttestation configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the H
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnableAccount
+```
+
+
+
+
+Use this setting to configure whether the automatically managed account is enabled or disabled.
+
+- If this setting is enabled, the target account will be enabled.
+
+- If this setting is disabled, the target account will be disabled.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| False (Default) | The target account will be disabled. |
+| True | The target account will be enabled. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementEnabled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+```
+
+
+
+
+Use this setting to specify whether automatic account management is enabled.
+
+- If this setting is enabled, the target account will be automatically managed.
+
+- If this setting is disabled, the target account won't be automatically managed.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | The target account won't be automatically managed. |
+| true | The target account will be automatically managed. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementNameOrPrefix
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementNameOrPrefix
+```
+
+
+
+
+Use this setting to configure the name or prefix of the managed local administrator account.
+
+If specified, the value will be used as the name or name prefix of the managed account.
+
+If not specified, this setting will default to "WLapsAdmin".
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementRandomizeName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementRandomizeName
+```
+
+
+
+
+Use this setting to configure whether the name of the automatically managed account uses a random numeric suffix each time the password is rotated.
+
+If this setting is enabled, the name of the target account will use a random numeric suffix.
+
+If this setting is disbled, the name of the target account won't use a random numeric suffix.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| False (Default) | The name of the target account won't use a random numeric suffix. |
+| True | The name of the target account will use a random numeric suffix. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementTarget
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementTarget
+```
+
+
+
+
+Use this setting to configure which account is automatically managed.
+
+The allowable settings are:
+
+0=The builtin administrator account will be managed.
+
+1=A new account created by Windows LAPS will be managed.
+
+If not specified, this setting will default to 1.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Manage the built-in administrator account. |
+| 1 (Default) | Manage a new custom administrator account. |
+
+
+
+
+
+
+
+
### Policies/BackupDirectory
@@ -485,6 +753,54 @@ If not specified, this setting will default to 0.
+
+### Policies/PassphraseLength
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/PassphraseLength
+```
+
+
+
+
+Use this setting to configure the number of passphrase words.
+
+If not specified, this setting will default to 6 words.
+
+This setting has a minimum allowed value of 3 words.
+
+This setting has a maximum allowed value of 10 words.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[3-10]` |
+| Default Value | 6 |
+| Dependency [PasswordComplexity] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/PasswordComplexity`
Dependency Allowed Value: `[6-8]`
Dependency Allowed Value Type: `Range`
|
+
+
+
+
+
+
+
+
### Policies/PasswordAgeDays
@@ -557,9 +873,15 @@ The allowable settings are:
1=Large letters
2=Large letters + small letters
3=Large letters + small letters + numbers
-4=Large letters + small letters + numbers + special characters.
+4=Large letters + small letters + numbers + special characters
+5=Large letters + small letters + numbers + special characters (improved readability)
+6=Passphrase (long words)
+7=Passphrase (short words)
+8=Passphrase (short words with unique prefixes)
If not specified, this setting will default to 4.
+
+Passphrase list taken from "Deep Dive: EFF's New Wordlists for Random Passphrases" by Electronic Frontier Foundation, and is used under a CC-BY-3.0 Attribution license. See
Dependency URI: `Vendor/MSFT/LAPS/Policies/PasswordComplexity`
Dependency Allowed Value: `[1-5]`
Dependency Allowed Value Type: `Range`
|
@@ -747,6 +1074,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
| 1 | Reset password: upon expiry of the grace period, the managed account password will be reset. |
| 3 (Default) | Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will be terminated. |
| 5 | Reset the password and reboot: upon expiry of the grace period, the managed account password will be reset and the managed device will be immediately rebooted. |
+| 11 | Reset the password, logoff the managed account, and terminate any remaining processes: upon expiration of the grace period, the managed account password is reset, any interactive logon sessions using the managed account are logged off, and any remaining processes are terminated. |
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index d9f29bb7d6..d347e57374 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,14 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 04/07/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -201,8 +194,14 @@ The allowable settings are:
2=Large letters + small letters
3=Large letters + small letters + numbers
4=Large letters + small letters + numbers + special characters
+5=Large letters + small letters + numbers + special characters (improved readability)
+6=Passphrase (long words)
+7=Passphrase (short words)
+8=Passphrase (short words with unique prefixes)
-If not specified, this setting will default to 4.
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Help/AllowChildProcesses
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowChildProcesses |
+| ADMX File Name | Help.admx |
+
+
+
+
+
+
+
+
## DisableHHDEP
@@ -155,6 +200,56 @@ For additional options, see the "Restrict these programs from being launched fro
+
+## HideChildProcessMessageBox
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Help/HideChildProcessMessageBox
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideChildProcessMessageBox |
+| ADMX File Name | Help.admx |
+
+
+
+
+
+
+
+
## RestrictRunFromHelp
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index b207a1fdec..3d1cc2cff2 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -1,14 +1,7 @@
---
title: ADMX_HelpAndSupport Policy CSP
description: Learn more about the ADMX_HelpAndSupport Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 97c0f896dd..731f6ed051 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -1,14 +1,7 @@
---
title: ADMX_hotspotauth Policy CSP
description: Learn more about the ADMX_hotspotauth Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index b75dbe301d..643e4044d3 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -1,14 +1,7 @@
---
title: ADMX_ICM Policy CSP
description: Learn more about the ADMX_ICM Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 02/28/2024
---
@@ -850,7 +843,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa
This policy setting allows you to remove access to Windows Update.
-- If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordLength
+```
+
+
+
+
+This security setting determines the least number of characters that a password for a user account may contain. The maximum value for this setting depends on the value of the Relax minimum password length limits setting. If the Relax minimum password length limits setting isn't defined, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and disabled, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and enabled, this setting may be configured from 0 to 128. Setting the required number of characters to 0 means that no password is required.
+
+> [!NOTE]
+> By default, member computers follow the configuration of their domain controllers. Default values: 7 on domain controllers 0 on stand-alone servers Configuring this setting larger than 14 may affect compatibility with clients, services, and applications. We recommend that you only configure this setting larger than 14 after you use the Minimum password length audit setting to test for potential incompatibilities at the new setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-128]` |
+| Default Value | 0 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Minimum password length |
+| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
+
+
+
+
+
+
+
+
+
+## MinimumPasswordLengthAudit
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordLengthAudit
+```
+
+
+
+
+This security setting determines the minimum password length for which password length audit warning events are issued. This setting may be configured from 1 to 128. You should only enable and configure this setting when you try to determine the potential effect of increasing the minimum password length setting in your environment. If this setting isn't defined, audit events won't be issued. If this setting is defined and is less than or equal to the minimum password length setting, audit events won't be issued. If this setting is defined and is greater than the minimum password length setting, and the length of a new account password is less than this setting, an audit event will be issued.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[1-128]` |
+| Default Value | 4294967295 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Minimum password length audit |
+| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
+
+
+
+
+
+
+
+
## PasswordComplexity
@@ -1255,6 +1351,64 @@ If you enable this setting, users will no longer be able to modify slide show se
+
+## RelaxMinimumPasswordLengthLimits
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/RelaxMinimumPasswordLengthLimits
+```
+
+
+
+
+This setting controls whether the minimum password length setting can be increased beyond the legacy limit of 14. If this setting isn't defined, minimum password length may be configured to no more than 14. If this setting is defined and disabled, minimum password length may be configured to no more than 14. If this setting is defined and enabled, minimum password length may be configured more than 14.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Relax minimum password length |
+| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
+
+
+
+
+
+
+
+
## ScreenTimeoutWhileLocked
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index c716b41a63..8f021f8337 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,14 +1,7 @@
---
title: Display Policy CSP
description: Learn more about the Display Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 0a9aa6d814..ed3b7b4609 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,14 +1,7 @@
---
title: DmaGuard Policy CSP
description: Learn more about the DmaGuard Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
index ccc75b02bf..14022fde28 100644
--- a/windows/client-management/mdm/policy-csp-eap.md
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -1,14 +1,7 @@
---
title: Eap Policy CSP
description: Learn more about the Eap Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 4ec2cef651..cfd49a1bf0 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,14 +1,7 @@
---
title: Education Policy CSP
description: Learn more about the Education Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 4005e29555..016c5d5a51 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,14 +1,7 @@
---
title: EnterpriseCloudPrint Policy CSP
description: Learn more about the EnterpriseCloudPrint Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -274,7 +267,7 @@ Resource URI for which access is being requested by the Mopria discovery client
This policy must target ./User, otherwise it fails.
-The default value is an empty string. Otherwise, the value should contain a URL.
+The default value is an empty string. Otherwise, the value should contain a URL.
**Example**:
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index e97461a682..50e401227e 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,14 +1,7 @@
---
title: ErrorReporting Policy CSP
description: Learn more about the ErrorReporting Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index ce940b762e..83a5c6c350 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,14 +1,7 @@
---
title: EventLogService Policy CSP
description: Learn more about the EventLogService Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 3fbecc7fbe..f7ecf4bf2a 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,14 +1,7 @@
---
title: Experience Policy CSP
description: Learn more about the Experience Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 089a7066d9..6d947b5cd3 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,14 +1,7 @@
---
title: ExploitGuard Policy CSP
description: Learn more about the ExploitGuard Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-federatedauthentication.md b/windows/client-management/mdm/policy-csp-federatedauthentication.md
index 18426abce1..4b4de43f51 100644
--- a/windows/client-management/mdm/policy-csp-federatedauthentication.md
+++ b/windows/client-management/mdm/policy-csp-federatedauthentication.md
@@ -1,14 +1,7 @@
---
title: FederatedAuthentication Policy CSP
description: Learn more about the FederatedAuthentication Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index a8a7ae5f57..98a8e70629 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -1,15 +1,7 @@
---
title: Policy CSP - Feeds
description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
ms.date: 09/17/2021
-ms.reviewer:
-manager: aaroncz
---
# Policy CSP - Feeds
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 75e9fb777f..fb55df7a5d 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,14 +1,7 @@
---
title: FileExplorer Policy CSP
description: Learn more about the FileExplorer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md
index b3c3aa2084..f1d4135999 100644
--- a/windows/client-management/mdm/policy-csp-filesystem.md
+++ b/windows/client-management/mdm/policy-csp-filesystem.md
@@ -1,14 +1,7 @@
---
title: FileSystem Policy CSP
description: Learn more about the FileSystem Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 7be1ae616e..d16bea4048 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,14 +1,7 @@
---
title: Games Policy CSP
description: Learn more about the Games Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 941b6ab1ce..6cd40803bd 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,14 +1,7 @@
---
title: Handwriting Policy CSP
description: Learn more about the Handwriting Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 6584e6372b..3ef891ed68 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -1,14 +1,7 @@
---
title: HumanPresence Policy CSP
description: Learn more about the HumanPresence Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index d707b4af93..a6efb038f9 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,14 +1,7 @@
---
title: InternetExplorer Policy CSP
description: Learn more about the InternetExplorer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -3666,17 +3659,7 @@ If you disable, or don't configure this policy, all sites are opened using the c
-
-This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
-
-> [!IMPORTANT]
-> Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
-
-- If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
-
-- If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
-
-- If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
+
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index ed58ffd639..092f0fcfa3 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,14 +1,7 @@
---
title: Kerberos Policy CSP
description: Learn more about the Kerberos Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -323,7 +316,7 @@ If you don't configure this policy, the SHA1 algorithm will assume the **Default
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
@@ -396,7 +389,7 @@ If you don't configure this policy, the SHA256 algorithm will assume the **Defau
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
@@ -469,7 +462,7 @@ If you don't configure this policy, the SHA384 algorithm will assume the **Defau
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
@@ -542,7 +535,7 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 957c1a280e..ab923304b0 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,14 +1,7 @@
---
title: KioskBrowser Policy CSP
description: Learn more about the KioskBrowser Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 4c0d5e7b6e..b3e44fe44d 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,14 +1,7 @@
---
title: LanmanWorkstation Policy CSP
description: Learn more about the LanmanWorkstation Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 27405e9ef7..69f8d74490 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,14 +1,7 @@
---
title: Licensing Policy CSP
description: Learn more about the Licensing Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 00bb621743..bb70540374 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,14 +1,7 @@
---
title: LocalPoliciesSecurityOptions Policy CSP
description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -373,7 +366,7 @@ Accounts: Rename guest account This security setting determines whether a differ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -402,6 +395,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
| Format | `b64` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: ``) |
+| Default Value | 00 |
@@ -416,7 +410,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -457,7 +451,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -722,7 +716,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -771,7 +765,7 @@ Devices: Restrict floppy access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -824,7 +818,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -880,7 +874,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -930,7 +924,7 @@ Domain member: Digitally sign secure channel data (when possible) This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -987,7 +981,7 @@ Domain member: Disable machine account password changes Determines whether a dom
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1040,7 +1034,7 @@ Domain member: Maximum machine account password age This security setting determ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1325,31 +1319,31 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w
-
-## InteractiveLogon_MachineAccountThreshold
+
+## InteractiveLogon_MachineAccountLockoutThreshold
-
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
-
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
-
+
```Device
-./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineAccountThreshold
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineAccountLockoutThreshold
```
-
+
-
+
Interactive logon: Machine account threshold. The machine lockout policy is enforced only on those machines that have BitLocker enabled for protecting OS volumes. Please ensure that appropriate recovery password backup policies are enabled. This security setting determines the number of failed logon attempts that causes the machine to be locked out. A locked out machine can only be recovered by providing recovery key at console. You can set the value between 1 and 999 failed logon attempts. If you set the value to 0, the machine will never be locked out. Values from 1 to 3 will be interpreted as 4. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password protected screen savers counts as failed logon attempts. The machine lockout policy is enforced only on those machines that have BitLocker enabled for protecting OS volumes. Please ensure that the appropriate recovery password backup policies are enabled. Default: 0.
-
+
-
+
-
+
-
+
**Description framework properties**:
| Property name | Property value |
@@ -1358,22 +1352,22 @@ Interactive logon: Machine account threshold. The machine lockout policy is enfo
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[0-999]` |
| Default Value | 0 |
-
+
-
+
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | Interactive logon: Machine account lockout threshold |
| Path | Windows Settings > Security Settings > Local Policies > Security Options |
-
+
-
+
-
+
-
+
## InteractiveLogon_MachineInactivityLimit
@@ -1531,7 +1525,7 @@ Interactive logon: Message title for users attempting to log on This security se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1571,7 +1565,7 @@ Interactive logon: Number of previous logons to cache (in case domain controller
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1866,7 +1860,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1891,8 +1885,8 @@ Microsoft network server: Amount of idle time required before suspending a sessi
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-15]` |
-| Default Value | 15 |
+| Allowed Values | Range: `[0-99999]` |
+| Default Value | 99999 |
@@ -2049,7 +2043,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2090,7 +2084,7 @@ Microsoft network server: Disconnect clients when logon hours expire This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2125,109 +2119,6 @@ Microsoft network server: Server SPN target name validation level This policy se
-
-## MinimumPasswordLength
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MinimumPasswordLength
-```
-
-
-
-
-This security setting determines the least number of characters that a password for a user account may contain. The maximum value for this setting depends on the value of the Relax minimum password length limits setting. If the Relax minimum password length limits setting isn't defined, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and disabled, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and enabled, this setting may be configured from 0 to 128. Setting the required number of characters to 0 means that no password is required.
-
-> [!NOTE]
-> By default, member computers follow the configuration of their domain controllers. Default values: 7 on domain controllers 0 on stand-alone servers Configuring this setting larger than 14 may affect compatibility with clients, services, and applications. We recommend that you only configure this setting larger than 14 after you use the Minimum password length audit setting to test for potential incompatibilities at the new setting.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-128]` |
-| Default Value | 0 |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Minimum password length |
-| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
-
-
-
-
-
-
-
-
-
-## MinimumPasswordLengthAudit
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MinimumPasswordLengthAudit
-```
-
-
-
-
-This security setting determines the minimum password length for which password length audit warning events are issued. This setting may be configured from 1 to 128. You should only enable and configure this setting when you try to determine the potential effect of increasing the minimum password length setting in your environment. If this setting isn't defined, audit events won't be issued. If this setting is defined and is less than or equal to the minimum password length setting, audit events won't be issued. If this setting is defined and is greater than the minimum password length setting, and the length of a new account password is less than this setting, an audit event will be issued.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[1-128]` |
-| Default Value | 4294967295 |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Minimum password length audit |
-| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
-
-
-
-
-
-
-
-
## NetworkAccess_AllowAnonymousSIDOrNameTranslation
@@ -2415,7 +2306,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2463,7 +2354,7 @@ Network access: Don't allow storage of passwords and credentials for network aut
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2513,7 +2404,7 @@ Network access: Let Everyone permissions apply to anonymous users This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2538,6 +2429,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2552,7 +2444,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2580,6 +2472,7 @@ Network access: Remotely accessible registry paths This security setting determi
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2594,7 +2487,7 @@ Network access: Remotely accessible registry paths This security setting determi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2622,6 +2515,7 @@ Network access: Remotely accessible registry paths and subpaths This security se
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2742,7 +2636,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2767,6 +2661,7 @@ Network access: Shares that can be accessed anonymously This security setting de
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2781,7 +2676,7 @@ Network access: Shares that can be accessed anonymously This security setting de
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2825,7 +2720,7 @@ Network access: Sharing and security model for local accounts This security sett
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3083,7 +2978,7 @@ Network security: Force logoff when logon hours expire This security setting det
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
+| Default Value | 1 |
@@ -3091,8 +2986,8 @@ Network security: Force logoff when logon hours expire This security setting det
| Value | Description |
|:--|:--|
-| 1 | Enable. |
-| 0 (Default) | Disable. |
+| 1 (Default) | Enable. |
+| 0 | Disable. |
@@ -3181,7 +3076,7 @@ Network security LAN Manager authentication level This security setting determin
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3213,7 +3108,7 @@ Network security: LDAP client signing requirements This security setting determi
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[0-2]` |
-| Default Value | 0 |
+| Default Value | 1 |
@@ -3587,7 +3482,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3637,7 +3532,7 @@ Recovery console: Allow automatic administrative logon This security setting det
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3672,64 +3567,6 @@ Recovery console: Allow floppy copy and access to all drives and all folders Ena
-
-## RelaxMinimumPasswordLengthLimits
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/RelaxMinimumPasswordLengthLimits
-```
-
-
-
-
-This setting controls whether the minimum password length setting can be increased beyond the legacy limit of 14. If this setting isn't defined, minimum password length may be configured to no more than 14. If this setting is defined and disabled, minimum password length may be configured to no more than 14. If this setting is defined and enabled, minimum password length may be configured more than 14.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Disabled. |
-| 1 | Enabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Relax minimum password length |
-| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
-
-
-
-
-
-
-
-
## Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
@@ -3852,7 +3689,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3893,7 +3730,7 @@ System Cryptography: Force strong key protection for user keys stored on the com
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3943,7 +3780,7 @@ System objects: Require case insensitivity for non-Windows subsystems This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -4101,6 +3938,64 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm
+
+## UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators
+```
+
+
+
+
+User Account Control: Behavior of the elevation prompt for administrators running with enhanced privilege protection. This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. - Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 2 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Prompt for credentials on the secure desktop. |
+| 2 (Default) | Prompt for consent on the secure desktop. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | User Account Control: Behavior of the elevation prompt for administrators running with enhanced privilege protection |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+
+
+
+
+
+
+
+
## UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
@@ -4453,6 +4348,64 @@ User Account Control: Switch to the secure desktop when prompting for elevation
+
+## UserAccountControl_TypeOfAdminApprovalMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_TypeOfAdminApprovalMode
+```
+
+
+
+
+User Account Control: Configure type of Admin Approval Mode. This policy setting controls whether enhanced privilege protection is applied to admin approval mode elevations. If you change this policy setting, you must restart your computer. This policy is only supported on Windows Desktop, not Server. The options are: - Admin Approval Mode is running in legacy mode (default). - Admin Approval Mode is running with enhanced privilege protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 (Default) | Legacy Admin Approval Mode. |
+| 2 | Admin Approval Mode with enhanced privilege protection. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | User Account Control: Configure type of Admin Approval Mode |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+
+
+
+
+
+
+
+
## UserAccountControl_UseAdminApprovalMode
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index 1ae1768b2e..7dc4364747 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -1,14 +1,7 @@
---
title: LocalUsersAndGroups Policy CSP
description: Learn more about the LocalUsersAndGroups Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index f7afb94964..95f4c33c50 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,14 +1,7 @@
---
title: LockDown Policy CSP
description: Learn more about the LockDown Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md
index 3359d00d6a..d4773d4c5d 100644
--- a/windows/client-management/mdm/policy-csp-lsa.md
+++ b/windows/client-management/mdm/policy-csp-lsa.md
@@ -1,14 +1,7 @@
---
title: LocalSecurityAuthority Policy CSP
description: Learn more about the LocalSecurityAuthority Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index e3a20f4341..7dc52aed91 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,14 +1,7 @@
---
title: Maps Policy CSP
description: Learn more about the Maps Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
index 5c6eedf729..d6550053a3 100644
--- a/windows/client-management/mdm/policy-csp-memorydump.md
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -1,14 +1,7 @@
---
title: MemoryDump Policy CSP
description: Learn more about the MemoryDump Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index f0b04e92b7..30117ff84d 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -1,14 +1,7 @@
---
title: Messaging Policy CSP
description: Learn more about the Messaging Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 79b92833b7..19bd347e3c 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -1,14 +1,7 @@
---
title: MixedReality Policy CSP
description: Learn more about the MixedReality Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/29/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 02/20/2024
---
@@ -279,6 +272,59 @@ This policy controls if the HoloLens displays will be automatically adjusted for
+
+## AutoUnlock
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/MixedReality/AutoUnlock
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoUnlock
+```
+
+
+
+
+This policy controls whether a signed-in user will be prompted for credentials when returning to the device after the device has entered suspended state. This policy is available both for the device as well as the user scope. When enabled for the device scope, auto unlock will be enabled for all users on the device. When enabled for the user scope, only the specific user will have auto unlock enabled.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | User will be prompted for credentials. |
+| 1 | User won't be prompted for credentials. |
+
+
+
+
+
+
+
+
## BrightnessButtonDisabled
@@ -328,6 +374,97 @@ This policy setting controls if pressing the brightness button changes the brigh
+
+## ConfigureDeviceStandbyAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyAction
+```
+
+
+
+
+This policy setting controls device maintenance action during standby.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured. |
+| 1 | Logoff users. |
+| 2 | Reboot device. |
+
+
+
+
+
+
+
+
+
+## ConfigureDeviceStandbyActionTimeout
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyActionTimeout
+```
+
+
+
+
+This policy setting controls when to start maintenance action after device enters standby. The timeout value is in hours.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[1-168]` |
+| Default Value | 8 |
+
+
+
+
+
+
+
+
## ConfigureMovingPlatform
@@ -650,7 +787,7 @@ Windows Network Connectivity Status Indicator may get a false positive internet-
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -699,7 +836,7 @@ This policy setting controls if pinching your thumb and index finger, while look
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -748,7 +885,7 @@ This policy setting controls if using voice commands to open the Start menu is e
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1111,7 +1248,7 @@ The following example XML string shows the value to enable this policy:
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1160,7 +1297,7 @@ This policy configures whether the Sign-In App should prefer showing Other User
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1209,7 +1346,7 @@ This policy setting controls if it's require that the Start icon to be pressed f
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 9d94c49836..da47e000cd 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,14 +1,7 @@
---
title: MSSecurityGuide Policy CSP
description: Learn more about the MSSecurityGuide Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -18,6 +11,8 @@ ms.topic: reference
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -228,7 +223,7 @@ ms.topic: reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index a34a41ff94..6e60b0d9dd 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,14 +1,7 @@
---
title: MSSLegacy Policy CSP
description: Learn more about the MSSLegacy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index c12b74e90f..84df0472de 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -1,14 +1,7 @@
---
title: Multitasking Policy CSP
description: Learn more about the Multitasking Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index dd7b76de61..14633df6c8 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,14 +1,7 @@
---
title: NetworkIsolation Policy CSP
description: Learn more about the NetworkIsolation Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 8b5b22dbeb..0ade49a774 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,14 +1,7 @@
---
title: NetworkListManager Policy CSP
description: Learn more about the NetworkListManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -16,6 +9,8 @@ ms.topic: reference
# Policy CSP - NetworkListManager
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -26,7 +21,7 @@ ms.topic: reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -75,7 +70,7 @@ This policy setting allows you to specify whether users can change the network i
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -124,7 +119,7 @@ This policy setting allows you to specify whether users can change the network l
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -267,7 +262,7 @@ This policy setting provides the string that names a network. If this setting is
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -316,7 +311,7 @@ This policy setting allows you to configure the Network Location for networks th
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -365,7 +360,7 @@ This policy setting allows you to configure the Network Location type for networ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
index c22d8a9bfa..16fabdc822 100644
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -1,14 +1,7 @@
---
title: NewsAndInterests Policy CSP
description: Learn more about the NewsAndInterests Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 1f7b42377a..65d5cb42bc 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -1,14 +1,7 @@
---
title: Notifications Policy CSP
description: Learn more about the Notifications Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 68c365431c..e1e5083184 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,14 +1,7 @@
---
title: Power Policy CSP
description: Learn more about the Power Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 10b73e98be..fa423988bf 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,14 +1,7 @@
---
title: Printers Policy CSP
description: Learn more about the Printers Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -676,6 +669,56 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
+
+## ConfigureWindowsProtectedPrint
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureWindowsProtectedPrint
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureWindowsProtectedPrint |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
## EnableDeviceControl
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index f96c5acb6a..5094419e31 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,14 +1,7 @@
---
title: Privacy Policy CSP
description: Learn more about the Privacy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index fa85c9cec4..1e190204ac 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,14 +1,7 @@
---
title: RemoteAssistance Policy CSP
description: Learn more about the RemoteAssistance Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index e112f3b6d8..caa589b6f9 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -1,14 +1,7 @@
---
title: RemoteDesktop Policy CSP
description: Learn more about the RemoteDesktop Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index e56b901ad4..2e7833047e 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,14 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 1a0bbae405..0f19f54970 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,14 +1,7 @@
---
title: RemoteManagement Policy CSP
description: Learn more about the RemoteManagement Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index c939be5ef0..1def7d700f 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,14 +1,7 @@
---
title: RemoteProcedureCall Policy CSP
description: Learn more about the RemoteProcedureCall Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 95deedc15b..e7c0d076a7 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,14 +1,7 @@
---
title: RemoteShell Policy CSP
description: Learn more about the RemoteShell Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 83c65f6386..6c8af25f6a 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,14 +1,7 @@
---
title: RestrictedGroups Policy CSP
description: Learn more about the RestrictedGroups Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 624d6566b7..ba702af769 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,14 +1,7 @@
---
title: Search Policy CSP
description: Learn more about the Search Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -293,7 +286,7 @@ The most restrictive value is `0` to not allow indexing of encrypted items.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1620] and later
✅ Windows 10, version 21H1 [10.0.19043.1620] and later
✅ Windows 10, version 21H2 [10.0.19044.1620] and later
✅ Windows 11, version 21H2 [10.0.22000.1761] and later
✅ Windows 11, version 22H2 [10.0.22621] and later |
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index ef1082ff7d..b1093ffddc 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,14 +1,7 @@
---
title: Security Policy CSP
description: Learn more about the Security Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 73dbb1343a..46c10a8e9a 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -1,14 +1,7 @@
---
title: ServiceControlManager Policy CSP
description: Learn more about the ServiceControlManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 9f5437e695..eeb0d6f1ba 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,14 +1,7 @@
---
title: Settings Policy CSP
description: Learn more about the Settings Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md
index 954bbaeaf2..39e032a8b4 100644
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@@ -1,14 +1,7 @@
---
title: SettingsSync Policy CSP
description: Learn more about the SettingsSync Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index a59c0981e8..6e99e05ccb 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,14 +1,7 @@
---
title: SmartScreen Policy CSP
description: Learn more about the SmartScreen Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -77,6 +70,8 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot
|:--|:--|
| 0 (Default) | Turns off Application Installation Control, allowing users to download and install files from anywhere on the web. |
| 1 | Turns on Application Installation Control, allowing users to only install apps from the Store. |
+| 2 | Turns on Application Installation Control, letting users know that there's a comparable app in the Store. |
+| 3 | Turns on Application Installation Control, warning users before installing apps from outside the Store. |
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index bf6e6f78d4..437f917212 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,14 +1,7 @@
---
title: Speech Policy CSP
description: Learn more about the Speech Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 838e2faf41..8ae3504c72 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,14 +1,7 @@
---
title: Start Policy CSP
description: Learn more about the Start Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 09/25/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-stickers.md b/windows/client-management/mdm/policy-csp-stickers.md
index 9f2e6a4f60..34b5c89385 100644
--- a/windows/client-management/mdm/policy-csp-stickers.md
+++ b/windows/client-management/mdm/policy-csp-stickers.md
@@ -1,14 +1,7 @@
---
title: Stickers Policy CSP
description: Learn more about the Stickers Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 3e241acee7..78f789eba8 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,14 +1,7 @@
---
title: Storage Policy CSP
description: Learn more about the Storage Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md
new file mode 100644
index 0000000000..13be1bd00e
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-sudo.md
@@ -0,0 +1,78 @@
+---
+title: Sudo Policy CSP
+description: Learn more about the Sudo Area in Policy CSP.
+ms.date: 01/31/2024
+---
+
+
+
+
+# Policy CSP - Sudo
+
+[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+
+
+
+
+## EnableSudo
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Sudo/EnableSudo
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableSudo |
+| ADMX File Name | Sudo.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 22ff8ce8ea..337e3987e3 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,14 +1,7 @@
---
title: System Policy CSP
description: Learn more about the System Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index b0e97a7454..b08d9a0c2d 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,14 +1,7 @@
---
title: SystemServices Policy CSP
description: Learn more about the SystemServices Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 9882cd2083..439cfdb8d3 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,14 +1,7 @@
---
title: TaskManager Policy CSP
description: Learn more about the TaskManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 61603da719..a847cb3ec9 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,14 +1,7 @@
---
title: TaskScheduler Policy CSP
description: Learn more about the TaskScheduler Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
index 32c6595782..6c9181ab8c 100644
--- a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
+++ b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
@@ -1,14 +1,7 @@
---
title: TenantDefinedTelemetry Policy CSP
description: Learn more about the TenantDefinedTelemetry Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
index 62451125d8..b0838899b1 100644
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@@ -1,14 +1,7 @@
---
title: TenantRestrictions Policy CSP
description: Learn more about the TenantRestrictions Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 49037f5600..359c78a5c8 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,14 +1,7 @@
---
title: TextInput Policy CSP
description: Learn more about the TextInput Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 216139ba2a..ec0faa2924 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,14 +1,7 @@
---
title: TimeLanguageSettings Policy CSP
description: Learn more about the TimeLanguageSettings Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 96e90c4433..4e27dcdaee 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,14 +1,7 @@
---
title: Troubleshooting Policy CSP
description: Learn more about the Troubleshooting Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 5232cbd5a3..d52bea489c 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,14 +1,7 @@
---
title: Update Policy CSP
description: Learn more about the Update Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 02/14/2024
---
@@ -282,7 +275,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3757] and later |
@@ -2294,7 +2287,8 @@ Allows the IT admin to manage whether to scan for app updates from Microsoft Upd
> [!NOTE]
-> Setting this policy back to 0 or Not configured doesn't revert the configuration to receive updates from Microsoft Update automatically. In order to revert the configuration, you can run the PowerShell commands that are listed below to remove the Microsoft Update service:
+> - For a list of other Microsoft products that might be updated, see [Update other Microsoft products](/windows/deployment/update/update-other-microsoft-products).
+> - Setting this policy back to 0 or Not configured doesn't revert the configuration to receive updates from Microsoft Update automatically. In order to revert the configuration, you can run the PowerShell commands that are listed below to remove the Microsoft Update service:
>
> ```powershell
> $MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
@@ -2435,7 +2429,7 @@ Number of days before feature updates are installed on devices automatically reg
> [!NOTE]
->
+>
> - After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
> - When this policy is used, the download, installation, and reboot settings from [Update/AllowAutoUpdate](#allowautoupdate) are ignored.
@@ -2494,7 +2488,7 @@ Number of days before quality updates are installed on devices automatically reg
> [!NOTE]
->
+>
> - After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
> - When this policy is used, the download, installation, and reboot settings from [Update/AllowAutoUpdate](#allowautoupdate) are ignored.
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 39a023b122..dc226ea336 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,14 +1,7 @@
---
title: UserRights Policy CSP
description: Learn more about the UserRights Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 5c2fd4615b..bfea6628c8 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -1,14 +1,7 @@
---
title: VirtualizationBasedTechnology Policy CSP
description: Learn more about the VirtualizationBasedTechnology Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index e415fba8e2..0b01461d1e 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -1,14 +1,7 @@
---
title: WebThreatDefense Policy CSP
description: Learn more about the WebThreatDefense Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -16,6 +9,8 @@ ms.topic: reference
# Policy CSP - WebThreatDefense
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
> [!NOTE]
@@ -28,7 +23,7 @@ ms.topic: reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 23H2 [10.0.22631] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 0eb72b28a0..677a40fffb 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,14 +1,7 @@
---
title: Wifi Policy CSP
description: Learn more about the Wifi Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -16,6 +9,8 @@ ms.topic: reference
# Policy CSP - Wifi
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -234,7 +229,7 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -284,7 +279,7 @@ Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-F
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 879c8ba6b4..aa027def07 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,14 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/14/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -16,17 +9,81 @@ ms.topic: reference
# Policy CSP - WindowsAI
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+## DisableAIDataAnalysis
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
+```
+
+
+
+
+This policy setting allows you to prevent Windows AI from using and analyzing user patterns and data.
+
+- If you enable this policy setting, Windows AI won't be able to take advantage of historical user patterns.
+
+- If you disable or don't configure this policy setting, Windows AI will be able to assist users by considering their historical behaviors and data.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enable Data Analysis for Windows AI. |
+| 1 | Disable Data Analysis for Windows AI. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableAIDataAnalysis |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
## TurnOffWindowsCopilot
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.3758] and later
✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows 11, version 23H2 [10.0.22631] and later |
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3758] and later
✅ Windows 10, version 22H2 [10.0.19045.3758] and later
✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows 11, version 23H2 [10.0.22631] and later |
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 6fc277fe8f..1e3b68c37a 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -1,14 +1,7 @@
---
title: WindowsAutopilot Policy CSP
description: Learn more about the WindowsAutopilot Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 3b1491564f..ae7bafe0cf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,14 +1,7 @@
---
title: WindowsConnectionManager Policy CSP
description: Learn more about the WindowsConnectionManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 44ed4083ba..bc665f2973 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,14 +1,7 @@
---
title: WindowsDefenderSecurityCenter Policy CSP
description: Learn more about the WindowsDefenderSecurityCenter Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index a2608dd9a9..c84c0bded7 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,14 +1,7 @@
---
title: WindowsInkWorkspace Policy CSP
description: Learn more about the WindowsInkWorkspace Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 7f43647495..9d17406fe6 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,14 +1,7 @@
---
title: WindowsLogon Policy CSP
description: Learn more about the WindowsLogon Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -41,11 +34,11 @@ ms.topic: reference
This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
-This only occurs if the last interactive user didn't sign out before the restart or shutdown.
+This only occurs if the last interactive user didn't sign out before the restart or shutdown.
If the device is joined to Active Directory or Microsoft Entra ID, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.
-- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
+- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot .
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 2a3b6be557..9e4a87efb2 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,14 +1,7 @@
---
title: WindowsPowerShell Policy CSP
description: Learn more about the WindowsPowerShell Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index be6709c49c..ffa94e847a 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -1,14 +1,7 @@
---
title: WindowsSandbox Policy CSP
description: Learn more about the WindowsSandbox Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 11/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 2d101d6563..70e8e67fba 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,14 +1,7 @@
---
title: WirelessDisplay Policy CSP
description: Learn more about the WirelessDisplay Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/printerprovisioning-csp.md b/windows/client-management/mdm/printerprovisioning-csp.md
index bea685738c..a80ace3abb 100644
--- a/windows/client-management/mdm/printerprovisioning-csp.md
+++ b/windows/client-management/mdm/printerprovisioning-csp.md
@@ -1,14 +1,7 @@
---
title: PrinterProvisioning CSP
description: Learn more about the PrinterProvisioning CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/printerprovisioning-ddf-file.md b/windows/client-management/mdm/printerprovisioning-ddf-file.md
index fb871d05c8..3c4a974d93 100644
--- a/windows/client-management/mdm/printerprovisioning-ddf-file.md
+++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md
@@ -1,14 +1,7 @@
---
title: PrinterProvisioning DDF file
description: View the XML file containing the device description framework (DDF) for the PrinterProvisioning configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index 11e636ca48..62d027c686 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -1,13 +1,6 @@
---
title: Provisioning CSP
description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index bfc6a262c4..b452264fde 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -1,13 +1,6 @@
---
title: PXLOGICAL configuration service provider
description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index f289a7e154..b095998bbd 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,14 +1,7 @@
---
title: Reboot CSP
description: Learn more about the Reboot CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 68b6e64ef9..3b86f5316c 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -1,14 +1,7 @@
---
title: Reboot DDF file
description: View the XML file containing the device description framework (DDF) for the Reboot configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 2b3973921d..2acb98e912 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -1,13 +1,6 @@
---
title: RemoteFind CSP
description: The RemoteFind configuration service provider retrieves the location information for a particular device.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index e805197cf2..572d1cbf9e 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -1,13 +1,6 @@
---
title: RemoteFind DDF file
description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index 16c44fd50b..12526066f9 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -1,13 +1,6 @@
---
title: RemoteRing CSP
description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -17,29 +10,27 @@ ms.date: 06/26/2017
You can use the RemoteRing configuration service provider to remotely trigger a device to produce an audible ringing sound, regardless of the volume that is set on the device.
The following DDF format shows the RemoteRing configuration service provider in tree format.
+
```
./User/Vendor/MSFT
RemoteRing
----Ring
-
./Device/Vendor/MSFT
Root
-
./User/Vendor/MSFT
./Device/Vendor/MSFT
RemoteRing
----Ring
```
-**Ring**
-Required. The node accepts requests to ring the device.
-The supported operation is Exec.
+## Ring
+
+Required. The node accepts requests to ring the device. The supported operation is Exec.
## Examples
-
The following sample shows how to initiate a remote ring on the device.
```xml
@@ -52,13 +43,3 @@ The following sample shows how to initiate a remote ring on the device.
```
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index d0ae5d1f19..1c0afff55f 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -1,14 +1,7 @@
---
title: RemoteWipe CSP
description: Learn more about the RemoteWipe CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 1bc56998aa..6ec9d27e89 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -1,14 +1,7 @@
---
title: RemoteWipe DDF file
description: View the XML file containing the device description framework (DDF) for the RemoteWipe configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 02/17/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index a6ff79d5e1..b8b1422494 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -1,13 +1,6 @@
---
title: Reporting CSP
description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index 71c1e4a728..b04625ed11 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -1,13 +1,6 @@
---
title: Reporting DDF file
description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 67664ef793..6445586c10 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -1,14 +1,7 @@
---
title: RootCATrustedCertificates CSP
description: Learn more about the RootCATrustedCertificates CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index fbfb864c26..d5a746496d 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,14 +1,7 @@
---
title: RootCATrustedCertificates DDF file
description: View the XML file containing the device description framework (DDF) for the RootCATrustedCertificates configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 1ccd2b55b5..172e2ef819 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,14 +1,7 @@
---
title: SecureAssessment CSP
description: Learn more about the SecureAssessment CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 01eaf192bc..ef8d526873 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,14 +1,7 @@
---
title: SecureAssessment DDF file
description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 49390c0ef7..c35bb9bfe7 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -1,13 +1,6 @@
---
title: SecurityPolicy CSP
description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index f2446290ae..bdff7ac7bd 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -1,14 +1,7 @@
---
title: SharedPC CSP
description: Learn more about the SharedPC CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index b652268570..fd1f225e74 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,14 +1,7 @@
---
title: SharedPC DDF file
description: View the XML file containing the device description framework (DDF) for the SharedPC configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 7593043812..3319247b9f 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -1,13 +1,6 @@
---
title: Storage CSP
description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 9b582019e9..e0797e83a5 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -1,13 +1,6 @@
---
title: Storage DDF file
description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 90fb91e0bd..3793140f08 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -1,14 +1,7 @@
---
title: SUPL CSP
description: Learn more about the SUPL CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 3d0aa1baf9..e489dea63b 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -1,14 +1,7 @@
---
title: SUPL DDF file
description: View the XML file containing the device description framework (DDF) for the SUPL configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 4c9892dc4c..553037a410 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -1,14 +1,7 @@
---
title: SurfaceHub CSP
description: Learn more about the SurfaceHub CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 2519ecf5d4..4bfee13fce 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -1,14 +1,7 @@
---
title: SurfaceHub DDF file
description: View the XML file containing the device description framework (DDF) for the SurfaceHub configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index 97551d7680..f9abc97d80 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -1,14 +1,7 @@
---
title: TenantLockdown CSP
description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 08/13/2018
-ms.reviewer:
-manager: aaroncz
---
# TenantLockdown CSP
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index 3aa78e83a1..05bf7451c6 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,14 +1,7 @@
---
title: TenantLockdown DDF file
description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP).
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 08/13/2018
-ms.reviewer:
-manager: aaroncz
---
# TenantLockdown DDF file
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 2ca71c81c0..f6ca93aa95 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -537,6 +537,8 @@ items:
href: policy-csp-stickers.md
- name: Storage
href: policy-csp-storage.md
+ - name: Sudo
+ href: policy-csp-sudo.md
- name: System
href: policy-csp-system.md
- name: SystemServices
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 5486abb6d0..299b1077a8 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -1,14 +1,7 @@
---
title: TPMPolicy CSP
description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 11/01/2017
-ms.reviewer:
-manager: aaroncz
---
# TPMPolicy CSP
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index 2987a036eb..ae8d4f38f6 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -1,14 +1,7 @@
---
title: TPMPolicy DDF file
description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP).
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
-ms.reviewer:
-manager: aaroncz
---
# TPMPolicy DDF file
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index a818eb9880..e3e130ee43 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -1,14 +1,7 @@
---
title: UEFI CSP
description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 10/02/2018
-ms.reviewer:
-manager: aaroncz
---
# UEFI CSP
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index dde7789737..3ce949f7c8 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -1,14 +1,7 @@
---
title: UEFI DDF file
description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP).
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 10/02/2018
-ms.reviewer:
-manager: aaroncz
---
# UEFI DDF file
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index b35a740976..1df0f1e524 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -1,13 +1,6 @@
---
title: UnifiedWriteFilter CSP
description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index ffaf61bb19..3e28dc3252 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -1,13 +1,6 @@
---
title: UnifiedWriteFilter DDF File
description: UnifiedWriteFilter DDF File
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md
index cfaae48b05..183576910e 100644
--- a/windows/client-management/mdm/universalprint-csp.md
+++ b/windows/client-management/mdm/universalprint-csp.md
@@ -1,14 +1,8 @@
---
title: UniversalPrint CSP
description: Learn how the UniversalPrint configuration service provider (CSP) is used to install printers on Windows client devices.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/02/2022
ms.reviewer: jimwu
-manager: aaroncz
---
# UniversalPrint CSP
diff --git a/windows/client-management/mdm/universalprint-ddf-file.md b/windows/client-management/mdm/universalprint-ddf-file.md
index 3d3fdc2426..e1a1037685 100644
--- a/windows/client-management/mdm/universalprint-ddf-file.md
+++ b/windows/client-management/mdm/universalprint-ddf-file.md
@@ -1,14 +1,8 @@
---
title: UniversalPrint DDF file
description: UniversalPrint DDF file
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/02/2022
ms.reviewer: jimwu
-manager: aaroncz
---
# UniversalPrint DDF file
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index e825289b3c..ab540156f2 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -1,13 +1,6 @@
---
title: Update CSP
description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 11/16/2023
---
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index a1ba78b157..186bfc4f22 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,13 +1,6 @@
---
title: Update DDF file
description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 02/23/2018
---
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 4f43fb1e32..da946f07ea 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,13 +1,6 @@
---
title: VPN CSP
description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 04/02/2017
---
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index f3df5126a9..81e88ca2b9 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,13 +1,6 @@
---
title: VPN DDF file
description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 3e5e3a5468..58d6463c97 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1,14 +1,7 @@
---
title: VPNv2 CSP
description: Learn more about the VPNv2 CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 20a3da3401..badf9f29e6 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -1,14 +1,7 @@
---
title: VPNv2 DDF file
description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index 6b33ccc664..a84f2bf593 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -1,13 +1,6 @@
---
title: w4 APPLICATION CSP
description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index 0c5e7f4cd5..28acb291e9 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -1,13 +1,6 @@
---
title: w7 APPLICATION CSP
description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index d7b549f5e8..da583b8cd9 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -1,14 +1,7 @@
---
title: WiFi CSP
description: Learn more about the WiFi CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index 6fe4d9867a..a0ff37f35e 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,14 +1,7 @@
---
title: WiFi DDF file
description: View the XML file containing the device description framework (DDF) for the WiFi configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index d76120673d..0c9cc388d4 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -1,13 +1,6 @@
---
title: Win32AppInventory CSP
description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index 413f6927a8..c30f6ba4a9 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -1,13 +1,6 @@
---
title: Win32AppInventory DDF file
description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 72e4dc7e0d..0e9a1dd3b8 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -1,14 +1,7 @@
---
title: Win32CompatibilityAppraiser CSP
description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 07/19/2018
-ms.reviewer:
-manager: aaroncz
---
# Win32CompatibilityAppraiser CSP
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index 2412d86ade..6e1017cd32 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -1,14 +1,7 @@
---
title: Win32CompatibilityAppraiser DDF file
description: Learn about the XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 07/19/2018
-ms.reviewer:
-manager: aaroncz
---
# Win32CompatibilityAppraiser DDF file
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index ab6d3cfd03..040365664e 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -1,13 +1,6 @@
---
title: WindowsAdvancedThreatProtection CSP
description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 11/01/2017
---
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 1e3460593d..9486c07290 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -2,13 +2,6 @@
title: WindowsAdvancedThreatProtection DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md
index 7a34b0a995..788144001b 100644
--- a/windows/client-management/mdm/windowsautopilot-csp.md
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@@ -1,13 +1,6 @@
---
title: WindowsAutopilot CSP
description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 05/09/2022
---
diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md
index 88313274a6..86b4d615ca 100644
--- a/windows/client-management/mdm/windowsautopilot-ddf-file.md
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@@ -1,14 +1,7 @@
---
title: WindowsAutopilot DDF file
description: Learn how, without the ability to mark a device as remediation required, the device will remain in a broken state for the WindowsAutopilot DDF file configuration service provider (CSP).
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 02/07/2022
-ms.reviewer:
-manager: aaroncz
---
# WindowsAutopilot DDF file
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 0261c3b007..10546d7713 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -1,14 +1,7 @@
---
title: WindowsDefenderApplicationGuard CSP
description: Learn more about the WindowsDefenderApplicationGuard CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index 233de242bb..bdee83a712 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,14 +1,7 @@
---
title: WindowsDefenderApplicationGuard DDF file
description: View the XML file containing the device description framework (DDF) for the WindowsDefenderApplicationGuard configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 156b999f6d..f880dd265e 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,14 +1,7 @@
---
title: WindowsLicensing CSP
description: Learn more about the WindowsLicensing CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index fae5beb908..2830112994 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,14 +1,7 @@
---
title: WindowsLicensing DDF file
description: View the XML file containing the device description framework (DDF) for the WindowsLicensing configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index a609a45d59..12bac7c750 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -1,14 +1,7 @@
---
title: WiredNetwork CSP
description: Learn more about the WiredNetwork CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index e59398aa57..ba3a3845ed 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -1,14 +1,7 @@
---
title: WiredNetwork DDF file
description: View the XML file containing the device description framework (DDF) for the WiredNetwork configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/06/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mobile-device-enrollment.md b/windows/client-management/mobile-device-enrollment.md
index c69c1fb951..5d0537216a 100644
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@@ -1,7 +1,7 @@
---
title: Mobile device enrollment
description: Learn how mobile device enrollment verifies that only authenticated and authorized devices are managed by the enterprise.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
ms.collection:
- highpri
diff --git a/windows/client-management/new-in-windows-mdm-enrollment-management.md b/windows/client-management/new-in-windows-mdm-enrollment-management.md
index 4ed6e26aaf..dcfbdeb34b 100644
--- a/windows/client-management/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/new-in-windows-mdm-enrollment-management.md
@@ -1,7 +1,7 @@
---
title: What's new in MDM enrollment and management
description: Discover what's new and breaking changes in mobile device management (MDM) enrollment and management experience across all Windows devices.
-ms.topic: article
+ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 08/10/2023
---
diff --git a/windows/client-management/oma-dm-protocol-support.md b/windows/client-management/oma-dm-protocol-support.md
index ad62b88273..3d1ff0619c 100644
--- a/windows/client-management/oma-dm-protocol-support.md
+++ b/windows/client-management/oma-dm-protocol-support.md
@@ -1,7 +1,7 @@
---
title: OMA DM protocol support
description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/on-premise-authentication-device-enrollment.md b/windows/client-management/on-premise-authentication-device-enrollment.md
index 39e4133d55..0d3a3b1a1d 100644
--- a/windows/client-management/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/on-premise-authentication-device-enrollment.md
@@ -1,7 +1,7 @@
---
title: On-premises authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/push-notification-windows-mdm.md b/windows/client-management/push-notification-windows-mdm.md
index d449bbfa9f..0ac4310aab 100644
--- a/windows/client-management/push-notification-windows-mdm.md
+++ b/windows/client-management/push-notification-windows-mdm.md
@@ -1,7 +1,7 @@
---
title: Push notification support for device management
description: The DMClient CSP supports the ability to configure push-initiated device management sessions.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/server-requirements-windows-mdm.md b/windows/client-management/server-requirements-windows-mdm.md
index e3cafbd896..6b3a303e0a 100644
--- a/windows/client-management/server-requirements-windows-mdm.md
+++ b/windows/client-management/server-requirements-windows-mdm.md
@@ -1,7 +1,7 @@
---
title: Server requirements for using OMA DM to manage Windows devices
description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/structure-of-oma-dm-provisioning-files.md b/windows/client-management/structure-of-oma-dm-provisioning-files.md
index c239b9d0fd..170d213948 100644
--- a/windows/client-management/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/structure-of-oma-dm-provisioning-files.md
@@ -1,7 +1,7 @@
---
title: Structure of OMA DM provisioning files
description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md
index e7bccddb07..7b80861923 100644
--- a/windows/client-management/understanding-admx-backed-policies.md
+++ b/windows/client-management/understanding-admx-backed-policies.md
@@ -1,7 +1,7 @@
---
title: Understanding ADMX policies
description: You can use ADMX policies for Windows mobile device management (MDM) across Windows devices.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 4c631e20f5..5fc0485080 100644
--- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -1,7 +1,7 @@
---
title: Using PowerShell scripting with the WMI Bridge Provider
description: This article covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md
index 0cab615908..ff1887a640 100644
--- a/windows/client-management/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md
@@ -1,7 +1,7 @@
---
title: Win32 and Desktop Bridge app ADMX policy Ingestion
description: Ingest ADMX files and set ADMX policies for Win32 and Desktop Bridge apps.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md
index e3503a278f..03c28bfba7 100644
--- a/windows/client-management/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/windows-mdm-enterprise-settings.md
@@ -1,7 +1,7 @@
---
title: Enterprise settings and policy management
description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/client-management/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md
index ab34b9d0c7..81c71bd5ba 100644
--- a/windows/client-management/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/wmi-providers-supported-in-windows.md
@@ -1,7 +1,7 @@
---
title: WMI providers supported in Windows
description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
-ms.topic: article
+ms.topic: conceptual
ms.date: 08/10/2023
---
diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
deleted file mode 100644
index 97c1386a73..0000000000
--- a/windows/configuration/TOC.yml
+++ /dev/null
@@ -1,367 +0,0 @@
-- name: Configure Windows client
- href: index.yml
-- name: Customize the appearance
- items:
- - name: Windows 11
- items:
- - name: Start menu
- items:
- - name: Customize Start menu layout
- href: customize-start-menu-layout-windows-11.md
- - name: Supported Start menu CSPs
- href: supported-csp-start-menu-layout-windows.md
- - name: Taskbar
- items:
- - name: Customize Taskbar
- href: customize-taskbar-windows-11.md
- - name: Supported Taskbar CSPs
- href: supported-csp-taskbar-windows.md
- - name: Windows 10 Start and taskbar
- items:
- - name: Start layout and taskbar
- href: windows-10-start-layout-options-and-policies.md
- - name: Use XML
- items:
- - name: Customize and export Start layout
- href: customize-and-export-start-layout.md
- - name: Customize the taskbar
- href: configure-windows-10-taskbar.md
- - name: Add image for secondary Microsoft Edge tiles
- href: start-secondary-tiles.md
- - name: Start layout XML for Windows 10 desktop editions (reference)
- href: start-layout-xml-desktop.md
- - name: Use group policy
- href: customize-windows-10-start-screens-by-using-group-policy.md
- - name: Use provisioning packages
- href: customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
- - name: Use mobile device management (MDM)
- href: customize-windows-10-start-screens-by-using-mobile-device-management.md
- - name: Troubleshoot Start menu errors
- href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors
- - name: Changes to Start policies in Windows 10
- href: changes-to-start-policies-in-windows-10.md
- - name: Accessibility settings
- items:
- - name: Accessibility information for IT Pros
- href: windows-accessibility-for-ITPros.md
- - name: Configure access to Microsoft Store
- href: stop-employees-from-using-microsoft-store.md
- - name: Configure Windows Spotlight on the lock screen
- href: windows-spotlight.md
- - name: Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
- href: manage-tips-and-suggestions.md
- - name: Configure cellular settings for tablets and PCs
- href: provisioning-apn.md
- - name: Lockdown features from Windows Embedded 8.1 Industry
- href: lockdown-features-windows-10.md
-
-
-- name: Configure kiosks and digital signs
- items:
- - name: Configure kiosks and digital signs on Windows desktop editions
- href: kiosk-methods.md
- - name: Prepare a device for kiosk configuration
- href: kiosk-prepare.md
- - name: Set up digital signs
- href: setup-digital-signage.md
- - name: Set up a single-app kiosk
- href: kiosk-single-app.md
- - name: Set up a multi-app kiosk for Windows 10
- href: lock-down-windows-10-to-specific-apps.md
- - name: Set up a multi-app kiosk for Windows 11
- href: lock-down-windows-11-to-specific-apps.md
- - name: Kiosk reference information
- items:
- - name: More kiosk methods and reference information
- href: kiosk-additional-reference.md
- - name: Find the Application User Model ID of an installed app
- href: find-the-application-user-model-id-of-an-installed-app.md
- - name: Validate your kiosk configuration
- href: kiosk-validate.md
- - name: Guidelines for choosing an app for assigned access (kiosk mode)
- href: guidelines-for-assigned-access-app.md
- - name: Policies enforced on kiosk devices
- href: kiosk-policies.md
- - name: Assigned access XML reference
- href: kiosk-xml.md
- - name: Use AppLocker to create a Windows 10 kiosk
- href: lock-down-windows-10-applocker.md
- - name: Use Shell Launcher to create a Windows client kiosk
- href: kiosk-shelllauncher.md
- - name: Use MDM Bridge WMI Provider to create a Windows client kiosk
- href: kiosk-mdm-bridge.md
- - name: Troubleshoot kiosk mode issues
- href: /troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting
-
-- name: Configure multi-user and guest devices
- items:
- - name: Shared devices concepts
- href: shared-devices-concepts.md
- - name: Configure shared devices with Shared PC
- href: set-up-shared-or-guest-pc.md
- - name: Shared PC technical reference
- href: shared-pc-technical.md
-
-- name: Use provisioning packages
- items:
- - name: Provisioning packages for Windows client
- href: provisioning-packages/provisioning-packages.md
- - name: How provisioning works in Windows client
- href: provisioning-packages/provisioning-how-it-works.md
- - name: Introduction to configuration service providers (CSPs)
- href: provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
- - name: Install Windows Configuration Designer
- href: provisioning-packages/provisioning-install-icd.md
- - name: Create a provisioning package
- href: provisioning-packages/provisioning-create-package.md
- - name: Apply a provisioning package
- href: provisioning-packages/provisioning-apply-package.md
- - name: Settings changed when you uninstall a provisioning package
- href: provisioning-packages/provisioning-uninstall-package.md
- - name: Provision PCs with common settings for initial deployment (desktop wizard)
- href: provisioning-packages/provision-pcs-for-initial-deployment.md
- - name: Provision PCs with apps
- href: provisioning-packages/provision-pcs-with-apps.md
- - name: Use a script to install a desktop app in provisioning packages
- href: provisioning-packages/provisioning-script-to-install-app.md
- - name: Create a provisioning package with multivariant settings
- href: provisioning-packages/provisioning-multivariant.md
- - name: PowerShell cmdlets for provisioning Windows client (reference)
- href: provisioning-packages/provisioning-powershell.md
- - name: Diagnose provisioning packages
- href: provisioning-packages/diagnose-provisioning-packages.md
- - name: Windows Configuration Designer command-line interface (reference)
- href: provisioning-packages/provisioning-command-line.md
-
-- name: Configure Cortana
- items:
- - name: Configure Cortana in Windows 10
- href: cortana-at-work/cortana-at-work-overview.md
- - name: Testing scenarios using Cortana n Windows 10, version 2004 and later
- items:
- - name: Set up and test Cortana in Windows 10, version 2004 and later
- href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md
- - name: Cortana at work testing scenarios
- href: cortana-at-work/cortana-at-work-testing-scenarios.md
- - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
- href: cortana-at-work/cortana-at-work-scenario-1.md
- - name: Test scenario 2 - Run a Bing search with Cortana
- href: cortana-at-work/cortana-at-work-scenario-2.md
- - name: Test scenario 3 - Set a reminder
- href: cortana-at-work/cortana-at-work-scenario-3.md
- - name: Test scenario 4 - Use Cortana to find free time on your calendar
- href: cortana-at-work/cortana-at-work-scenario-4.md
- - name: Test scenario 5 - Find out about a person
- href: cortana-at-work/cortana-at-work-scenario-5.md
- - name: Test scenario 6 - Change your language and run a quick search with Cortana
- href: cortana-at-work/cortana-at-work-scenario-6.md
- - name: Send feedback about Cortana back to Microsoft
- href: cortana-at-work/cortana-at-work-feedback.md
- - name: Testing scenarios using Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
- items:
- - name: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
- href: cortana-at-work/cortana-at-work-o365.md
- - name: Testing scenarios using Cortana in your business or organization
- href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
- - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
- href: cortana-at-work/test-scenario-1.md
- - name: Test scenario 2 - Run a quick search with Cortana at work
- href: cortana-at-work/test-scenario-2.md
- - name: Test scenario 3 - Set a reminder for a specific location using Cortana at work
- href: cortana-at-work/test-scenario-3.md
- - name: Test scenario 4 - Use Cortana at work to find your upcoming meetings
- href: cortana-at-work/test-scenario-4.md
- - name: Test scenario 5 - Use Cortana to send email to a coworker
- href: cortana-at-work/test-scenario-5.md
- - name: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
- href: cortana-at-work/test-scenario-6.md
- - name: Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
- href: cortana-at-work/cortana-at-work-scenario-7.md
-
- - name: Set up and test custom voice commands in Cortana for your organization
- href: cortana-at-work/cortana-at-work-voice-commands.md
- - name: Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
- href: cortana-at-work/cortana-at-work-policy-settings.md
-
-
-- name: Reference
- items:
- - name: Windows Configuration Designer reference
- items:
- - name: Windows Configuration Designer provisioning settings (reference)
- href: wcd/wcd.md
- - name: Changes to settings in Windows Configuration Designer
- href: wcd/wcd-changes.md
- - name: AccountManagement
- href: wcd/wcd-accountmanagement.md
- - name: Accounts
- href: wcd/wcd-accounts.md
- - name: ADMXIngestion
- href: wcd/wcd-admxingestion.md
- - name: AssignedAccess
- href: wcd/wcd-assignedaccess.md
- - name: Browser
- href: wcd/wcd-browser.md
- - name: CellCore
- href: wcd/wcd-cellcore.md
- - name: Cellular
- href: wcd/wcd-cellular.md
- - name: Certificates
- href: wcd/wcd-certificates.md
- - name: CleanPC
- href: wcd/wcd-cleanpc.md
- - name: Connections
- href: wcd/wcd-connections.md
- - name: ConnectivityProfiles
- href: wcd/wcd-connectivityprofiles.md
- - name: CountryAndRegion
- href: wcd/wcd-countryandregion.md
- - name: DesktopBackgroundAndColors
- href: wcd/wcd-desktopbackgroundandcolors.md
- - name: DeveloperSetup
- href: wcd/wcd-developersetup.md
- - name: DeviceFormFactor
- href: wcd/wcd-deviceformfactor.md
- - name: DeviceManagement
- href: wcd/wcd-devicemanagement.md
- - name: DeviceUpdateCenter
- href: wcd/wcd-deviceupdatecenter.md
- - name: DMClient
- href: wcd/wcd-dmclient.md
- - name: EditionUpgrade
- href: wcd/wcd-editionupgrade.md
- - name: FirewallConfiguration
- href: wcd/wcd-firewallconfiguration.md
- - name: FirstExperience
- href: wcd/wcd-firstexperience.md
- - name: Folders
- href: wcd/wcd-folders.md
- - name: HotSpot
- href: wcd/wcd-hotspot.md
- - name: KioskBrowser
- href: wcd/wcd-kioskbrowser.md
- - name: Licensing
- href: wcd/wcd-licensing.md
- - name: Location
- href: wcd/wcd-location.md
- - name: Maps
- href: wcd/wcd-maps.md
- - name: NetworkProxy
- href: wcd/wcd-networkproxy.md
- - name: NetworkQOSPolicy
- href: wcd/wcd-networkqospolicy.md
- - name: OOBE
- href: wcd/wcd-oobe.md
- - name: Personalization
- href: wcd/wcd-personalization.md
- - name: Policies
- href: wcd/wcd-policies.md
- - name: Privacy
- href: wcd/wcd-privacy.md
- - name: ProvisioningCommands
- href: wcd/wcd-provisioningcommands.md
- - name: SharedPC
- href: wcd/wcd-sharedpc.md
- - name: SMISettings
- href: wcd/wcd-smisettings.md
- - name: Start
- href: wcd/wcd-start.md
- - name: StartupApp
- href: wcd/wcd-startupapp.md
- - name: StartupBackgroundTasks
- href: wcd/wcd-startupbackgroundtasks.md
- - name: StorageD3InModernStandby
- href: wcd/wcd-storaged3inmodernstandby.md
- - name: SurfaceHubManagement
- href: wcd/wcd-surfacehubmanagement.md
- - name: TabletMode
- href: wcd/wcd-tabletmode.md
- - name: TakeATest
- href: wcd/wcd-takeatest.md
- - name: Time
- href: wcd/wcd-time.md
- - name: UnifiedWriteFilter
- href: wcd/wcd-unifiedwritefilter.md
- - name: UniversalAppInstall
- href: wcd/wcd-universalappinstall.md
- - name: UniversalAppUninstall
- href: wcd/wcd-universalappuninstall.md
- - name: UsbErrorsOEMOverride
- href: wcd/wcd-usberrorsoemoverride.md
- - name: WeakCharger
- href: wcd/wcd-weakcharger.md
- - name: WindowsHelloForBusiness
- href: wcd/wcd-windowshelloforbusiness.md
- - name: WindowsTeamSettings
- href: wcd/wcd-windowsteamsettings.md
- - name: WLAN
- href: wcd/wcd-wlan.md
- - name: Workplace
- href: wcd/wcd-workplace.md
-
- - name: User Experience Virtualization (UE-V)
- items:
- - name: User Experience Virtualization (UE-V) for Windows 10
- href: ue-v/uev-for-windows.md
- - name: Get started with UE-V
- items:
- - name: Get started with UE-V
- href: ue-v/uev-getting-started.md
- - name: What's New in UE-V for Windows 10, version 1607
- href: ue-v/uev-whats-new-in-uev-for-windows.md
- - name: User Experience Virtualization Release Notes
- href: ue-v/uev-release-notes-1607.md
- - name: Upgrade to UE-V for Windows 10
- href: ue-v/uev-upgrade-uev-from-previous-releases.md
- - name: Prepare a UE-V Deployment
- items:
- - name: Prepare a UE-V Deployment
- href: ue-v/uev-prepare-for-deployment.md
- - name: Deploy Required UE-V Features
- href: ue-v/uev-deploy-required-features.md
- - name: Deploy UE-V for use with Custom Applications
- href: ue-v/uev-deploy-uev-for-custom-applications.md
- - name: Administer UE-V
- items:
- - name: UE-V administration guide
- href: ue-v/uev-administering-uev.md
- - name: Manage Configurations for UE-V
- items:
- - name: Manage Configurations for UE-V
- href: ue-v/uev-manage-configurations.md
- - name: Configuring UE-V with Group Policy Objects
- href: ue-v/uev-configuring-uev-with-group-policy-objects.md
- - name: Configuring UE-V with Microsoft Configuration Manager
- href: ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
- - name: Administering UE-V with Windows PowerShell and WMI
- href: ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
- - name: Managing the UE-V Service and Packages with Windows PowerShell and WMI
- href: ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
- - name: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
- href: ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
- - name: Working with Custom UE-V Templates and the UE-V Template Generator
- href: ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
- - name: Manage Administrative Backup and Restore in UE-V
- href: ue-v/uev-manage-administrative-backup-and-restore.md
- - name: Changing the Frequency of UE-V Scheduled Tasks
- href: ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
- - name: Migrating UE-V Settings Packages
- href: ue-v/uev-migrating-settings-packages.md
- - name: Using UE-V with Application Virtualization Applications
- href: ue-v/uev-using-uev-with-application-virtualization-applications.md
- - name: Troubleshooting UE-V
- href: ue-v/uev-troubleshooting.md
- - name: Technical Reference for UE-V
- items:
- - name: Technical Reference for UE-V
- href: ue-v/uev-technical-reference.md
- - name: Sync Methods for UE-V
- href: ue-v/uev-sync-methods.md
- - name: Sync Trigger Events for UE-V
- href: ue-v/uev-sync-trigger-events.md
- - name: Synchronizing Microsoft Office with UE-V
- href: ue-v/uev-synchronizing-microsoft-office-with-uev.md
- - name: Application Template Schema Reference for UE-V
- href: ue-v/uev-application-template-schema-reference.md
- - name: Security Considerations for UE-V
- href: ue-v/uev-security-considerations.md
diff --git a/windows/configuration/windows-accessibility-for-ITPros.md b/windows/configuration/accessibility/index.md
similarity index 95%
rename from windows/configuration/windows-accessibility-for-ITPros.md
rename to windows/configuration/accessibility/index.md
index cda104c484..335576ee27 100644
--- a/windows/configuration/windows-accessibility-for-ITPros.md
+++ b/windows/configuration/accessibility/index.md
@@ -1,19 +1,9 @@
---
title: Windows accessibility information for IT Pros
description: Lists the various accessibility features available in Windows client with links to detailed guidance on how to set them.
-ms.prod: windows-client
-ms.technology: itpro-configure
-ms.author: lizlong
-author: lizgt2000
-ms.date: 08/11/2023
-ms.reviewer:
-manager: aaroncz
-ms.localizationpriority: medium
+ms.date: 01/25/2024
ms.topic: conceptual
ms.collection: tier1
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
---
@@ -25,76 +15,54 @@ Microsoft is dedicated to making its products and services accessible and usable
This article helps you as the IT administrator learn about built-in accessibility features. It also includes recommendations for how to support people in your organization who use these features.
-Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).
+Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).
+
## General recommendations
- **Be aware of Ease of Access settings**. Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows.
-
- **Don't block settings**. Avoid using group policy or MDM settings that override Ease of Access settings.
-
- **Encourage choice**. Allow people in your organization to customize their computers based on their needs. That customization might be installing an add-on for their browser, or a non-Microsoft assistive technology.
## Vision
- [Use Narrator to use devices without a screen](https://support.microsoft.com/windows/complete-guide-to-narrator-e4397a0d-ef4f-b386-d8ae-c172f109bdb1). Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices. Now the user is able to download and install 10 more natural languages.
-
- [Create accessible apps](/windows/apps/develop/accessibility). You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.
-
- Use keyboard shortcuts. Get the most out of Windows with shortcuts for apps and desktops.
-
- [Keyboard shortcuts in Windows](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec)
- [Narrator keyboard commands and touch gestures](https://support.microsoft.com/windows/appendix-b-narrator-keyboard-commands-and-touch-gestures-8bdab3f4-b3e9-4554-7f28-8b15bd37410a)
- [Windows keyboard shortcuts for accessibility](https://support.microsoft.com/windows/windows-keyboard-shortcuts-for-accessibility-021bcb62-45c8-e4ef-1e4f-41b8c1fc87fd)
-
- Get closer with [Magnifier](https://support.microsoft.com/windows/use-magnifier-to-make-things-on-the-screen-easier-to-see-414948ba-8b1c-d3bd-8615-0e5e32204198). Magnifier enlarges all or part of your screen and offers various configuration settings.
-
- [Make Windows easier to see](https://support.microsoft.com/windows/make-windows-easier-to-see-c97c2b0d-cadb-93f0-5fd1-59ccfe19345d).
-
- Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.
- Adjust the size of text, icons, and other screen items to make them easier to see.
- Many high-contrast themes are available to suit your needs.
-
- [Have Cortana assist](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-
- [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes speech recognition that lets you tell it what to do.
-
- [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-
- [Keep notifications around longer](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1). If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
-
- [Read in braille](https://support.microsoft.com/windows/chapter-8-using-narrator-with-braille-3e5f065b-1c9d-6eb2-ec6d-1d07c9e94b20). Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.
-
- Starting in Windows 11, version 22H2 with [KB5022913](https://support.microsoft.com/kb/5022913), the compatibility of braille displays has been expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience.
## Hearing
- [Use live captions to better understand audio](https://support.microsoft.com/windows/use-live-captions-to-better-understand-audio-b52da59c-14b8-4031-aeeb-f6a47e6055df). Use Windows 11, version 22H2 or later to better understand any spoken audio with real time captions.
-
- Starting with Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446), live captions now supports additional languages.
-
- [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
-
- [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
- [Make Windows easier to hear](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1).
-
- Replace audible alerts with visual alerts.
- If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
- Send all sounds to both left and right channels, which is helpful for those people with partial hearing loss or deafness in one ear.
-
- [Read spoken words with captioning](https://support.microsoft.com/windows/change-caption-settings-135c465b-8cfd-3bac-9baf-4af74bc0069a). You can customize things like color, size, and background transparency to suit your needs and tastes.
-
- Use the [Azure Cognitive Services Translator](/azure/cognitive-services/translator/) service to add machine translation to your solutions.
## Physical
- [Have Cortana assist you](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-
- [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes voice recognition that lets you tell it what to do.
-
- [Use the On-Screen Keyboard (OSK)](https://support.microsoft.com/windows/use-the-on-screen-keyboard-osk-to-type-ecbb5e08-5b4e-d8c8-f794-81dbf896267a). Instead of relying on a physical keyboard, use the OSK to enter data and select keys with a mouse or other pointing device. It also offers word prediction and completion.
-
- [Make your mouse, keyboard, and other input devices easier to use](https://support.microsoft.com/windows/make-your-mouse-keyboard-and-other-input-devices-easier-to-use-10733da7-fa82-88be-0672-f123d4b3dcfe).
- If you have limited control of your hands, you can personalize your keyboard to do helpful things like ignore repeated keys.
@@ -103,32 +71,24 @@ Windows 11, version 22H2, includes improvements for people with disabilities: sy
## Cognition
- [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-
- [Download and use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721). **Fluent Sitka Small** and **Fluent Calibri** are fonts that address "visual crowding" by adding character and enhance word and line spacing.
-
- [Microsoft Edge reading view](https://support.microsoft.com/windows/take-your-reading-with-you-b6699255-4436-708e-7b93-4d2e19a15af8). Clears distracting content from web pages so you can stay focused on what you really want to read.
## Assistive technology devices built into Windows
- [Hear text read aloud with Narrator](https://support.microsoft.com/windows/hear-text-read-aloud-with-narrator-040f16c1-4632-b64e-110a-da4a0ac56917). Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.
-
- Scripting functionality has been added to Narrator. There is store delivery of Narrator extension scripts which currently include an Outlook script and an Excel script.
-
- [Use voice recognition](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571).
- With spellings experience in voice access, you can dictate a complex or non-standard word letter-by-letter and add it to Windows dictionary. The next time you try to dictate the same word, voice access improves its recognition.
- [Save time with keyboard shortcuts](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec).
-
-- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/en-us/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
+- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
## Other resources
[Windows accessibility](https://www.microsoft.com/Accessibility/windows)
-
[Designing accessible software](/windows/apps/design/accessibility/designing-inclusive-software)
-
[Inclusive design](https://www.microsoft.com/design/inclusive)
-
[Accessibility guide for Microsoft 365 Apps](/deployoffice/accessibility-guide)
diff --git a/windows/configuration/images/apn-add-details.PNG b/windows/configuration/cellular/images/apn-add-details.PNG
similarity index 100%
rename from windows/configuration/images/apn-add-details.PNG
rename to windows/configuration/cellular/images/apn-add-details.PNG
diff --git a/windows/configuration/images/apn-add.PNG b/windows/configuration/cellular/images/apn-add.PNG
similarity index 100%
rename from windows/configuration/images/apn-add.PNG
rename to windows/configuration/cellular/images/apn-add.PNG
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/cellular/provisioning-apn.md
similarity index 66%
rename from windows/configuration/provisioning-apn.md
rename to windows/configuration/cellular/provisioning-apn.md
index 4600c0eaf2..88c77810eb 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/cellular/provisioning-apn.md
@@ -1,63 +1,40 @@
---
-title: Configure cellular settings for tablets and PCs (Windows 10)
+title: Configure cellular settings for tablets and PCs
description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
+ms.topic: concept-article
ms.date: 04/13/2018
-ms.technology: itpro-configure
---
# Configure cellular settings for tablets and PCs
-
-**Applies to**
-
-- Windows 10
-
>**Looking for consumer information?** See [Cellular settings in Windows 10](https://support.microsoft.com/help/10739/windows-10-cellular-settings)
-Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
+Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](../provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
For users who work in different locations, you can configure one APN to connect when the users are at work and a different APN when the users are traveling.
-
## Prerequisites
- Windows 10, version 1703, desktop editions (Home, Pro, Enterprise, Education)
-
- Tablet or PC with built-in cellular modem or plug-in USB modem dongle
-
-- [Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md)
-
+- [Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md)
- APN (the address that your PC uses to connect to the Internet when using the cellular data connection)
- >[!NOTE]
- >You can get the APN from your mobile operator.
-
## How to configure cellular settings in a provisioning package
-1. In Windows Configuration Designer, [start a new project](provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
+1. In Windows Configuration Designer, [start a new project](../provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
+1. Enter a name for your project, and then click **Next**.
+1. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
+1. Go to **Runtime settings > Connections > EnterpriseAPN**.
+1. Enter a name for the connection, and then click **Add**.
-2. Enter a name for your project, and then click **Next**.
+
-3. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
+1. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
-4. Go to **Runtime settings > Connections > EnterpriseAPN**.
+
-5. Enter a name for the connection, and then click **Add**.
-
- 
-
-6. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
-
- 
-
-7. The following table describes the settings available for the connection.
+1. The following table describes the settings available for the connection.
| Setting | Description |
| --- | --- |
@@ -72,45 +49,39 @@ For users who work in different locations, you can configure one APN to connect
| Password | If you select PAP, CHAP, or MSCHAPv2 authentication, enter a password that corresponds to the user name. |
| Roaming | Select the behavior that you want when the device is roaming. The options are:-Disallowed-Allowed (default)-DomesticRoaming-Use OnlyForDomesticRoaming-UseOnlyForNonDomesticRoaming-UseOnlyForRoaming |
| UserName | If you select PAP, CHAP, or MSCHAPv2 authentication, enter a user name. |
-
-8. After you configure the connection settings, [build the provisioning package](provisioning-packages/provisioning-create-package.md#build-package).
-
-9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
+1. After you configure the connection settings, [build the provisioning package](../provisioning-packages/provisioning-create-package.md#build-package).
+1. [Apply the package to devices.](../provisioning-packages/provisioning-apply-package.md)
## Confirm the settings
After you apply the provisioning package, you can confirm that the settings have been applied.
1. On the configured device, open a command prompt as an administrator.
+1. Run the following command:
-2. Run the following command:
-
- ```
+ ```cmd
netsh mbn show profiles
```
-3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+1. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
- ```
+ ```cmd
netsh mbn show profiles name="name"
```
This command will list details for that profile, including Access Point Name.
-
Alternatively, you can also use the command:
-```
+```cmd
netsh mbn show interface
```
From the results of that command, get the name of the cellular/mobile broadband interface and run:
-```
+```cmd
netsh mbn show connection interface="name"
```
The result of that command will show details for the cellular interface, including Access Point Name.
-
-
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
deleted file mode 100644
index c8a911f8a2..0000000000
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ /dev/null
@@ -1,91 +0,0 @@
----
-title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
-description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: whats-new
-ms.localizationpriority: medium
-ms.date: 08/18/2023
-ms.technology: itpro-configure
----
-
-# Changes to Group Policy settings for Windows 10 Start
-
-**Applies to**:
-
-- Windows 10
-
-Windows 10 has a brand new Start experience. As a result, there are changes to the Group Policy settings that you can use to manage Start. Some policy settings are new or changed, and some old Start policy settings still apply. Other Start policy settings no longer apply and are deprecated.
-
-## Start policy settings supported for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
-
-These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**.
-
-|Policy|Notes|
-|--- |--- |
-|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.|
-|Don't allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
-|Don't display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
-|Don't keep history of recently opened documents|Documents that the user opens aren't tracked during the session.|
-|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this policy disables all of the settings in **Settings** > **Personalization** > **Start** and the options in dialog available via right-click Taskbar > **Properties**|
-|Prevent users from customizing their Start Screen|Use this policy with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it|
-|Prevent users from uninstalling applications from Start|In Windows 10, this policy removes the uninstall button in the context menu. It doesn't prevent users from uninstalling the app through other entry points (for example, PowerShell)|
-|Remove All Programs list from the Start menu|In Windows 10, this policy removes the **All apps** button.|
-|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This policy removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
-|Remove common program groups from Start Menu|As in earlier versions of Windows, this policy removes apps specified in the All Users profile from Start|
-|Remove frequent programs list from the Start Menu|In Windows 10, this policy removes the top left **Most used** group of apps.|
-|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.|
-|Remove pinned programs list from the Start Menu|In Windows 10, this policy removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
-|Show "Run as different user" command on Start|This policy enables the **Run as different user** option in the right-click menu for apps.|
-|Start Layout|This policy applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
-|Force Start to be either full screen size or menu size|This policy applies a specific size for Start.|
-
-## Deprecated Group Policy settings for Start
-
-The Start policy settings listed in the following table don't work on Windows 10. Most of them were deprecated in Windows 8 however a few more were deprecated in Windows 10. Deprecation in this case means that the policy setting won't work on Windows 10. The “Supported on” text for a policy setting won't list Windows 10. The policy settings are still in the Group Policy Management Console and can be used on the operating systems that they apply to.
-
-| Policy | When deprecated |
-|----------------------------------------------------------------------------------|-----------------|
-| Go to the desktop instead of Start when signing in | Windows 10 |
-| List desktop apps first in the Apps view | Windows 10 |
-| Pin Apps to Start when installed (User or Computer) | Windows 10 |
-| Remove Default Programs link from the Start menu. | Windows 10 |
-| Remove Documents icon from Start Menu | Windows 10 |
-| Remove programs on Settings menu | Windows 10 |
-| Remove Run menu from Start Menu | Windows 10 |
-| Remove the "Undock PC" button from the Start Menu | Windows 10 |
-| Search just apps from the Apps view | Windows 10 |
-| Show Start on the display the user is using when they press the Windows logo key | Windows 10 |
-| Show the Apps view automatically when the user goes to Start | Windows 10 |
-| Add the Run command to the Start Menu | Windows 8 |
-| Change Start Menu power button | Windows 8 |
-| Gray unavailable Windows Installer programs Start Menu shortcuts | Windows 8 |
-| Remove Downloads link from Start Menu | Windows 8 |
-| Remove Favorites menu from Start Menu | Windows 8 |
-| Remove Games link from Start Menu | Windows 8 |
-| Remove Help menu from Start Menu | Windows 8 |
-| Remove Homegroup link from Start Menu | Windows 8 |
-| Remove Music icon from Start Menu | Windows 8 |
-| Remove Network icon from Start Menu | Windows 8 |
-| Remove Pictures icon from Start Menu | Windows 8 |
-| Remove Recent Items menu from Start Menu | Windows 8 |
-| Remove Recorded TV link from Start Menu | Windows 8 |
-| Remove user folder link from Start Menu | Windows 8 |
-| Remove Videos link from Start Menu | Windows 8 |
-
-
-
-## Related topics
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
deleted file mode 100644
index d238ab8539..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Send feedback about Cortana at work back to Microsoft
-description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Send feedback about Cortana back to Microsoft
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-To provide feedback on an individual request or response, select the item in the conversation history and then select **Give feedback**. The Feedback Hub application is launched, where you can provide more information to help diagnose reported issues.
-
-:::image type="content" source="../screenshot1.png" alt-text="Screenshot: Send feedback page":::
-
-To provide feedback about the application in general, go to the **Settings** menu by selecting the three dots in the top left of the application, and select **Feedback**. The Feedback Hub is launched, where more information on the issue can be provided.
-
-:::image type="content" source="../screenshot12.png" alt-text="Screenshot: Select Feedback to go to the Feedback Hub":::
-
-In order for enterprise users to provide feedback, admins must unblock the Feedback Hub in the [Azure portal](https://portal.azure.com/). Go to the **Enterprise applications section** and enable **Users can allow apps to access their data**.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
deleted file mode 100644
index 8cc906cd9f..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
-description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
-ms.prod: windows-client
-ms.collection: tier3
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
-
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-## What can you do with in Windows 10, versions 1909 and earlier?
-Your employees can use Cortana to help manage their day and be more productive by getting quick answers to common questions, setting reminders, adding tasks to their To-Do lists, and find out where their next meeting is.
-
-**See also:**
-
-[Known issues for Windows Desktop Search and Cortana in Windows 10](/troubleshoot/windows-client/shell-experience/windows-desktop-search-and-cortana-issues).
-
-### Before you begin
-There are a few things to be aware of before you start using Cortana in Windows 10, versions 1909 and earlier.
-
-- **Microsoft Entra account.** Before your employees can use Cortana in your org, they must be logged in using their Microsoft Entra account through Cortana's notebook. They must also authorize Cortana to access Microsoft 365 on their behalf.
-
-- **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn't a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy).
-
-- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This solution can be Microsoft Intune, Configuration Manager (version 1606 or later), or your current company-wide third-party mobile device management (MDM) solution.
-
-- **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](/office365/troubleshoot/miscellaneous/issues-in-cortana).
-
-### Turn on Cortana enterprise services on employees' devices
-Your employees must connect Cortana to their Microsoft 365 account to be able to use skills like email and calendar.
-
-#### Turn on Cortana enterprise services
-
-1. Select the **Cortana** search box in the taskbar, and then select the **Notebook** icon.
-
-2. Select **Manage Skills** , select **Manage accounts** , and under **Microsoft 365** select **Link**. The employee will be directed to sign into their Microsoft 365 account.
-
-3. The employee can also disconnect by selecting **Microsoft 365**, then **Unlink**.
-
-#### Turn off Cortana enterprise services
-Cortana in Windows 10, versions 1909 and earlier can only access data in your Microsoft 365 organization when it's turned on. If you don't want Cortana to access your corporate data, you can turn it off in the Microsoft 365 admin center.
-
-1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com/) using your admin account.
-
-2. Select the app launcher icon in the upper-left and choose **Admin**.
-
-3. Expand **Settings** and select **Org Settings**.
-
-4. Select **Cortana** to toggle Cortana's access to Microsoft 365 data off.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
deleted file mode 100644
index 9bd3833b21..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ /dev/null
@@ -1,99 +0,0 @@
----
-title: Configure Cortana in Windows 10 and Windows 11
-ms.reviewer:
-manager: aaroncz
-description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Configure Cortana in Windows 10 and Windows 11
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-## Who is Cortana?
-
-Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 and Windows 11 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
-
-:::image type="content" source="./images/screenshot1.png" alt-text="Screenshot: Cortana home page example":::
-
-## Where is Cortana available for use in my organization?
-
-Your employees can use Cortana in the languages listed [here](https://support.microsoft.com/help/4026948/cortanas-regions-and-languages). However, most productivity skills are currently only enabled for English (United States), for users with mailboxes in the United States.
-
-The Cortana app in Windows 10, version 2004 requires the latest Microsoft Store update to support languages other than English (United States).
-
-## Required hardware and software
-
-Cortana requires a PC running Windows 10, version 1703 or later, and the following software to successfully run the included scenario in your organization.
-
->[!NOTE]
->A microphone isn't required to use Cortana.
-
-| Software | Minimum version |
-|---------|---------|
-|Client operating system | - Windows 10, version 2004 (recommended)
- Windows 10, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. |
-|Microsoft Entra ID | While all employees signing into Cortana need a Microsoft Entra account, a Microsoft Entra ID P1 or P2 tenant isn't required. |
-|Additional policies (Group Policy and Mobile Device Management (MDM)) |There's a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn off Cortana. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. |
-
->[!NOTE]
->For Windows 11, Cortana is no longer pinned to the taskbar by default. You can still pin the Cortana app to the taskbar as you would any other app. In addition, the keyboard shortcut that launched Cortana (Win+C) no longer opens Cortana.
-
-
-
-## Signing in using Microsoft Entra ID
-
-Your organization must have a Microsoft Entra tenant and your employees' devices must all be Microsoft Entra joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but won't be able to use their enterprise email or calendar.) For info about what a Microsoft Entra tenant is, how to get your devices joined, and other Microsoft Entra maintenance info, see [Microsoft Entra documentation.](/azure/active-directory/)
-
-## How is my data processed by Cortana?
-
-Cortana's approach to integration with Microsoft 365 has changed with Windows 10, version 2004 and later.
-
-### Cortana in Windows 10, version 2004 and later, or Windows 11
-
-Cortana enterprise services that can be accessed using Microsoft Entra ID through Cortana meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true).
-
-#### How does Microsoft store, retain, process, and use Customer Data in Cortana?
-
-The table below describes the data handling for Cortana enterprise services.
-
-
-| Name | Description |
-|---------|---------|
-|**Storage** |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. Speech audio isn't retained. |
-|**Stays in Geo** |Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant. |
-|**Retention** |Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. Speech audio isn't retained. |
-|**Processing and confidentiality** |Personnel engaged in the processing of Customer Data and personal data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends. |
-|**Usage** |Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud consistent with the Online Services Terms. Your data isn't used to target advertising. |
-
-#### How does the wake word (Cortana) work? If I enable it, is Cortana always listening?
-
->[!NOTE]
->The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
-
-Cortana only begins listening for commands or queries when the wake word is detected, or the microphone button has been selected.
-
-First, the user must enable the wake word from within Cortana settings. Once it has been enabled, a component of Windows called the [Windows Multiple Voice Assistant platform](/windows-hardware/drivers/audio/voice-activation-mva#voice-activation) will start listening for the wake word. No audio is processed by speech recognition unless two local wake word detectors and a server-side one agree with high confidence that the wake word was heard.
-
-The first decision is made by the Windows Multiple Voice Assistant platform using hardware optionally included in the user's PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening.
-
-:::image type="content" source="./images/screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening":::
-
-At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service doesn't confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user's PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded.
-
-If all three wake word detectors agree, the Cortana canvas will show what speech has been recognized.
-
-### Cortana in Windows 10, versions 1909 and earlier
-
-Cortana in Windows 10, versions 1909 and earlier, isn't a service covered by the Office 365 Trust Center. [Learn more about how Cortana in Windows 10, version 1909 and earlier, treats your data](https://go.microsoft.com/fwlink/p/?LinkId=536419).
-
-Cortana is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
-
-## See also
-
-- [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
deleted file mode 100644
index e0881606c0..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ /dev/null
@@ -1,88 +0,0 @@
----
-title: Configure Cortana with Group Policy and MDM settings (Windows)
-description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
-
-- **Allow Cortana**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana`
- - **MDM policy CSP**: [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)
- - **Description**: Specifies if users can use Cortana.
-
- Cortana won’t work if this setting is turned off (disabled). On Windows 10, version 1809 and below, users can still do local searches, even with Cortana turned off.
-
-- **AllowCortanaAboveLock**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock`
- - **MDM policy CSP**: [AboveLock/AllowCortanaAboveLock](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowcortanaabovelock)
- - **Description**: Specifies whether users can interact with Cortana using voice commands when the system is locked.
-
- This setting:
-
- - Doesn't apply to Windows 10, versions 2004 and later
- - Doesn't apply to Windows 11
-
-- **LetAppsActivateWithVoice**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice`
- - **MDM policy CSP**: [Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice)
- - **Description**: Specifies if apps, like Cortana or other voice assistants, can activate using a wake word, like “Hey Cortana”.
-
- This setting applies to:
-
- - Windows 10 versions 2004 and later
- - Windows 11
-
- To disable wake word activation on Windows 10 versions 1909 and earlier, disable voice commands using the [Privacy/AllowInputPersonalization CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization).
-
-- **LetAppsAccessMicrophone**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone`
- - **MDM policy CSP**: [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps)
- - **Description**: Disables Cortana’s access to the microphone. To use this setting, enter Cortana’s Package Family Name: `Microsoft.549981C3F5F10_8wekyb3d8bbwe`. Users can still type queries to Cortana.
-
-- **Allow users to enable online speech recognition services**
- - **Group policy**: `Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services`
- - **MDM policy CSP**: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization)
- - **Description**: Specifies whether users can use voice commands with Cortana in your organization.
- - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled).
- - **Windows 10, version 1607 and later**: Non-speech aspects of Cortana will still work if this setting is turned off (disabled).
- - **Windows 10, version 2004 and later**: Cortana will work, but voice input will be disabled.
-
-- **AllowLocation**
- - **Group policy**: None
- - **MDM policy CSP**: [System/AllowLocation](/windows/client-management/mdm/policy-csp-system#system-allowlocation)
- - **Description**: Specifies whether to allow app access to the Location service.
- - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled).
- - **Windows 10, version 1607 and later**: Cortana still works if this setting is turned off (disabled).
- - **Windows 10, version 2004 and later**: Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11 don't use the Location service.
-
-- **AllowMicrosoftAccountConnection**
- - **Group policy**: None
- - **MDM policy CSP**: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
- - **Description**: Specifies whether to allow users to sign in using a Microsoft account (MSA) from Windows apps. If you only want to allow users to sign in with their Microsoft Entra account, then disable this setting.
-
-- **Allow search and Cortana to use location**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location`
- - **MDM policy CSP**: [Search/AllowSearchToUseLocation](/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation)
- - **Description**: Specifies whether Cortana can use your current location during searches and for location reminders. In **Windows 10, version 2004 and later**, Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11, don't use the Location service.
-
-- **Don't search the web or display web results**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results`
- - **MDM policy CSP**: [Search/DoNotUseWebResults](/windows/client-management/mdm/policy-csp-search#search-donotusewebresults)
- - **Description**: Specifies if search can do queries on the web, and if the web results are shown in search.
- - **Windows 10 Pro edition**: This setting can’t be managed.
- - **Windows 10 Enterprise edition**: Cortana won't work if this setting is turned off (disabled).
- - **Windows 10, version 2004 and later**: This setting no longer impacts Cortana.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
deleted file mode 100644
index 28baf34fab..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Sign into Microsoft Entra ID, enable the wake word, and try a voice query
-description: A test scenario walking you through signing in and managing the notebook.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Test scenario 1 – Sign into Microsoft Entra ID, enable the wake word, and try a voice query
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!NOTE]
->The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
-
-1. Select the **Cortana** icon in the task bar and sign in using your Microsoft Entra account.
-
-2. Select the "…" menu and select **Talking to Cortana**.
-
-3. Toggle **Wake word** to **On** and close Cortana.
-
-4. Say **Cortana, what can you do?**
-
- When you say **Cortana**, Cortana will open in listening mode to acknowledge the wake word.
-
- :::image type="content" source="../screenshot4.png" alt-text="Screenshot: Cortana listening mode":::
-
- Once you finish saying your query, Cortana will open with the result.
-
->[!NOTE]
->If you've disabled the wake word using MDM or Group Policy, you will need to manually activate the microphone by selecting Cortana, then the mic button.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
deleted file mode 100644
index c107c97a64..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Perform a quick search with Cortana at work (Windows)
-description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 2 – Perform a Bing search with Cortana
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Type **What time is it in Hyderabad?**.
-
-Cortana will respond with the information from Bing.
-
-:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderabad":::
-
->[!NOTE]
->This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](./set-up-and-test-cortana-in-windows-10.md#set-up-and-configure-the-bing-answers-feature).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
deleted file mode 100644
index 50fb4c4d32..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Set a reminder for a location with Cortana at work (Windows)
-description: A test scenario about how to set a location-based reminder using Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 3 - Set a reminder
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-This scenario helps you set up, review, and edit a reminder. For example, you can remind yourself to send someone a link to a document after a meeting.
-
-1. Select the **Cortana** icon in the taskbar and type **Remind me to send a link to the deck at 3:05pm** and press **Enter**.
-
-Cortana will create a reminder in Microsoft To Do and will remind you at the appropriate time.
-
-:::image type="content" source="../screenshot6.png" alt-text="Screenshot: Cortana set a reminder":::
-
-:::image type="content" source="../screenshot7.png" alt-text="Screenshot: Cortana showing reminder on page":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
deleted file mode 100644
index 997bd2f471..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Use Cortana at work to find your upcoming meetings (Windows)
-description: A test scenario on how to use Cortana at work to find your upcoming meetings.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
-
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-This scenario helps you find out if a time slot is free on your calendar.
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type **Am I free at 3 PM tomorrow?**
-
-Cortana will respond with your availability for that time, and nearby meetings.
-
-:::image type="content" source="../screenshot8.png" alt-text="Screenshot: Cortana showing free time on a calendar":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
deleted file mode 100644
index 67d77779e6..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Use Cortana to send email to a coworker (Windows)
-description: A test scenario about how to use Cortana at work to send email to a coworker.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 5 - Test scenario 5 – Find out about a person
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-Cortana can help you quickly look up information about someone or the org chart.
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Type or select the mic and say, **Who is name of person in your organization's?**
-
-:::image type="content" source="../screenshot9.png" alt-text="Screenshot: Cortana showing name of person in your organization":::
-
-Cortana will respond with information about the person. You can select the person to see more information about them in Microsoft Search.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
deleted file mode 100644
index a940f6be39..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Review a reminder suggested by Cortana (Windows)
-description: A test scenario on how to use Cortana with the Suggested reminders feature.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 6 – Change your language and perform a quick search with Cortana
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-Cortana can help employees in regions outside the US search for quick answers like currency conversions, time zone conversions, or weather in their location.
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Select the **…** menu, then select **Settings**, **Language**, then select **Español (España)**. You'll be prompted to restart the app.
-
-3. Once the app has restarted, type or say **Convierte 100 Euros a Dólares**.
-
-:::image type="content" source="../screenshot10.png" alt-text="Screenshot: Cortana showing a change your language and showing search results in Spanish":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
deleted file mode 100644
index 88e5901e0c..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Help protect data with Cortana and WIP (Windows)
-description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!IMPORTANT]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This optional scenario helps you to protect your organization’s data on a device, based on an inspection by Cortana.
-
-## Use Cortana and WIP to protect your organization’s data
-
-1. Create and deploy a WIP policy to your organization. For information about how to do this step, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
-
-2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
-
-3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
- Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
-
-4. Create a new email from a protected mailbox, including the same text as above, _I’ll send you that presentation tomorrow_.
-
-5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
- Because it was in an WIP-protected email, the presentation info isn’t pulled out and it isn’t shown to you.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
deleted file mode 100644
index 9260043d11..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Cortana at work testing scenarios
-description: Suggested testing scenarios that you can use to test Cortana in your organization.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 06/28/2021
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Cortana at work testing scenarios
-
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
-
-- [Sign into Microsoft Entra ID, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)
-- [Perform a Bing search with Cortana](cortana-at-work-scenario-2.md)
-- [Set a reminder](cortana-at-work-scenario-3.md)
-- [Use Cortana to find free time on your calendar](cortana-at-work-scenario-4.md)
-- [Find out about a person](cortana-at-work-scenario-5.md)
-- [Change your language and perform a quick search with Cortana](cortana-at-work-scenario-6.md)
-- [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
deleted file mode 100644
index 21f168168d..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Set up and test custom voice commands in Cortana for your organization (Windows)
-description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Set up and test custom voice commands in Cortana for your organization
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!NOTE]
->This content applies to Cortana in versions 1909 and earlier, but will not be available in future releases.
-
-Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
-
-## High-level process
-Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be simple to complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.
-
-To enable voice commands in Cortana
-
-1. **Extend your LOB app.** Add a custom VCD file to your app package. This file defines what capabilities are available to Cortana from the app, letting you tell Cortana what vocal commands should be understood and handled by your app and how the app should start when the command is vocalized.
-
- Cortana can perform actions on apps in the foreground (taking focus from Cortana) or in the background (allowing Cortana to keep focus). We recommend that you decide where an action should happen, based on what your voice command is intended to do. For example, if your voice command requires employee input, it’s best for that to happen in the foreground. However, if the app only uses basic commands and doesn’t require interaction, it can happen in the background.
-
- - **Start Cortana with focus on your app, using specific voice-enabled statements.** [Activate a foreground app with voice commands through Cortana](/cortana/voice-commands/launch-a-foreground-app-with-voice-commands-in-cortana).
-
- - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Activate a background app in Cortana using voice commands](/cortana/voice-commands/launch-a-background-app-with-voice-commands-in-cortana).
-
-2. **Install the VCD file on employees' devices**. You can use Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
-
-## Test scenario: Use voice commands in a Microsoft Store app
-While these apps aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.
-
-**To get a Microsoft Store app**
-1. Go to the Microsoft Store, scroll down to the **Collections** area, select **Show All**, and then select **Better with Cortana**.
-
-2. Select **Uber**, and then select **Install**.
-
-3. Open Uber, create an account or sign in, and then close the app.
-
-**To set up the app with Cortana**
-1. Select on the **Cortana** search box in the taskbar, and then select the **Notebook** icon.
-
-2. Select on **Connected Services**, select **Uber**, and then select **Connect**.
-
- 
-
-**To use the voice-enabled commands with Cortana**
-1. Select on the **Cortana** icon in the taskbar, and then select the **Microphone** icon (to the right of the **Search** box).
-
-2. Say _Uber get me a taxi_.
-
- Cortana changes, letting you provide your trip details for Uber.
-
-## See also
-- [Cortana for developers](/cortana/skills/)
diff --git a/windows/configuration/cortana-at-work/images/screenshot1.png b/windows/configuration/cortana-at-work/images/screenshot1.png
deleted file mode 100644
index ed62740e92..0000000000
Binary files a/windows/configuration/cortana-at-work/images/screenshot1.png and /dev/null differ
diff --git a/windows/configuration/cortana-at-work/images/screenshot2.png b/windows/configuration/cortana-at-work/images/screenshot2.png
deleted file mode 100644
index fb7995600e..0000000000
Binary files a/windows/configuration/cortana-at-work/images/screenshot2.png and /dev/null differ
diff --git a/windows/configuration/cortana-at-work/includes/cortana-deprecation.md b/windows/configuration/cortana-at-work/includes/cortana-deprecation.md
deleted file mode 100644
index c5ad2bd22a..0000000000
--- a/windows/configuration/cortana-at-work/includes/cortana-deprecation.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
-ms.topic: include
-ms.date: 06/08/2023
-ms.localizationpriority: medium
----
-
-
-> [!Important]
-> Cortana in Windows as a standalone app is [deprecated](/windows/whats-new/deprecated-features). This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms.
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
deleted file mode 100644
index b9fd7b9023..0000000000
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Set up and test Cortana in Windows 10, version 2004 and later
-ms.reviewer:
-manager: aaroncz
-description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Set up and test Cortana in Windows 10, version 2004 and later
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-## Before you begin
-
-- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you'll need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
-- **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you'll need to [enable updates through the Microsoft Store](../stop-employees-from-using-microsoft-store.md).
-
-## Set up and configure the Bing Answers feature
-Bing Answers provides fast, authoritative results to search queries based on search terms. When the Bing Answers feature is enabled, users will be able to ask Cortana web-related questions in the Cortana in Windows app, such as "What's the current weather?" or "Who is the president of the U.S.?," and get a response, based on public results from Bing.com.
-
-The above experience is powered by Microsoft Bing, and Cortana sends the user queries to Bing. The use of Microsoft Bing is governed by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) and [Privacy Statement](https://privacy.microsoft.com/en-US/privacystatement).
-
-## Configure the Bing Answers feature
-
-Admins can configure the Cortana in Windows Bing Answers feature for their organizations. As the admin, use the following steps to change the setting for Bing Answers at the tenant/security group level. This setting is enabled by default, so that all users who have Cortana enabled will be able to receive Bing Answers. By default, the Bing Answer feature will be available to your users.
-
-Users can't enable or disable the Bing Answer feature individually. So, if you disable this feature at the tenant/security group level, no users in your organization or specific security group will be able to use Bing Answers in Cortana in Windows.
-
-Sign in to the [Office Configuration Admin tool](https://config.office.com/).
-
-Follow the steps [here](/deployoffice/overview-office-cloud-policy-service#steps-for-creating-a-policy-configuration) to create this policy configuration. Once completed, the policy will look as shown below:
-
-:::image type="content" source="../screenshot3.png" alt-text="Screenshot: Bing policy example":::
-
-## How does Microsoft handle customer data for Bing Answers?
-
-When a user enters a search query (by speech or text), Cortana evaluates if the request is for any of our first-party compliant skills if enabled in a specific market, and does the following actions:
-
-1. If it is for any of the first-party compliant skills, the query is sent to that skill, and results/action are returned.
-
-2. If it isn't for any of the first-party compliant skills, the query is sent to Bing for a search of public results from Bing.com. Because enterprise searches might be sensitive, similar to [Microsoft Search in Bing](/MicrosoftSearch/security-for-search#microsoft-search-in-bing-protects-workplace-searches), Bing Answers in Cortana has implemented a set of trust measures, described below, that govern how the separate search of public results from Bing.com is handled. The Bing Answers in Cortana trust measures are consistent with the enhanced privacy and security measures described in [Microsoft Search in Bing](/MicrosoftSearch/security-for-search). All Bing.com search logs that pertain to Cortana traffic are disassociated from users' workplace identity. All Cortana queries issued via a work or school account are stored separately from public, non-Cortana traffic.
-
-Bing Answers is enabled by default for all users. However, admins can configure and change this setting for specific users and user groups in their organization.
-
-## How the Bing Answer policy configuration is applied
-Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of a Microsoft Entra group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
deleted file mode 100644
index cd72adceb2..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
-description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-This scenario turns on Microsoft Entra ID and lets your employee use Cortana to manage an entry in the notebook.
-
-## Sign in with your work or school account
-
-This process helps you to sign out of a Microsoft Account and to sign into a Microsoft Entra account.
-
-1. Click on the **Cortana** icon in the taskbar, then click the profile picture in the navigation to open Cortana settings.
-
-2. Click your email address.
-
-A dialog box appears, showing the associated account info.
-
-3. Click **Sign out** under your email address.
-
-This signs out the Microsoft account, letting you continue to add your work or school account.
-
-4. Open Cortana again and select the **Sign in** glyph in the left rail and follow the instructions to sign in with your work or school account.
-
-## Use Cortana to manage the notebook content
-
-This process helps you to manage the content Cortana shows in your Notebook.
-
-1. Select the **Cortana** icon in the taskbar, click **Notebook**, select **Manage Skills.** Scroll down and click **Weather**.
-
-2. In the **Weather** settings, scroll down to the **Cities you're tracking** area, and then click **Add a city**.
-
-3. Add **Redmond, Washington**.
-
-> [!IMPORTANT]
-> The data created as part of these scenarios will be uploaded to Microsoft's Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
deleted file mode 100644
index f69b1c2789..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Test scenario 2 - Perform a quick search with Cortana at work
-description: A test scenario about how to perform a quick search with Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 2 – Perform a quick search with Cortana at work
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you perform a quick search using Cortana, both by typing and through voice commands.
-
-## Search using Cortana
-
-1. Click on the Cortana icon in the taskbar, and then click in the Search bar.
-
-2. Type **Type Weather in New York**.
-
-You should see the weather in New York, New York at the top of the search results.
-Insert screenshot
-
-## Search with Cortana, by using voice commands
-
-This process helps you to use Cortana at work and voice commands to perform a quick search.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box).
-
-2. Say **What's the weather in Chicago?** Cortana tells you and shows you the current weather in Chicago.
-Insert screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
deleted file mode 100644
index b57dded7f3..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ /dev/null
@@ -1,81 +0,0 @@
----
-title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
-description: A test scenario about how to set up, review, and edit a reminder based on a location.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 3 - Set a reminder for a specific location using Cortana at work
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you set up, review, and edit a reminder based on a location. For example, reminding yourself to grab your expense report receipts before you leave the house.
-
->[!Note]
->You can set each reminder location individually as you create the reminders, or you can go into the About me screen and add both Work and Home addresses as favorites. Make sure that you use real addresses since you’ll need to go to these locations to complete your testing scenario.
-
-Additionally, if you’ve turned on the Meeting & reminder cards & notifications option (in the Meetings & reminders option of your Notebook), you’ll also see your pending reminders on the Cortana Home page.
-
-## Create a reminder for a specific location
-
-This process helps you to create a reminder based on a specific location.
-
-1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
-
-2. Click the **+** sign, add a subject for your reminder, such as **Remember to file expense report receipts**, and then click **Place**.
-
-3. Choose **Arrive** from the drop-down box, and then type a location to associate with your reminder. For example, you can use the physical address of where you work. Just make sure you can physically get to your location, so you can test the reminder.
-
-4. Click **Done**.
-
->[!Note]
->If you’ve never used this location before, you’ll be asked to add a name for it so it can be added to the Favorites list in Windows Maps.
-
-5. Choose to be reminded the Next time you arrive at the location or on a specific day of the week from the drop-down box.
-
-6. Take a picture of your receipts and store them locally on your device.
-
-7. Click **Add Photo**, click **Library**, browse to your picture, and then click **OK**.
-
-The photo is stored with the reminder.
-
-Insert screenshot 6
-
-8. Review the reminder info, and then click **Remind**.
-
-The reminder is saved and ready to be triggered.
-Insert screenshot
-
-## Create a reminder for a specific location by using voice commands
-
-This process helps you to use Cortana at work and voice commands to create a reminder for a specific location.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone* icon (to the right of the Search box).
-
-2. Say **Remind me to grab my expense report receipts before I leave home**.
-
-Cortana opens a new reminder task and asks if it sounds good.
-insert screenshot
-
-3. Say **Yes** so Cortana can save the reminder.
-insert screenshot
-
-## Edit or archive an existing reminder
-
-This process helps you to edit or archive and existing or completed reminder.
-
-1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
-
-2. Click the pending reminder you want to edit.
-
-3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click Save to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
deleted file mode 100644
index 206010600b..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Use Cortana to find your upcoming meetings at work (Windows)
-description: A test scenario about how to use Cortana at work to find your upcoming meetings.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 4 - Use Cortana to find your upcoming meetings at work
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you search for both general upcoming meetings, and specific meetings, both manually and verbally.
-
->[!Note]
->If you’ve turned on the Meeting & reminder cards & notifications option (in the Meetings & reminders option of your Notebook), you’ll also see your pending reminders on the Cortana Home page.
-
-## Find out about upcoming meetings
-
-This process helps you find your upcoming meetings.
-
-1. Check to make sure your work calendar is connected and synchronized with your Microsoft Entra account.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type **Show me my meetings for tomorrow**.
-
-You’ll see all your meetings scheduled for the next day.
-
-Cortana at work, showing all upcoming meetings
-screenshot
-
-## Find out about upcoming meetings by using voice commands
-
-This process helps you to use Cortana at work and voice commands to find your upcoming meetings.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box.
-
-2. Say **Show me what meeting I have at 3pm tomorrow**.
-
->[!Important]
->Make sure that you have a meeting scheduled for the time you specify here.
-
-Cortana at work, showing the meeting scheduled for 3pm
-screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
deleted file mode 100644
index f8dfb7cf8e..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Use Cortana to send an email to co-worker (Windows)
-description: A test scenario on how to use Cortana at work to send email to a co-worker.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 5 - Use Cortana to send an email to co-worker
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you to send an email to a co-worker listed in your work address book, both manually and verbally.
-
-## Send email to a co-worker
-
-This process helps you to send a quick message to a co-worker from the work address book.
-
-1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Microsoft Entra account.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type **Send an email to
For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
-Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+| Kiosk Browser settings | Use this setting to |
+|--|--|
+| Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. |
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
+| Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. |
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
+
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18)
+1. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com)
+1. Save the XML file
+1. Open the project again in Windows Configuration Designer
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
->
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
->
->
> [!TIP]
+>
> To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information:
+>
> - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
> - Data type: Integer
> - Value: 1
-
#### Rules for URLs in Kiosk Browser settings
Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home).
URLs can include:
+
- A valid port value from 1 to 65,535.
- The path to the resource.
- Query parameters.
More guidelines for URLs:
-- If a period precedes the host, the policy filters exact host matches only.
-- You can't use user:pass fields.
-- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence.
-- The policy searches wildcards (*) last.
-- The optional query is a set of key-value and key-only tokens delimited by '&'.
-- Key-value tokens are separated by '='.
-- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching.
+- If a period precedes the host, the policy filters exact host matches only
+- You can't use user:pass fields
+- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence
+- The policy searches wildcards (*) last
+- The optional query is a set of key-value and key-only tokens delimited by '&'
+- Key-value tokens are separated by '='
+- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching
### Examples of blocked URLs and exceptions
The following table describes the results for different combinations of blocked URLs and blocked URL exceptions.
-Blocked URL rule | Block URL exception rule | Result
---- | --- | ---
-`*` | `contoso.com`
`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains.
-`contoso.com` | `mail.contoso.com`
`.contoso.com`
`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain.
-`youtube.com` | `youtube.com/watch?v=v1`
`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2).
+| Blocked URL rule | Block URL exception rule | Result |
+|--|--|--|
+| `*` | `contoso.com`
`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains. |
+| `contoso.com` | `mail.contoso.com`
`.contoso.com`
`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. |
+| `youtube.com` | `youtube.com/watch?v=v1`
`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). |
-The following table gives examples for blocked URLs.
+The following table gives examples for blocked URLs.
-
-| Entry | Result |
-|--------------------------|-------------------------------------------------------------------------------|
-| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
-| `https://*` | Blocks all HTTPS requests to any domain. |
-| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
-| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
-| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
-| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
-| `*:8080` | Blocks all requests to port 8080. |
-| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
-| `192.168.1.2` | Blocks requests to 192.168.1.2. |
-| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
+| Entry | Result |
+|--|--|
+| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
+| `https://*` | Blocks all HTTPS requests to any domain. |
+| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
+| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
+| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
+| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
+| `*:8080` | Blocks all requests to port 8080. |
+| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
+| `192.168.1.2` | Blocks requests to 192.168.1.1. |
+| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
### Other browsers
-
-
You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
-- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
+
+- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
- [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView)
- [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
-
-
## Secure your information
Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
## App configuration
-Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
+Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
-Check the guidelines published by your selected app and set up accordingly.
+Check the guidelines published by your selected app and set up accordingly.
## Develop your kiosk app
-Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
+Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
-Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
+Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
## Test your assigned access experience
diff --git a/windows/configuration/images/account-management-details.PNG b/windows/configuration/kiosk/images/account-management-details.PNG
similarity index 100%
rename from windows/configuration/images/account-management-details.PNG
rename to windows/configuration/kiosk/images/account-management-details.PNG
diff --git a/windows/configuration/images/add-applications-details.PNG b/windows/configuration/kiosk/images/add-applications-details.PNG
similarity index 100%
rename from windows/configuration/images/add-applications-details.PNG
rename to windows/configuration/kiosk/images/add-applications-details.PNG
diff --git a/windows/configuration/images/add-certificates-details.PNG b/windows/configuration/kiosk/images/add-certificates-details.PNG
similarity index 100%
rename from windows/configuration/images/add-certificates-details.PNG
rename to windows/configuration/kiosk/images/add-certificates-details.PNG
diff --git a/windows/configuration/images/apprule.png b/windows/configuration/kiosk/images/apprule.png
similarity index 100%
rename from windows/configuration/images/apprule.png
rename to windows/configuration/kiosk/images/apprule.png
diff --git a/windows/configuration/images/appwarning.png b/windows/configuration/kiosk/images/appwarning.png
similarity index 100%
rename from windows/configuration/images/appwarning.png
rename to windows/configuration/kiosk/images/appwarning.png
diff --git a/windows/configuration/images/aumid-file-explorer.png b/windows/configuration/kiosk/images/aumid-file-explorer.png
similarity index 100%
rename from windows/configuration/images/aumid-file-explorer.png
rename to windows/configuration/kiosk/images/aumid-file-explorer.png
diff --git a/windows/configuration/images/auto-signin.png b/windows/configuration/kiosk/images/auto-signin.png
similarity index 100%
rename from windows/configuration/images/auto-signin.png
rename to windows/configuration/kiosk/images/auto-signin.png
diff --git a/windows/configuration/images/enable-assigned-access-log.png b/windows/configuration/kiosk/images/enable-assigned-access-log.png
similarity index 100%
rename from windows/configuration/images/enable-assigned-access-log.png
rename to windows/configuration/kiosk/images/enable-assigned-access-log.png
diff --git a/windows/configuration/images/finish-details.png b/windows/configuration/kiosk/images/finish-details.png
similarity index 100%
rename from windows/configuration/images/finish-details.png
rename to windows/configuration/kiosk/images/finish-details.png
diff --git a/windows/configuration/images/genrule.png b/windows/configuration/kiosk/images/genrule.png
similarity index 100%
rename from windows/configuration/images/genrule.png
rename to windows/configuration/kiosk/images/genrule.png
diff --git a/windows/configuration/images/kiosk-account-details.PNG b/windows/configuration/kiosk/images/kiosk-account-details.PNG
similarity index 100%
rename from windows/configuration/images/kiosk-account-details.PNG
rename to windows/configuration/kiosk/images/kiosk-account-details.PNG
diff --git a/windows/configuration/images/kiosk-common-details.PNG b/windows/configuration/kiosk/images/kiosk-common-details.PNG
similarity index 100%
rename from windows/configuration/images/kiosk-common-details.PNG
rename to windows/configuration/kiosk/images/kiosk-common-details.PNG
diff --git a/windows/configuration/images/kiosk-fullscreen-sm.png b/windows/configuration/kiosk/images/kiosk-fullscreen-sm.png
similarity index 100%
rename from windows/configuration/images/kiosk-fullscreen-sm.png
rename to windows/configuration/kiosk/images/kiosk-fullscreen-sm.png
diff --git a/windows/configuration/images/kiosk-settings.PNG b/windows/configuration/kiosk/images/kiosk-settings.PNG
similarity index 100%
rename from windows/configuration/images/kiosk-settings.PNG
rename to windows/configuration/kiosk/images/kiosk-settings.PNG
diff --git a/windows/configuration/images/kiosk-wizard.png b/windows/configuration/kiosk/images/kiosk-wizard.png
similarity index 100%
rename from windows/configuration/images/kiosk-wizard.png
rename to windows/configuration/kiosk/images/kiosk-wizard.png
diff --git a/windows/configuration/images/lockdownapps.png b/windows/configuration/kiosk/images/lockdownapps.png
similarity index 100%
rename from windows/configuration/images/lockdownapps.png
rename to windows/configuration/kiosk/images/lockdownapps.png
diff --git a/windows/configuration/images/multiappassignedaccesssettings.png b/windows/configuration/kiosk/images/multiappassignedaccesssettings.png
similarity index 100%
rename from windows/configuration/images/multiappassignedaccesssettings.png
rename to windows/configuration/kiosk/images/multiappassignedaccesssettings.png
diff --git a/windows/configuration/images/profile-config.png b/windows/configuration/kiosk/images/profile-config.png
similarity index 100%
rename from windows/configuration/images/profile-config.png
rename to windows/configuration/kiosk/images/profile-config.png
diff --git a/windows/configuration/images/sample-start.png b/windows/configuration/kiosk/images/sample-start.png
similarity index 100%
rename from windows/configuration/images/sample-start.png
rename to windows/configuration/kiosk/images/sample-start.png
diff --git a/windows/configuration/images/set-assignedaccess.png b/windows/configuration/kiosk/images/set-assignedaccess.png
similarity index 100%
rename from windows/configuration/images/set-assignedaccess.png
rename to windows/configuration/kiosk/images/set-assignedaccess.png
diff --git a/windows/configuration/images/set-up-device-details.PNG b/windows/configuration/kiosk/images/set-up-device-details.PNG
similarity index 100%
rename from windows/configuration/images/set-up-device-details.PNG
rename to windows/configuration/kiosk/images/set-up-device-details.PNG
diff --git a/windows/configuration/images/set-up-network-details.PNG b/windows/configuration/kiosk/images/set-up-network-details.PNG
similarity index 100%
rename from windows/configuration/images/set-up-network-details.PNG
rename to windows/configuration/kiosk/images/set-up-network-details.PNG
diff --git a/windows/configuration/images/slv2-oma-uri.png b/windows/configuration/kiosk/images/slv2-oma-uri.png
similarity index 100%
rename from windows/configuration/images/slv2-oma-uri.png
rename to windows/configuration/kiosk/images/slv2-oma-uri.png
diff --git a/windows/configuration/images/vm-kiosk-connect.png b/windows/configuration/kiosk/images/vm-kiosk-connect.png
similarity index 100%
rename from windows/configuration/images/vm-kiosk-connect.png
rename to windows/configuration/kiosk/images/vm-kiosk-connect.png
diff --git a/windows/configuration/images/vm-kiosk.png b/windows/configuration/kiosk/images/vm-kiosk.png
similarity index 100%
rename from windows/configuration/images/vm-kiosk.png
rename to windows/configuration/kiosk/images/vm-kiosk.png
diff --git a/windows/configuration/kiosk/kiosk-additional-reference.md b/windows/configuration/kiosk/kiosk-additional-reference.md
new file mode 100644
index 0000000000..d652bf9874
--- /dev/null
+++ b/windows/configuration/kiosk/kiosk-additional-reference.md
@@ -0,0 +1,22 @@
+---
+title: More kiosk methods and reference information
+description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
+ms.topic: reference
+ms.date: 12/31/2017
+---
+
+# More kiosk methods and reference information
+
+## In this section
+
+| Topic | Description |
+|--|--|
+| [Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app. |
+| [Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk. |
+| [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience. |
+| [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. |
+| [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. |
+| [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. |
+| [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. |
+| [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. |
+| [Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. |
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk/kiosk-mdm-bridge.md
similarity index 74%
rename from windows/configuration/kiosk-mdm-bridge.md
rename to windows/configuration/kiosk/kiosk-mdm-bridge.md
index 4b2f8a1fe8..7725923709 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk/kiosk-mdm-bridge.md
@@ -1,42 +1,30 @@
---
-title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
+title: Use MDM Bridge WMI Provider to create a Windows kiosk
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 1/26/2024
+zone_pivot_groups: windows-versions-11-10
+appliesto:
---
# Use MDM Bridge WMI Provider to create a Windows client kiosk
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
+Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
Here's an example to set AssignedAccess configuration:
-1. Download the [psexec tool](/sysinternals/downloads/psexec).
-2. Run `psexec.exe -i -s cmd.exe`.
-3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
+1. [Download PsTools][PSTools]
+1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
+1. In the PowerShell session launched by `psexec.exe`, execute the following script:
-Step 4 is different for Windows 10 or Windows 11
+::: zone pivot="windows-10"
-4. Execute the following script for Windows 10:
-
-```xml
+```PowerShell
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
Add-Type -AssemblyName System.Web
+
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). |
| start:DesktopApplicationTileParent:AppendGroup | DesktopApplicationIDDesktopApplicationLinkPathSizeRowColumn | Use to specify any of the following:- A Windows desktop application with a known AppUserModelID- An application in a known folder with a link in a legacy Start Menu folder- A Windows desktop application link in a legacy Start Menu folder- A Web link tile with an associated `.url` file that is in a legacy Start Menu folder |
| start:SecondaryTileParent:AppendGroup | AppUserModelIDTileIDArgumentsDisplayNameSquare150x150LogoUriShowNameOnSquare150x150LogoShowNameOnWide310x150LogoWide310x150LogoUriBackgroundColorForegroundTextIsSuggestedAppSizeRowColumn | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. |
-| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).Don't use this tag with AppendDownloadOfficeTile. |
| AppendDownloadOfficeTileParent:LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in StartDo not use this tag with AppendOfficeSuite |
@@ -89,11 +77,11 @@ The following table lists the supported elements and attributes for the LayoutMo
New devices running Windows 10 for desktop editions will default to a Start menu with two columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features:
-- Boot to tablet mode can be set on or off.
-- Set full screen Start on desktop to on or off.
- To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false.
-- Specify the number of columns in the Start menu to 1 or 2.
- To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2.
+- Boot to tablet mode can be set on or off
+- Set full screen Start on desktop to on or off
+ To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false
+- Specify the number of columns in the Start menu to 1 or 2
+ To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2
The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use one column in the Start menu:
@@ -117,33 +105,33 @@ For devices being upgraded to Windows 10 for desktop editions:
### RequiredStartGroups
-The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout.
+The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout.
>[!IMPORTANT]
->For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag.
+>For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag.
-You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example:
+You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example:
```XML
The setting values for **desktop applications** are stored when the user closes the application.
Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.
The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
-| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. |
-| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications).
**Note** Settings location templates are not required for Windows applications. |
-| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). |
+| **Component** | **Function** |
+|--|--|
+| **UE-V service** | Enabled on every device that needs to synchronize settings, the **UE-V service** monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices. |
+| **Settings packages** | Application settings and Windows settings are stored in **settings packages** created by the UE-V service. Settings packages are built, locally stored, and copied to the settings storage location.
The setting values for **desktop applications** are stored when the user closes the application.
Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.
The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
+| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. |
+| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications).
**Note** Settings location templates are not required for Windows applications. |
+| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). |
## Manage settings synchronization for custom applications
Use these UE-V components to create and manage custom templates for your third-party or line-of-business applications.
-| Component | Description |
-|-------------------------------|---------------|
-| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor.
With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
-| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.
If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md).|
+| Component | Description |
+|--|--|
+| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor.
With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
If you are upgrading from an existing UE-V installation, you'll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
+| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.
If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md). |
-### Planning a UE-V deployment
+### Planning a UE-V deployment
Review the following articles to determine which UE-V components you'll be deploying.
-- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
+- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
If you want to synchronize settings for custom applications, you'll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involve the following tasks:
- - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+ - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+ - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
- - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
-
-- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
-
-- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
+- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
+- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
## Decide whether to synchronize settings for custom applications
@@ -77,11 +60,9 @@ Deciding if you want UE-V to synchronize settings for custom applications is an
This section explains which settings are synchronized by default in UE-V, including:
-- Desktop applications that are synchronized by default
-
-- Windows desktop settings that are synchronized by default
-
-- A statement of support for Windows applications setting synchronization
+- Desktop applications that are synchronized by default
+- Windows desktop settings that are synchronized by default
+- A statement of support for Windows applications setting synchronization
For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367)
@@ -90,16 +71,15 @@ For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) set
When you enable the UE-V service on user devices, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
| Application category | Description |
-|-----------------------------|-------------------|
+|--|--|
| Microsoft Office 2016 applications | Microsoft Access 2016
Microsoft Lync 2016
Microsoft Excel 2016
Microsoft OneNote 2016
Microsoft Outlook 2016
Microsoft PowerPoint 2016
Microsoft Project 2016
Microsoft Publisher 2016
Microsoft SharePoint Designer 2013 (not updated for 2016)
Microsoft Visio 2016
Microsoft Word 2016
Microsoft Office Upload Manager
Microsoft Infopath has been removed (deprecated) from the Office 2016 suite |
-| Microsoft Office 2013 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013
Microsoft Excel 2013
Microsoft Outlook 2013
Microsoft Access 2013
Microsoft Project 2013
Microsoft PowerPoint 2013
Microsoft Publisher 2013
Microsoft Visio 2013
Microsoft InfoPath 2013
Microsoft Lync 2013
Microsoft OneNote 2013
Microsoft SharePoint Designer 2013
Microsoft Office 2013 Upload Center
Microsoft OneDrive for Business 2013
-| Microsoft Office 2010 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010
Microsoft Excel 2010
Microsoft Outlook 2010
Microsoft Access 2010
Microsoft Project 2010
Microsoft PowerPoint 2010
Microsoft Publisher 2010
Microsoft Visio 2010
Microsoft SharePoint Workspace 2010
Microsoft InfoPath 2010
Microsoft Lync 2010
Microsoft OneNote 2010
Microsoft SharePoint Designer 2010 |
+| Microsoft Office 2013 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013
Microsoft Excel 2013
Microsoft Outlook 2013
Microsoft Access 2013
Microsoft Project 2013
Microsoft PowerPoint 2013
Microsoft Publisher 2013
Microsoft Visio 2013
Microsoft InfoPath 2013
Microsoft Lync 2013
Microsoft OneNote 2013
Microsoft SharePoint Designer 2013
Microsoft Office 2013 Upload Center
Microsoft OneDrive for Business 2013 |
+| Microsoft Office 2010 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010
Microsoft Excel 2010
Microsoft Outlook 2010
Microsoft Access 2010
Microsoft Project 2010
Microsoft PowerPoint 2010
Microsoft Publisher 2010
Microsoft Visio 2010
Microsoft SharePoint Workspace 2010
Microsoft InfoPath 2010
Microsoft Lync 2010
Microsoft OneNote 2010
Microsoft SharePoint Designer 2010 |
| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars.
**Note**
UE-V doesn't roam settings for Internet Explorer cookies. |
| Windows accessories | Microsoft NotePad, WordPad |
> [!NOTE]
> - An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
->
> - UE-V doesn't synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
### Windows settings synchronized by default
@@ -107,22 +87,22 @@ When you enable the UE-V service on user devices, it registers a default group o
UE-V includes settings location templates that capture settings values for these Windows settings.
| Windows settings | Description | Apply on | Export on | Default state |
-|----------------------|-----------------|--------------|---------------|-------------------|
-| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
-| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
-| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
+|--|--|--|--|--|
+| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
+| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
+| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
> [!IMPORTANT]
> UE-V roams taskbar settings between Windows 10 devices. However, UE-V doesn't synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions.
| Settings group | Category | Capture | Apply |
-|--------------------------|----------------|----------------|--------------|
-| **Application Settings** | Windows applications | Close application
Windows application settings change event | Start the UE-V App Monitor at startup
Open app
Windows application settings change event
Arrival of a settings package |
-| | Desktop applications | Application closes | Application opens and closes |
-| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
-| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Desktop settings | Lock or log off | Log on |
+|--|--|--|--|
+| **Application Settings** | Windows applications | Close application
Windows application settings change event | Start the UE-V App Monitor at startup
Open app
Windows application settings change event
Arrival of a settings package |
+| | Desktop applications | Application closes | Application opens and closes |
+| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
+| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+| | Desktop settings | Lock or log off | Log on |
### UE-V-support for Windows applications
@@ -139,28 +119,24 @@ Users can print to their saved network printers, including their default network
Printer roaming in UE-V requires one of these scenarios:
-- The print server can download the required driver when it roams to a new device.
-
-- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
-
-- The printer driver can be imported from Windows Update.
+- The print server can download the required driver when it roams to a new device.
+- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
+- The printer driver can be imported from Windows Update.
> [!NOTE]
> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
### Determine whether you need settings synchronized for other applications
-After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
+After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you'll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can be synchronized safely across multiple devices or environments.
In general, you can synchronize settings that meet the following criteria:
-- Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
-
-- Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
-
-- Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
+- Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
+- Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
+- Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
### Checklist for evaluating custom applications
@@ -172,7 +148,7 @@ If you've decided that you need to synchronize settings for custom applications,
|  | Is it important for the user that these settings are synchronized? |
|  | Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings. |
|  | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations don't consistently synchronize across sessions and can cause a poor application experience. |
-|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
+|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\ \[User name\] \**AppData**\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
|  | Does the application store any settings in a file that contains other application data that shouldn't synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this extra data can cause a poor application experience.|
|  | How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization. |
@@ -180,21 +156,15 @@ If you've decided that you need to synchronize settings for custom applications,
You should also consider these things when you're preparing to deploy UE-V:
-- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+- [Windows applications settings synchronization](#windows-applications-settings-synchronization)
+- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
+- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
+- [Performance and capacity](#performance-and-capacity-planning)
+- [High availability](#high-availability-for-ue-v)
+- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
-- [Windows applications settings synchronization](#windows-applications-settings-synchronization)
-
-- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
-
-- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
-
-- [Performance and capacity](#performance-and-capacity-planning)
-
-- [High availability](#high-availability-for-ue-v)
-
-- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
-
-### Managing credentials synchronization in UE-V
+### Managing credentials synchronization in UE-V
Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid reentering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V.
@@ -230,25 +200,19 @@ Copy
[Group Policy](uev-configuring-uev-with-group-policy-objects.md)**:** You must edit the Group Policy administrative template for UE-V, which is included in Windows 10, version 1607, to enable credential synchronization through group policy. Credentials synchronization is managed in Windows settings. To manage this feature with Group Policy, enable the **Synchronize Windows** settings policy.
-1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
-
-2. Double-click **Synchronize Windows settings**.
-
-3. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
-
-4. Select **OK**.
+1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
+1. Double-click **Synchronize Windows settings**.
+1. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
+1. Select **OK**.
### Credential locations synchronized by UE-V
Credential files saved by applications into the following locations are synchronized:
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Credentials\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Crypto\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Protect\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\
+- %UserProfile%\AppData\Roaming\Microsoft\Credentials\
+- %UserProfile%\AppData\Roaming\Microsoft\Crypto\
+- %UserProfile%\AppData\Roaming\Microsoft\Protect\
+- %UserProfile%\AppData\Roaming\Microsoft\SystemCertificates\
Credentials saved to other locations aren't synchronized by UE-V.
@@ -256,17 +220,15 @@ Credentials saved to other locations aren't synchronized by UE-V.
UE-V manages Windows application settings synchronization in three ways:
-- **Sync Windows applications:** Allow or deny any Windows application synchronization
-
-- **Windows applications list:** Synchronize a list of Windows applications
-
-- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
+- **Sync Windows applications:** Allow or deny any Windows application synchronization
+- **Windows applications list:** Synchronize a list of Windows applications
+- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
For more information, see the [Windows Application List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
### Custom UE-V settings location templates
-If you're deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
+If you're deploying UE-V to synchronize settings for custom applications, you'll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
@@ -276,15 +238,11 @@ For more information about custom settings location templates, see [Deploy UE-V
UE-V downloads new user settings information from a settings storage location and applies the settings to the local device in these instances:
-- Each time an application is started that has a registered UE-V template
-
-- When a user signs in to a device
-
-- When a user unlocks a device
-
-- When a connection is made to a remote desktop device running UE-V
-
-- When the Sync Controller Application scheduled task is run
+- Each time an application is started that has a registered UE-V template
+- When a user signs in to a device
+- When a user unlocks a device
+- When a connection is made to a remote desktop device running UE-V
+- When the Sync Controller Application scheduled task is run
If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they're opened and closed with preferred settings.
@@ -306,21 +264,16 @@ By default, UE-V synchronization times out after 2 seconds to prevent excessive
The UE-V settings storage location and settings template catalog support storing user data on any writable share. To ensure high availability, follow these criteria:
-- Format the storage volume with an NTFS file system.
-
-- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
-
+- Format the storage volume with an NTFS file system.
+- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
- [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles)
-
- [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](/troubleshoot/windows-server/networking/support-policy-for-dfsr-dfsn-deployment)
In addition, because SYSVOL uses DFSR for replication, SYSVOL can't be used for UE-V data file replication.
-- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
-
-- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
-
-- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
+- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
+- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
+- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
### Synchronize computer clocks for UE-V settings synchronization
@@ -331,15 +284,14 @@ Computers that run the UE-V service must use a time server to maintain a consist
Before you proceed, ensure that your environment meets these requirements for using UE-V.
| Operating system | Edition | Service pack | System architecture | Windows PowerShell | Microsoft .NET Framework |
-|--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------|
-| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
-| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
-| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+|--|--|--|--|--|--|
+| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
> [!NOTE]
> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
->
-> - The “Delete Roaming Cache” policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
+> - The "Delete Roaming Cache" policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
There are no special random access memory (RAM) requirements specific to UE-V.
@@ -347,13 +299,10 @@ There are no special random access memory (RAM) requirements specific to UE-V.
Sync Provider is the default setting for users and synchronizes a local cache with the settings storage location in these instances:
-- Log on/log off
-
-- Lock/unlock
-
-- Remote desktop connect/disconnect
-
-- Application open/close
+- Log on/log off
+- Lock/unlock
+- Remote desktop connect/disconnect
+- Application open/close
A scheduled task manages this synchronization of settings every 30 minutes or through trigger events for certain applications. For more information, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md).
@@ -364,7 +313,6 @@ The UE-V service synchronizes user settings for devices that aren't always conne
Enable this configuration using one of these methods:
- After you enable the UE-V service, use the Settings Management feature in Microsoft Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
-
- Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration.
Restart the device to allow the settings to synchronize.
@@ -372,7 +320,6 @@ Restart the device to allow the settings to synchronize.
> [!NOTE]
> These methods do not work for pooled virtual desktop infrastructure (VDI) environments.
-
> [!NOTE]
> If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path.
@@ -389,22 +336,13 @@ The VDI template is provided with UE-V and is typically available here after ins
Install the UE-V template generator on the device that is used to create custom settings location templates. This device should be able to run the applications that you want to synchronize settings for. You must be a member of the Administrators group on the device that runs the UE-V template generator software.
-The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 4. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
-
-
-
-
+The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 1. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
## Other resources for this feature
-- [User Experience Virtualization overview](uev-for-windows.md)
-
-- [Get started with UE-V](uev-getting-started.md)
-
-- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [User Experience Virtualization overview](uev-for-windows.md)
+- [Get started with UE-V](uev-getting-started.md)
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 995f79f988..b59b289e49 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,24 +1,12 @@
---
title: User Experience Virtualization (UE-V) Release Notes
description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# User Experience Virtualization (UE-V) Release Notes
-**Applies to**
-- Windows 10, version 1607
-
This topic includes information required to successfully install and use UE-V that isn't included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
### Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -62,7 +50,7 @@ WORKAROUND: Install only one version of Office or limit which settings are synch
### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
-While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application's settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application's settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
WORKAROUND: None.
@@ -103,17 +91,10 @@ WORKAROUND: None
**Additional resources for this feature**
- [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings)
-
- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)](/troubleshoot/windows-client/ue-v/enable-debug-logging)
-
-- [User Experience Virtualization](uev-for-windows.md)
-
-- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
-- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [User Experience Virtualization](uev-for-windows.md)
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index 0f2220b76e..b0ba65c8c5 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -1,48 +1,33 @@
---
title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Security Considerations for UE-V
-**Applies to**
-- Windows 10, version 1607
-
This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). For more information, follow the links that are provided here.
## Security considerations for UE-V configuration
-
> [!IMPORTANT]
> When you create the settings storage share, limit the share access to users who require access.
Because settings packages might contain personal information, you should take care to protect them as much as possible. In general, do the following steps:
-- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
+- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
-- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
-
-- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
-
-1. Set the following share-level SMB permissions for the setting storage location folder.
+1. Set the following share-level SMB permissions for the setting storage location folder.
|User account|Recommended permissions|
|--- |--- |
|Everyone|No permissions|
|Security group of UE-V|Full control|
-2. Set the following NTFS file system permissions for the settings storage location folder.
+1. Set the following NTFS file system permissions for the settings storage location folder.
|User account|Recommended permissions|Folder|
|--- |--- |--- |
@@ -51,7 +36,7 @@ Because settings packages might contain personal information, you should take ca
|Security group of UE-V users|List folder/read data, create folders/append data|This folder only|
|Everyone|Remove all permissions|No permissions|
-3. Set the following share-level SMB permissions for the settings template catalog folder.
+1. Set the following share-level SMB permissions for the settings template catalog folder.
|User account|Recommend permissions|
|--- |--- |
@@ -59,7 +44,7 @@ Because settings packages might contain personal information, you should take ca
|Domain computers|Read permission Levels|
|Administrators|Read/write permission levels|
-4. Set the following NTFS permissions for the settings template catalog folder.
+1. Set the following NTFS permissions for the settings template catalog folder.
|User account|Recommended permissions|Apply to|
|--- |--- |--- |
@@ -68,25 +53,23 @@ Because settings packages might contain personal information, you should take ca
|Everyone|No permissions|No permissions|
|Administrators|Full Control|This folder, subfolders, and files|
-### Use Windows Server as of Windows Server 2003 to host redirected file shares
+### Use Windows Server as of Windows Server 2003 to host redirected file shares
User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this process, you should ensure that the data is protected while it travels over the network.
User settings data is vulnerable to these potential threats: interception of the data as it passes over the network, tampering with the data as it passes over the network, and spoofing of the server that hosts the data.
-As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
+As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
-- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
+- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2001. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
-- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
+- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
- - Roamed data is safe from data modification while data is en route.
+ - Roamed data is safe from data modification while data is en route.
+ - Roamed data is safe from interception, viewing, or copying.
+ - Roamed data is safe from access by unauthenticated parties.
- - Roamed data is safe from interception, viewing, or copying.
-
- - Roamed data is safe from access by unauthenticated parties.
-
-- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
+- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
### Always use the NTFS file system for volumes that hold user data
@@ -107,20 +90,18 @@ This permission configuration enables users to create folders for settings stora
> [!NOTE]
> Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
-1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
-
-2. Set the registry key value to *1*.
+1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
+1. Set the registry key value to *1*.
When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service doesn't grant access to the folder.
-
If you must create folders for the users, ensure that you have the correct permissions set.
We strongly recommend that you don't pre-create folders. Instead, let the UE-V service create the folder for the user.
### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory
-If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
+If you redirect UE-V settings to a user's home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
### Review the contents of settings location templates and control access to them as needed
@@ -128,9 +109,8 @@ When a settings location template is being created, the UE-V generator uses a Li
If you plan to share settings location templates with anyone outside your organization, you should review all the settings locations and ensure the settings location templates don't contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
-- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
-
-- **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template.
+- **Template Author Name** - Specify a general, non-identifying name for the template author name or exclude this data from the template.
+- **Template Author Email** - Specify a general, non-identifying template author email or exclude this data from the template.
To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 17d2bba46f..c009f76e63 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -1,50 +1,26 @@
---
title: Sync Methods for UE-V
-description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users' application and Windows settings with the settings storage location.
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Sync Methods for UE-V
-**Applies to**
-- Windows 10, version 1607
-
-The User Experience Virtualization (UE-V) service lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
+The User Experience Virtualization (UE-V) service lets you synchronize users' application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
## SyncMethod Configuration
This table provides a description of each SyncMethod configuration:
-| **SyncMethod Configuration** | **Description** |
-|------------------------------|---------------------|
-| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.
This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time.
This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
-| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
-| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
+| **SyncMethod Configuration** | **Description** |
+|--|--|
+| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.
This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn't delayed for a long period of time.
This functionality is also tied to the Scheduled task - Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
+| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
+| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
You can configure the sync method in these ways:
-- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-
-- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
-
-- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
-
-
-
-
-
-## Related topics
-
-[Deploy Required UE-V Features](uev-deploy-required-features.md)
-
-[Technical Reference for UE-V](uev-technical-reference.md)
+- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 6cae6d66bf..a7347846ca 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -1,24 +1,12 @@
---
title: Sync Trigger Events for UE-V
description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Sync Trigger Events for UE-V
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V service synchronizes those settings with the settings storage location. For more information about Sync Method configuration, see [Sync Methods for UE-V](uev-sync-methods.md).
## UE-V Sync Trigger Events
@@ -38,18 +26,6 @@ The following table explains the trigger events for classic applications and Win
## Related topics
-
[Technical Reference for UE-V](uev-technical-reference.md)
-
[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
-
[Choose the Configuration Method for UE-V](uev-deploy-required-features.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index e06e33e471..8fb7fae374 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -1,37 +1,22 @@
---
title: Synchronizing Microsoft Office with UE-V
description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Synchronizing Office with UE-V
-**Applies to**
-- Windows 10, version 1607
-
Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
-To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates and community-developed settings location templates.
-
## Microsoft Office support in UE-V
-UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
+UE-V includes settings location templates for Microsoft Office 2016, 2013, and 201. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
-These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
+These templates help synchronize users' Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
## Synchronized Office Settings
-
Review the following tables for details about Office support in UE-V:
### Supported UE-V templates for Microsoft Office
@@ -50,14 +35,11 @@ Review the following tables for details about Office support in UE-V:
You can deploy UE-V settings location template with the following methods:
-- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
-
+- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
```powershell
Register-UevTemplate -Path
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+| Kiosk Browser settings | Use this setting to |
+|--|--|
+| Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs. |
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
->
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+1. Insert the null character string in between each URL (e.g https://www.bing.com``https://www.contoso.com).
+1. Save the XML file.
+1. Open the project again in Windows Configuration Designer.
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index a2135a483b..183f46a056 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -1,28 +1,20 @@
---
-title: Licensing (Windows 10)
+title: Licensing
description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Licensing (Windows Configuration Designer reference)
-Use for settings related to Microsoft licensing programs.
+Use for settings related to Microsoft licensing programs.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | |
-| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | |
+| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✅ | | | |
+| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✅ | | | |
## AllowWindowsEntitlementReactivation
@@ -30,4 +22,5 @@ Enable or disable Windows license reactivation.
## DisallowKMSClientOnlineAVSValidation
-Enable this setting to prevent the device from sending data to Microsoft regarding its activation state.
+Enable this setting to prevent the device from sending data to Microsoft regarding its activation state.
+
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index bbc00f2648..577c704fa4 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -1,16 +1,8 @@
---
-title: Location (Windows 10)
+title: Location
description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Location (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use Location settings to configure location services.
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [EnableLocation](#enablelocation) | | | | ✔️ |
+| [EnableLocation](#enablelocation) | | | | ✅ |
## EnableLocation
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index bf3aeccaf3..df82391f94 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -1,30 +1,21 @@
---
-title: Maps (Windows 10)
+title: Maps
description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Maps (Windows Configuration Designer reference)
-Use for settings related to Maps.
+Use for settings related to Maps.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | | |
-| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | | |
-| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [ChinaVariantWin10](#chinavariantwin10) | ✅ | ✅ | | |
+| [UseExternalStorage](#useexternalstorage) | ✅ | ✅ | | |
+| [UseSmallerCache](#usesmallercache) | ✅ | ✅ | | |
## ChinaVariantWin10
@@ -32,7 +23,6 @@ Use **ChinaVariantWin10** to specify that the Windows device is intended to ship
This customization may result in different maps, servers, or other configuration changes on the device.
-
## UseExternalStorage
Use to store map data on an SD card.
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 3e2ac6dce1..6f49b60792 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -1,35 +1,26 @@
---
-title: NetworkProxy (Windows 10)
+title: NetworkProxy
description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# NetworkProxy (Windows Configuration Designer reference)
-Use for settings related to NetworkProxy.
+Use for settings related to NetworkProxy.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
## AutoDetect
-Automatically detect network proxy settings.
+Automatically detect network proxy settings.
-| Value | Description |
-| --- | --- |
+| Value | Description |
+|--|--|
| 0 | Disabled. Don't automatically detect settings. |
| 1 | Enabled. Automatically detect settings. |
@@ -38,16 +29,14 @@ Automatically detect network proxy settings.
Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings don't apply to VPN connections.
| Setting | Description |
-| --- | --- |
+|--|--|
| ProxyAddress | Address to the proxy server. Specify an address in the format `server:port`. |
| ProxyExceptions | Addresses that shouldn't use the proxy server. The system won't use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
-| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
-
+| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
## SetupScriptUrl
-Address to the PAC script you want to use.
-
+Address to the PAC script you want to use.
## Related topics
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index eb78b8e3fe..1eac44b82c 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -1,38 +1,30 @@
---
-title: NetworkQoSPolicy (Windows 10)
+title: NetworkQoSPolicy
description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# NetworkQoSPolicy (Windows Configuration Designer reference)
-Use to create network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions.
+Use to create network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
1. In **Available customizations**, select **NetworkQoSPolicy**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure.
+1. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure.
| Setting | Description |
-| --- | --- |
-| AppPathNameMatchCondition | Enter the name of an application to be sued to match the network traffic, such as application.exe or %ProgramFiles%\application.exe. |
+|--|--|
+| AppPathNameMatchCondition | Enter the name of an application to be sued to match the network traffic, such as application.exe or %ProgramFiles%\application.exe. |
| DestinationPortMatchCondition | Specify a port or a range of ports to be used to match the network traffic. Valid values are [first port number]-[last port number], or [port number]. |
-| DSCPAction | Enter the differentiated services code point (DSCP) value to apply to match with network traffic. Valid values are 0-63. |
-| IPProtocolMatchCondition | Select between **Both TCP and UDP**, **TCP**, and **UDP** to specify the IP protocol used to match the network traffic. |
-| PriorityValue8021Action | Specify the IEEE 802.1p value. Valid values are 0 through 7. |
+| DSCPAction | Enter the differentiated services code point (DSCP) value to apply to match with network traffic. Valid values are 0-61. |
+| IPProtocolMatchCondition | Select between **Both TCP and UDP**, **TCP**, and **UDP** to specify the IP protocol used to match the network traffic. |
+| PriorityValue8021Action | Specify the IEEE 802.1p value. Valid values are 0 through 1. |
| SourcePortMatchCondition | Specify a single port or range of ports. Valid values are [first port number]-[last port number], or [port number]. |
## Related topics
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 61c6c77b95..b5c47a481d 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -1,16 +1,8 @@
---
-title: OOBE (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: OOBE
description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# OOBE (Windows Configuration Designer reference)
@@ -19,10 +11,10 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | |
-| [Desktop > HideOobe](#hideoobe-for-desktop) | ✔️ | | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✅ | | | |
+| [Desktop > HideOobe](#hideoobe-for-desktop) | ✅ | | | |
## EnableCortanaVoice
@@ -30,10 +22,9 @@ Use this setting to control whether Cortana voice-over is enabled during OOBE. T
## HideOobe for desktop
-When set to **True**, it hides the interactive OOBE flow for Windows 10.
+When set to **True**, it hides the interactive OOBE flow for Windows 1.
> [!NOTE]
> You must create a user account if you set the value to true or the device will not be usable.
When set to **False**, the OOBE screens are displayed.
-
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index c6ab55142e..839b03e277 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -1,16 +1,8 @@
---
-title: Personalization (Windows 10)
+title: Personalization
description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Personalization (Windows Configuration Designer reference)
@@ -21,16 +13,16 @@ Use to configure settings to personalize a PC.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | |
-| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | |
-| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | |
-| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | |
+| [DeployDesktopImage](#deploydesktopimage) | ✅ | | | |
+| [DeployLockScreenImage](#deploylockscreenimage) | ✅ | | | |
+| [DesktopImageUrl](#desktopimageurl) | ✅ | | | |
+| [LockScreenImageUrl](#lockscreenimageurl) | ✅ | | | |
## DeployDesktopImage
Deploy a .jpg, .jpeg, or .png image to the device to be used as a desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
-When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different.
+When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different.
## DeployLockScreenImage
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 449ba3ba75..6ef6203e11 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -1,351 +1,328 @@
---
-title: Policies (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: Policies
description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Policies (Windows Configuration Designer reference)
-This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider).
+This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider).
## AboveLock
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | |
-| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | | | |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | |
+| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✅ | | | |
## Accounts
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | | | |
-| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | | ✔️ | |
-| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | | | |
-| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | | | |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✅ | | | |
+| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✅ | | ✅ | |
+| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✅ | | | |
+| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✅ | | | |
## ApplicationDefaults
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✅ | | | |
## ApplicationManagement
-
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ |
-| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ |
-| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting are allowed | ✔️ | | | |
-| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | |
-| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
-| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
-| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | |
-| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ |
-| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ |
-
-
-
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✅ | | | ✅ |
+| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✅ | | | ✅ |
+| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✅ | ✅ | ✅ | ✅ |
+| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) | Whether DVR and broadcasting are allowed | ✅ | | | |
+| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✅ | | | |
+| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
+| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
+| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) | Whether to launch an app or apps when the user signs in. | ✅ | | | |
+| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✅ | | | ✅ |
+| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✅ | | | ✅ |
## Authentication
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ |
-| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✔️ | ✔️ | | ✔️ |
-| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✅ | ✅ | ✅ | ✅ |
+| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✅ | ✅ | | ✅ |
+| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✅ | ✅ | | ✅ |
+| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✅ | ✅ | | ✅ |
## BitLocker
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✅ | | | |
## Bluetooth
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ |
-| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ |
-| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✅ | ✅ | ✅ | ✅ |
+| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✅ | ✅ | ✅ | ✅ |
+| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✅ | ✅ | ✅ | ✅ |
+| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✅ | ✅ | ✅ | ✅ |
+| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✅ | ✅ | ✅ | ✅ |
+| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✅ | ✅ | ✅ | ✅ |
## Browser
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | |
-| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | | | |
-[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | |
-| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | |
-| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | |
-| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | |
-| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | |
-| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | | ✔️ |
-| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | ✔️ | |
-| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | |
-| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | |
-| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
-| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | | ✔️ |
-| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | |
-| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | |
-| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ |
-[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | |
-| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | |
-| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
-| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | |
-| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
-| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | |
-| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | |
-| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | |
-| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | |
-| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | |
-[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
-| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | |
-| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | |
-| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✔️ | | | |
-| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | |
-[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | |
-| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ |
-| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | | ✔️ |
-| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | |
-| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ |
-| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ |
-PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | |
-| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
-| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ |
-[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✔️ | | | |
-| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | |
-| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ |
-| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | |
-| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | |
-| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | |
-| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | |
-| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | |
-[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✅ | | | |
+| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✅ | ✅ | | ✅ |
+| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✅ | | | |
+| [AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✅ | | | |
+| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✅ | ✅ | | ✅ |
+| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✅ | | | |
+| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✅ | ✅ | | ✅ |
+| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✅ | | | |
+| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✅ | | | |
+| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✅ | | | |
+| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✅ | ✅ | | ✅ |
+| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✅ | ✅ | | ✅ |
+| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✅ | ✅ | | ✅ |
+| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✅ | | ✅ | |
+| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✅ | | | |
+| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✅ | | | |
+| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✅ | ✅ | | ✅ |
+| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✅ | ✅ | | ✅ |
+| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✅ | | | |
+| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✅ | ✅ | ✅ | ✅ |
+| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✅ | | | |
+| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✅ | ✅ | | ✅ |
+| [AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✅ | | | |
+| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✅ | | | |
+| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✅ | ✅ | | ✅ |
+| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✅ | | | |
+| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✅ | | | |
+| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✅ | | | |
+| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✅ | | | |
+| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✅ | | | |
+| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✅ | | | |
+| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✅ | | | |
+| [EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✅ | ✅ | | |
+| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✅ | | | |
+| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✅ | | | |
+| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✅ | | | |
+| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✅ | | | |
+| [LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✅ | | | |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✅ | ✅ | | ✅ |
+| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✅ | ✅ | | ✅ |
+| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✅ | | | |
+| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✅ | ✅ | | ✅ |
+| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✅ | ✅ | | ✅ |
+| PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✅ | | | |
+| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✅ | | | |
+| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✅ | ✅ | | ✅ |
+| [ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✅ | | | |
+| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✅ | | | |
+| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✅ | ✅ | | ✅ |
+| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✅ | | | |
+| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✅ | | | |
+| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✅ | | | |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✅ | | | |
+| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✅ | | | |
+| [UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✅ | | | |
## Camera
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | | |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✅ | ✅ | | |
## Connectivity
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | | ✔️ |
-| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | | ✔️ |
-| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | | ✔️ |
-| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✔️ |
-| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✔️ |
-| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ |
-| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | | ✔️ |
-| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | | ✔️ |
-| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | | ✔️ |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✅ | ✅ | ✅ | ✅ |
+| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✅ | ✅ | | ✅ |
+| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✅ | ✅ | | ✅ |
+| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✅ | ✅ | | ✅ |
+| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✅ |
+| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✅ |
+| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. | ✅ | ✅ | | ✅ |
+| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✅ | ✅ | | ✅ |
+| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✅ | ✅ | | ✅ |
+| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✅ | ✅ | | ✅ |
## CredentialProviders
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✔️ | | | |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✅ | | | |
## Cryptography
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | | | |
-| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✅ | | | |
+| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✅ | | | |
## Defender
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | |
-| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | |
-| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | |
-| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | |
-| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | |
-| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | |
-| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✔️ | | | |
-| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | |
-| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | |
-| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | |
-| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | |
-| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | |
-| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | |
-| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✔️ | | | |
-| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | |
-| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | |
-| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | |
-| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
-| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | |
-| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | |
-| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | |
-| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | |
-| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | |
-| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | |
-| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | |
-| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | |
+| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✅ | | | |
+| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✅ | | | |
+| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✅ | | | |
+| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✅ | | | |
+| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✅ | | | |
+| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✅ | | | |
+| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✅ | | | |
+| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✅ | | | |
+| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✅ | | | |
+| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✅ | | | |
+| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✅ | | | |
+| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✅ | | | |
+| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✅ | | | |
+| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✅ | | | |
+| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✅ | | | |
+| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✅ | | | |
+| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✅ | | | |
+| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✅ | | | |
+| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✅ | | | |
+| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✅ | | | |
+| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✅ | | | |
+| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✅ | | | |
+| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✅ | | | |
+| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✅ | | | |
+| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✅ | | | |
+| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✅ | | | |
## DeliveryOptimization
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | |
-| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | |
-| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | |
-| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | |
-| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | |
-| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | |
-| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | |
-| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | |
-| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | |
-| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | |
-| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✔️ | | | |
-| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | |
-| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | |
-| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✔️ | | | |
-| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | |
-| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✔️ | | | |
-| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | |
-| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | |
-| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | |
-| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
+| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✅ | | | |
+| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✅ | | | |
+| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✅ | | | |
+| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✅ | | | |
+| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✅ | | | |
+| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✅ | | | |
+| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✅ | | | |
+| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✅ | | | |
+| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✅ | | | |
+| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✅ | | | |
+| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✅ | | | |
+| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✅ | | | |
+| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✅ | | | |
+| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✅ | | | |
+| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✅ | | | |
+| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✅ | | | |
+| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✅ | | | |
+| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✅ | | | |
+| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✅ | | | |
+| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
## DeviceGuard
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | |
+[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✅ | | | |
## DeviceLock
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
+| --- | --- | :---: | :---: | :---: | :---: |
| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | | | |
| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | | | |
-| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | | ✔️ | |
-|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | | ✔️ | |
-| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | | ✔️ | |
-| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | | ✔️ | |
-| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | | ✔️ | |
-| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | | ✔️ | |
-| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | | ✔️ | |
-| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | | ✔️ | |
-| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | | ✔️ | |
+| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✅ | | ✅ | |
+|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✅ | | ✅ | |
+| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✅ | | ✅ | |
+| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✅ | | ✅ | |
+| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✅ | | ✅ | |
+| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✅ | | ✅ | |
+| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✅ | | ✅ | |
+| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✅ | | ✅ | |
+| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✅ | | ✅ | |
| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | | | |
-
## DeviceManagement
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | |
-
-
+| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✅ | | | |
## Experience
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste are allowed. | | | | |
-| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | |
-| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | |
-| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | |
-| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | | ✔️ | |
+| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✅ | | ✅ | |
+| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✅ | | | |
+| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✅ | | | |
+| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✅ | | ✅ | |
| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | | | |
| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | | | |
-| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | | | |
-| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | |
+| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✅ | | | |
+| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✅ | | | |
| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | | | |
-| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | |
+| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✅ | | | |
| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | | | |
-| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | |
-| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | |
-| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | |
-| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | |
-| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | |
-| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | |
+| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✅ | | | |
+| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✅ | | | |
+| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✅ | | | |
+| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✅ | | | |
+| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✅ | | | |
+| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✅ | | | |
## ExploitGuard
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | | | |
-
+| --- | --- | :---: | :---: | :---: | :---: |
+| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✅ | | | |
## Games
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | |
-
+| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✅ | | | |
## KioskBrowser
-These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
+These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../kiosk/guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
-|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✔️ | | | |
-|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | |
-|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | |
-|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | |
-|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | |
-|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✅ | | | |
+|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✅ | | | |
+|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✅ | | | |
+|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✅ | | | |
+|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✅ | | | |
+|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✅ | | | |
+|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✅ | | | |
To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com).
-4. Save the XML file.
-5. Open the project again in Windows Configuration Designer.
-6. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+1. Insert the null character string in between each URL (e.g https://www.bing.comwww.contoso.com).
+1. Save the XML file.
+1. Open the project again in Windows Configuration Designer.
+1. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
## LocalPoliciesSecurityOptions
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | |
-| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | |
-| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | |
+| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✅ | | | |
+| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✅ | | | |
+| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✅ | | | |
## Location
@@ -356,69 +333,66 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
## Power
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | |
-| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | |
-| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | |
-| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | |
-| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | |
-| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | |
-| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | |
-| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | |
-| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | |
-| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | |
-| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | |
-| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | |
-| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | |
-| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | |
-| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | |
-| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | |
-| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | |
-| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | |
-| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | |
-| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | |
-| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✔️ | | | |
-| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✅ | | | |
+| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✅ | | | |
+| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✅ | | | |
+| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✅ | | | |
+| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✅ | | | |
+| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✅ | | | |
+| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✅ | | | |
+| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✅ | | | |
+| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✅ | | | |
+| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✅ | | | |
+| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✅ | | | |
+| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✅ | | | |
+| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✅ | | | |
+| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✅ | | | |
+| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✅ | | | |
+| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✅ | | | |
+| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✅ | | | |
+| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✅ | | | |
+| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✅ | | | |
+| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✅ | | | |
+| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✅ | | | |
+| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✅ | | | |
## Privacy
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | | | |
-| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | | ✔️ | |
-
+| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✅ | | ✅ | |
## Search
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | |
-[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
-| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | |
-| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | |
-| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | |
-| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
-| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | |
-| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | |
-| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | |
-| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | | | |
-| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | | | |
-| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | | | |
-| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | |
-
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✅ | | | |
+| [AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✅ | | | |
+| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✅ | | | |
+| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✅ | | ✅ | |
+| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✅ | | | |
+| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✅ | | | |
+| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✅ | | | |
+| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✅ | | | |
+| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✅ | | | |
+| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✅ | | | |
+| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✅ | | | |
+| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✅ | | | |
+| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | |
## Security
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | | ✔️ |
+| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✅ | ✅ | | ✅ |
| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | | | |
-| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | | ✔️ |
+| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✅ | ✅ | | ✅ |
| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | | | |
-| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | | ✔️ |
-| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | | | |
+| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✅ | ✅ | ✅ | ✅ |
+| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✅ | ✅ | | ✅ |
+| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✅ | | | |
## Settings
@@ -426,168 +400,163 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | |
| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | |
-| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | |
-| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
-[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | |
+| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✅ | |
+| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✅ | | | |
+[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✅ | | | |
## Start
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | |
-| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | |
-| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | |
-| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | |
-| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | |
-| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | |
-| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | |
-| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | |
-| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
-| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | |
-| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | |
-| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | |
-| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | |
-| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | |
-| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | |
-| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | |
-| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | |
-| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | |
-| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | |
-| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | |
-| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | |
+| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✅ | | | |
+| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✅ | | | |
+| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✅ | | | |
+| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✅ | | | |
+| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✅ | | | |
+| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✅ | | | |
+| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✅ | | | |
+| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✅ | | | |
+| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✅ | | | |
+| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✅ | | | |
+| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✅ | | | |
+| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✅ | | | |
+| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✅ | | | |
+| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✅ | | | |
+| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✅ | | | |
+| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✅ | | | |
+| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✅ | | | |
+| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✅ | | | |
+| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✅ | | | |
+| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✅ | | | |
+| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✅ | | | |
## System
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | | | |
-| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | | ✔️ |
-| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | | | |
-| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | | ✔️ |
-| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | | ✔️ | |
-| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | | | |
-ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | | | |
-ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | | | |
-| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | |
-| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | |
-| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
-
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✅ | | | |
+| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✅ | ✅ | | ✅ |
+| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✅ | | | |
+| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✅ | ✅ | ✅ | ✅ |
+| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✅ | ✅ | | ✅ |
+| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✅ | | ✅ | |
+| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✅ | | | |
+ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✅ | | | |
+ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✅ | | | |
+| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✅ | | | |
+| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✅ | | | |
+| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✅ | | | |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✅ | | | |
## TextInput
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | |
-| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✔️ | | | |
-| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | |
-| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | |
-| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | |
-| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | |
-| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | |
-| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | |
-| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | |
-| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
-| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-
+| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✅ | | | |
+| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✅ | | | |
+| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✅ | | | |
+| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✅ | | | |
+| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✅ | | | |
+| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✅ | | | |
+| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✅ | | | |
+| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✅ | | | |
+| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✅ | | | |
+| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
+| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
+| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
+| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
## TimeLanguageSettings
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
+| --- | --- | :---: | :---: | :---: | :---: |
| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | | | |
-
## Update
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
|---------|-------------|:--------------:|:-----------:|:--------:|:--------:|
-| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
-| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ |
-| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ |
-| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
-| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
-| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
-| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ |
-| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✔️ | ✔️ | | ✔️ |
-| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ |
-| PhoneUpdateRestrictions | Deprecated | | ✔️ | | |
-| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ |
-| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ |
-| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ |
-| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ |
-| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ |
-| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ |
-| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✅ | ✅ | | ✅ |
+| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✅ | ✅ | | ✅ |
+| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✅ | ✅ | | ✅ |
+| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✅ | ✅ | ✅ | ✅ |
+| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✅ | ✅ | | ✅ |
+| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
+| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✅ | ✅ | | ✅ |
+| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✅ | ✅ | ✅ | ✅ |
+| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✅ | ✅ | | ✅ |
+| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✅ | ✅ | | ✅ |
+| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✅ | ✅ | | ✅ |
+| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✅ | ✅ | ✅ | ✅ |
+| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✅ | ✅ | | ✅ |
+| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✅ | ✅ | | ✅ |
+| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✅ | ✅ | ✅ | ✅ |
+| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✅ | ✅ | ✅ | ✅ |
+| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✅ | ✅ | ✅ | ✅ |
+| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✅ | ✅ | | ✅ |
+| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✅ | ✅ | | ✅ |
+| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✅ | ✅ | | ✅ |
+| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✅ | ✅ | | ✅ |
+| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✅ | ✅ | | ✅ |
+| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✅ | ✅ | | ✅ |
+| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✅ | ✅ | | ✅ |
+| ManagePreviewBuilds | Use to enable or disable preview builds. | ✅ | ✅ | ✅ | ✅ |
+| PhoneUpdateRestrictions | Deprecated | | ✅ | | |
+| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✅ | ✅ | | ✅ |
+| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✅ | ✅ | | ✅ |
+| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✅ | ✅ | | ✅ |
+| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✅ | ✅ | | ✅ |
+| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✅ | ✅ | | ✅ |
+| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✅ | ✅ | | ✅ |
+| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✅ | ✅ | | ✅ |
+| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
+| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
## WiFi
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | | | |
-| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | | | |
+| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✅ | | | |
+| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✅ | | | |
| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | | | |
| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | | | |
-| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | | ✔️ |
+| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✅ | ✅ | | ✅ |
## WindowsInkWorkspace
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | |
-| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | |
-
+| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✅ | | | |
+| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✅ | | | |
## WindowsLogon
-
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✅ | | | |
## WirelessDisplay
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | | | |
+| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✅ | | | |
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index 13962db09d..f1cf11e992 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -1,15 +1,8 @@
---
-title: Privacy (Windows 10)
+title: Privacy
description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Privacy (Windows Configuration Designer reference)
@@ -20,7 +13,7 @@ Use **Privacy** to configure settings for app activation with voice.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | ✔️ |
+| All settings | ✅ | ✅ | | ✅ |
## LetAppsActivateWithVoice
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index e79eb9f7f3..f10116f137 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -1,30 +1,19 @@
---
-title: ProvisioningCommands (Windows 10)
+title: ProvisioningCommands
description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
+
---
# ProvisioningCommands (Windows Configuration Designer reference)
-Use ProvisioningCommands settings to install Windows desktop applications using a provisioning package.
+Use ProvisioningCommands settings to install Windows desktop applications using a provisioning package.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).
-
-
-
-
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index 9bff17847b..64e884bf46 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -1,16 +1,8 @@
---
title: SharedPC
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 10/16/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# SharedPC (Windows Configuration Designer reference)
@@ -20,8 +12,8 @@ Use SharedPC settings to optimize Windows devices for shared use scenarios, such
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
## AccountManagement
@@ -46,7 +38,6 @@ Set as **True** to enable **Shared PC Mode**. This setting controls this API: [I
Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
-
## PolicyCustomization
Use these settings to configure additional Shared PC policies.
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 1e5fe77243..a1b396a24b 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -1,16 +1,8 @@
---
-title: SMISettings (Windows 10)
+title: SMISettings
description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
ms.date: 03/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
---
# SMISettings (Windows Configuration Designer reference)
@@ -20,8 +12,8 @@ Use SMISettings settings to customize the device with custom shell, suppress Win
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
## All settings in SMISettings
@@ -59,7 +51,7 @@ The default value is **17**, which disables all Welcome screen UI elements and t
| 8 | Disables the Ease of access button |
| 16 | Disables the Switch user button |
| 32 | Disables the blocked shutdown resolver (BSDR) screen. Restarting or shutting down the system causes the OS to immediately force close any applications that are blocking the system shutdown. No UI is displayed, and users aren't given a chance to cancel the shutdown process. This value can result in a loss of data if any open applications have unsaved data. |
-
+
## CrashDumpEnabled values
If the system stops unexpectedly, choose the type of information to capture in a dump (.dmp) file.
@@ -73,10 +65,10 @@ Set CrashDumpEnabled to one of the following values:
| 1 | Records all the contents of system memory. This dump file may contain data from processes that were running when the information was collected. |
| 2 | Records only the kernel memory. This dump file includes only memory that's allocated to the kernel, kernel-mode drivers, and other kernel-mode programs. It doesn't include unallocated memory, or any memory that's allocated to user-mode programs. For most purposes, this kind of dump file is the most useful because it's smaller than the complete memory dump file. It also includes information that's most likely involved in the issue. If a second problem occurs, the dump file is overwritten with new information. |
| 3 | Records the smallest amount of useful information that may help identify why the device stopped unexpectedly. This type of dump file includes the following information:- A list of loaded drivers- The processor context (PRCB) for the processor that stopped- The process information and kernel context (EPROCESS) for the process that stopped- The process information and kernel context (ETHREAD) for the thread that stopped- The kernel-mode call stack for the thread that stoppedThis dump file can be useful when space is limited. Because of the limited information, errors that aren't directly caused by the running thread at the time of the problem may not be discovered by analyzing this file. The date is encoded in the file name. If a second problem occurs, the previous file is preserved and the new file is given a distinct name. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder. |
-| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 3. |
-| 7 | Records only the kernel memory. This value produces the same results as entering a value of 2. This is the default value. |
+| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 1. |
+| 7 | Records only the kernel memory. This value produces the same results as entering a value of 1. This is the default value. |
| Any other value | Disables crash dump and doesn't record anything. |
-
+
## KeyboardFilter settings
Use these settings to suppress undesirable key presses or key combinations. KeyboardFilter works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard.
@@ -98,7 +90,7 @@ When you **enable** KeyboardFilter, many other settings become available for con
Use ShellLauncher to specify the application or executable to use as the default custom shell. One use of ShellLauncher is to [create a kiosk (fixed-purpose) device running a Windows desktop application](/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions#shell-launcher-for-classic-windows-applications).
>[!WARNING]
->Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
+>Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
You can also configure ShellLauncher to launch different shell applications for different users or user groups.
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index b8d84f5b0c..aab20c09ae 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -1,16 +1,8 @@
---
-title: Start (Windows 10)
+title: Start
description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Start (Windows Configuration Designer reference)
@@ -19,9 +11,9 @@ Use Start settings to apply a customized Start screen to devices.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| StartLayout | ✔️ | | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| StartLayout | ✅ | | | |
>[!IMPORTANT]
>The StartLayout setting is available in the advanced provisioning for Windows 10, but shouldn't be used. For Windows client, use [Policies > StartLayout](wcd-policies.md#start).
@@ -29,4 +21,3 @@ Use Start settings to apply a customized Start screen to devices.
## StartLayout
Use StartLayout to select the `LayoutModification.xml` file that applies a customized Start screen.
-
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 55c8fcc8f3..7f4c1c4709 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -1,16 +1,8 @@
---
-title: StartupApp (Windows 10)
+title: StartupApp
description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# StartupApp (Windows Configuration Designer reference)
@@ -20,7 +12,7 @@ Use StartupApp settings to configure the default app that will run on start for
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| Default | | | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| Default | | | | ✅ |
Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app.
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 6838b63730..95022798c2 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -1,16 +1,8 @@
---
-title: StartupBackgroundTasks (Windows 10)
+title: StartupBackgroundTasks
description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# StartupBackgroundTasks (Windows Configuration Designer reference)
@@ -21,5 +13,4 @@ Documentation not available at this time.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | | | | ✔️ |
-
+| All settings | | | | ✅ |
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 397c14a4f5..7daa17c986 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -1,15 +1,8 @@
---
-title: StorageD3InModernStandby (Windows 10)
+title: StorageD3InModernStandby
description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# StorageD3InModernStandby (Windows Configuration Designer reference)
@@ -24,5 +17,5 @@ Use **StorageD3InModernStandby** to enable or disable low-power state (D3) durin
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | ✅ | | ✅ |
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index cd0bdc4208..7a8db5a247 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -1,16 +1,8 @@
---
-title: SurfaceHubManagement (Windows 10)
+title: SurfaceHubManagement
description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# SurfaceHubManagement (Windows Configuration Designer reference)
@@ -20,14 +12,11 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
>[!IMPORTANT]
>These settings should be used only in provisioning packages that are applied during OOBE.
-
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
-
+| --- | :---: | :---: | :---: | :---: |
+| All settings | | ✅ | | |
## GroupName
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 9934c78fd0..04aeb1232a 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -1,16 +1,8 @@
---
-title: TabletMode (Windows 10)
+title: TabletMode
description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# TabletMode (Windows Configuration Designer reference)
@@ -21,11 +13,11 @@ Use TabletMode to configure settings related to tablet mode.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | |
+| All settings | ✅ | ✅ | | |
## ConvertibleSlateModePromptPreference
-Set the default for hardware-based prompts.
+Set the default for hardware-based prompts.
## SignInMode
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index d5071fb0e0..79a7405207 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -1,16 +1,8 @@
---
-title: TakeATest (Windows 10)
+title: TakeATest
description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# TakeATest (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| All settings | ✅ | | | |
## AllowScreenMonitoring
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 1bb981193e..39bb291ce0 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -1,26 +1,19 @@
---
-title: Time (Windows 10)
+title: Time
description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Time
-Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
+Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | |
+| [ProvisionSetTimeZone](#provisionsettimezone) | ✅ | | | |
## ProvisionSetTimeZone
@@ -33,6 +26,3 @@ Set to **False** for time zone assignment to occur when the first user signs in.
>[!NOTE]
>Do not set **Time > ProvisionSetTimeZone** to **False** and also set a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone**.
-
-
-
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 2c03844e3f..a7aea5e4ed 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -1,21 +1,12 @@
---
-title: UnifiedWriteFilter (Windows 10)
+title: UnifiedWriteFilter
description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UnifiedWriteFilter (reference)
-
Use UnifiedWriteFilter to configure settings for the Unified Write Filter (UWF). It helps protect your physical storage media, including most standard writable storage types that are supported by the OS, such as:
- Physical hard disks
@@ -34,16 +25,15 @@ UWF intercepts all write attempts to a protected volume and redirects these writ
The overlay doesn't mirror the entire volume. It dynamically grows to keep track of redirected writes. Generally, the overlay is stored in system memory. You can cache a portion of the overlay on a physical volume.
>[!NOTE]
->UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
+>UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
[Learn more about the Unified Write Filter feature.](/windows-hardware/customize/enterprise/unified-write-filter)
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | ✔️ |
+| All settings | ✅ | | | ✅ |
## FilterEnabled
@@ -51,7 +41,7 @@ Set to **True** to enable UWF.
## OverlayFlags
-OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
+OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
- Value `0` (default value when [OverlayType](#overlaytype) isn't **Disk**): writes are redirected to the overlay file
- Value `1`(default value when [OverlayType](#overlaytype) is **Disk**): writes to unused space on the volume are allowed to pass through without being redirected to the overlay file.
@@ -65,7 +55,7 @@ Enter the maximum overlay size, in megabytes (MB), for the UWF overlay. The mini
## OverlayType
-OverlayType specifies where the overlay is stored. Select between **RAM** (default) and **Disk** (pre-allocated file on the system volume).
+OverlayType specifies where the overlay is stored. Select between **RAM** (default) and **Disk** (pre-allocated file on the system volume).
## RegistryExclusions
@@ -81,7 +71,7 @@ Set to **True** to reset UWF settings to the original state that was captured at
## Volumes
-Enter a drive letter for a volume to be protected by UWF.
+Enter a drive letter for a volume to be protected by UWF.
>[!NOTE]
>In the current OS release, Windows Configuration Designer contains a validation bug. To work around this issue, you must include a ":" after the drive letter when specifying the value for the setting. For example, if you are specifying the C drive, you must set DriveLetter to "C:" instead of just "C".
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 2e3a68fe9f..2afe56cfb4 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -1,35 +1,26 @@
---
-title: UniversalAppInstall (Windows 10)
+title: UniversalAppInstall
description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UniversalAppInstall (reference)
-
-Use UniversalAppInstall settings to install Windows apps from the Microsoft Store or a hosted location.
+Use UniversalAppInstall settings to install Windows apps from the Microsoft Store or a hosted location.
>[!NOTE]
>You can only use the Windows provisioning settings and provisioning packages for apps where you have the available installation files, namely with sideloaded apps that have an offline license. [Learn more about offline app distribution.](/microsoft-store/distribute-offline-apps)
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [DeviceContextApp](#devicecontextapp) | ✔️ | ✔️ | | |
-| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | ✔️ | | |
-| [StoreInstall](#storeinstall) | ✔️ | ✔️ | | ✔️ |
-| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | | ✔️ |
-| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | | ✔️ |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [DeviceContextApp](#devicecontextapp) | ✅ | ✅ | | |
+| [DeviceContextAppLicense](#devicecontextapplicense) | ✅ | ✅ | | |
+| [StoreInstall](#storeinstall) | ✅ | ✅ | | ✅ |
+| [UserContextApp](#usercontextapp) | ✅ | ✅ | | ✅ |
+| [UserContextAppLicense](#usercontextapplicense) | ✅ | ✅ | | ✅ |
## DeviceContextApp
@@ -41,56 +32,52 @@ Enter an app package family name to install an app for all device users. You can
For each app that you add to the package, configure the settings in the following table.
| Setting | Value | Description |
-| --- | --- | --- |
-| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
-| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
-| DeploymentOptions | - None-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. - Development mode: Don't use. - Install all resources: When you set this option, the app is instructed to skip resource applicability checks.- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
-| LaunchAppAtLogin | - Don't launch app- Launch app | Set the value for app behavior when a user signs in. |
-| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
+|--|--|--|
+| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
+| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
+| DeploymentOptions | - None-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. - Development mode: Don't use. - Install all resources: When you set this option, the app is instructed to skip resource applicability checks.- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
+| LaunchAppAtLogin | - Don't launch app- Launch app | Set the value for app behavior when a user signs in. |
+| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
For more information on deployment options, see [DeploymentOptions Enum](/uwp/api/windows.management.deployment.deploymentoptions).
## DeviceContextAppLicense
-Use to specify the license file for the provisioned app.
+Use to specify the license file for the provisioned app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
-
-2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
-
+1. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
## StoreInstall
Use to install an app from the Microsoft Store for Business.
1. Enter a package family name, and then select **Add**.
-2. Configure the following required settings for the app package.
+1. Configure the following required settings for the app package.
-Setting | Description
---- | ---
-Flags | Description not available at this time.
-ProductID | Enter the product ID. [Learn how to find the product ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
-SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
+| Setting | Description |
+|--|--|
+| Flags | Description not available at this time. |
+| ProductID | Enter the product ID. [Learn how to find the product ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services) |
+| SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services) |
## UserContextApp
Use to add a new user context app.
1. Specify a **PackageFamilyName** for the app, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
-
-Setting | Value | Description
---- | --- | ---
-ApplicationFile | App file | Browse to, select, and add the application file,
-DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files.
-DeploymentOptions | - None- Force application shutdown- Development mode- Install all resources- Force target application shutdown | Select a deployment option.
-LaunchAppAtLogin | - Don't launch app- Launch app | Select whether the app should be started when a user signs in.
+1. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
+| Setting | Value | Description |
+|--|--|--|
+| ApplicationFile | App file | Browse to, select, and add the application file, |
+| DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files. |
+| DeploymentOptions | - None- Force application shutdown- Development mode- Install all resources- Force target application shutdown | Select a deployment option. |
+| LaunchAppAtLogin | - Don't launch app- Launch app | Select whether the app should be started when a user signs in. |
## UserContextAppLicense
-Use to specify the license file for the user context app.
+Use to specify the license file for the user context app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
-
-2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
+1. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 5889dc2d7e..1d4aec5200 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -1,43 +1,33 @@
---
-title: UniversalAppUninstall (Windows 10)
+title: UniversalAppUninstall
description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UniversalAppUninstall (reference)
-
Use UniversalAppUninstall settings to uninstall or remove Windows apps.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | |
-| [Uninstall](#uninstall) | ✔️ | ✔️ | | ✔️ |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [RemoveProvisionedApp](#removeprovisionedapp) | ✅ | | | |
+| [Uninstall](#uninstall) | ✅ | ✅ | | ✅ |
## RemoveProvisionedApp
-Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
+Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
Use **RemoveProvisionedApp** to remove app packages that are available on the device. Any instances of the app that have already been installed by a user aren't uninstalled. To uninstall provisioned apps that have been installed by a user, use the [Uninstall](#uninstall) setting.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
+1. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
## Uninstall
Use **Uninstall** to remove provisioned apps that have been installed by a user.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.
+1. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 9869da77b4..ac5ff4d4ee 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -1,29 +1,19 @@
---
-title: UsbErrorsOEMOverride (Windows 10)
+title: UsbErrorsOEMOverride
description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UsbErrorsOEMOverride (reference)
-
-Allows an OEM to hide the USB option UI in Settings and all USB device errors.
-
+Allows an OEM to hide the USB option UI in Settings and all USB device errors.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✅ | ✅ | ✅ | |
## HideUsbErrorNotifyOptionUI
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 211d170ce0..b9f60ef6bb 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -1,35 +1,24 @@
---
-title: WeakCharger (Windows 10)
+title: WeakCharger
description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WeakCharger (reference)
-
Use WeakCharger settings to configure the charger notification UI.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | | |
-| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✅ | ✅ | | |
+| [NotifyOnWeakCharger](#notifyonweakcharger) | ✅ | ✅ | | |
## HideWeakChargerNotifyOptionUI
-This setting determines whether the user sees the dialog that's displayed when the user connects the device to an incompatible charging source. By default, the OS shows the weak charger notification option UI.
+This setting determines whether the user sees the dialog that's displayed when the user connects the device to an incompatible charging source. By default, the OS shows the weak charger notification option UI.
Select between **Show Weak Charger Notifications UI** and **Hide Weak Charger Notifications UI**.
@@ -40,10 +29,9 @@ This setting shows a warning when the user connects the device to an incompatibl
An incompatible charging source is one that doesn't behave like one of the following port types:
- Charging downstream port
-- Standard downstream port
+- Standard downstream port
- Dedicated charging port
The port types are defined by the USB Battery Charging Specification, Revision 1.2, available at `USB.org`.
Select between **Disable Weak Charger Notifications UI** and **Enable Weak Charger Notifications UI**.
-
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index f69695122b..d4daca497d 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -1,28 +1,19 @@
---
-title: WindowsHelloForBusiness (Windows 10)
+title: WindowsHelloForBusiness
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WindowsHelloForBusiness (Windows Configuration Designer reference)
-
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to a Windows device configured for [Shared PC mode](wcd-sharedpc.md).
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [SecurityKeys](#securitykeys) | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| [SecurityKeys](#securitykeys) | ✅ | | | |
## SecurityKeys
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index f2ae2c2447..2615a85f97 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -1,36 +1,26 @@
---
-title: WindowsTeamSettings (Windows 10)
+title: WindowsTeamSettings
description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WindowsTeamSettings (reference)
-
Use WindowsTeamSettings settings to configure Surface Hub.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
## Connect
| Setting | Value | Description |
| --- | --- | --- |
| AutoLaunch | True or false | Open the Connect app automatically when someone projects. |
-| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
+| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 251. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
| Enabled | True or false | Enables wireless projection to the device. |
| PINRequired | True or false | Requires presenters to enter a PIN to connect wirelessly to the device. |
@@ -55,8 +45,6 @@ A device account is a Microsoft Exchange account that's connected with Skype for
Use these settings to configure 802.1x wired authentication. For details, see [Enable 802.1x wired authentication](/surface-hub/enable-8021x-wired-authentication).
-
-
## FriendlyName
Enter the name that users will see when they want to project wirelessly to the device.
@@ -72,7 +60,7 @@ Maintenance hours are the period of time when automatic maintenance tasks are ru
## OMSAgent
-Configures the Operations Management Suite workspace.
+Configures the Operations Management Suite workspace.
| Setting | Value | Description |
| --- | --- | --- |
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 6a2da109c1..6cfa3adaa3 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -1,27 +1,16 @@
---
-title: WLAN (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: WLAN
description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WLAN (reference)
-
Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connectivityprofiles.md#wlan)
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
| All settings | | | | |
-
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index 8e21def9dd..8f7a6dcdac 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -1,28 +1,19 @@
---
-title: Workplace (Windows 10)
+title: Workplace
description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Workplace (reference)
-
Use Workplace settings to configure bulk user enrollment to a mobile device management (MDM) service. For more information, see [Bulk enrollment step-by-step](/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool).
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Enrollments](#enrollments) | ✔️ | ✔️ | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| [Enrollments](#enrollments) | ✅ | ✅ | | ✅ |
## Enrollments
@@ -36,6 +27,3 @@ Select **Enrollments**, enter a UPN, and then select **Add** to configure the se
| PolicyServiceFullUrl | URL | The full URL for the policy service |
| Secret | - Password string for on-premises authentication enrollment- Federated security token for federated enrollment- Certificate thumb print for certificate-based enrollment | Enter the appropriate value for the selected AuthPolicy. |
-## Related articles
-
-- [Provisioning configuration service provider (CSP)](/windows/client-management/mdm/provisioning-csp)
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 3fe32ffa9b..3cbabeba2c 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -1,76 +1,67 @@
---
-title: Windows Configuration Designer provisioning settings (Windows 10)
+title: Windows Configuration Designer provisioning settings
description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Windows Configuration Designer provisioning settings (reference)
-This section describes the settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer.
+This section describes the settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer.
## Edition that each group of settings applies to
| Setting group | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [AccountManagement](wcd-accountmanagement.md) | | | ✔️ | |
-| [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ADMXIngestion](wcd-admxingestion.md) | ✔️ | | | |
-| [AssignedAccess](wcd-assignedaccess.md) | ✔️ | | ✔️ | |
-| [Browser](wcd-browser.md) | ✔️ | ✔️ | | |
-| [CellCore](wcd-cellcore.md) | ✔️ | | | |
-| [Cellular](wcd-cellular.md) | ✔️ | | | |
-| [Certificates](wcd-certificates.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [CleanPC](wcd-cleanpc.md) | ✔️ | | | |
-| [Connections](wcd-connections.md) | ✔️ | ✔️ | | |
-| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✔️ | ✔️ | ✔️ | |
-| [CountryAndRegion](wcd-countryandregion.md) | ✔️ | ✔️ | | |
-| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✔️ | | | |
-| [DeveloperSetup](wcd-developersetup.md) | | | ✔️ | |
-| [DeviceFormFactor](wcd-deviceformfactor.md) | ✔️ | ✔️ | | |
-| [DeviceManagement](wcd-devicemanagement.md) | ✔️ | ✔️ | ✔️ | |
-| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✔️ | | | |
-| [DMClient](wcd-dmclient.md) | ✔️ | ✔️ | | ✔️ |
-| [EditionUpgrade](wcd-editionupgrade.md) | ✔️ | | ✔️ | |
+| --- | :---: | :---: | :---: | :---: |
+| [AccountManagement](wcd-accountmanagement.md) | | | ✅ | |
+| [Accounts](wcd-accounts.md) | ✅ | ✅ | ✅ | ✅ |
+| [ADMXIngestion](wcd-admxingestion.md) | ✅ | | | |
+| [AssignedAccess](wcd-assignedaccess.md) | ✅ | | ✅ | |
+| [Browser](wcd-browser.md) | ✅ | ✅ | | |
+| [CellCore](wcd-cellcore.md) | ✅ | | | |
+| [Cellular](wcd-cellular.md) | ✅ | | | |
+| [Certificates](wcd-certificates.md) | ✅ | ✅ | ✅ | ✅ |
+| [CleanPC](wcd-cleanpc.md) | ✅ | | | |
+| [Connections](wcd-connections.md) | ✅ | ✅ | | |
+| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✅ | ✅ | ✅ | |
+| [CountryAndRegion](wcd-countryandregion.md) | ✅ | ✅ | | |
+| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✅ | | | |
+| [DeveloperSetup](wcd-developersetup.md) | | | ✅ | |
+| [DeviceFormFactor](wcd-deviceformfactor.md) | ✅ | ✅ | | |
+| [DeviceManagement](wcd-devicemanagement.md) | ✅ | ✅ | ✅ | |
+| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✅ | | | |
+| [DMClient](wcd-dmclient.md) | ✅ | ✅ | | ✅ |
+| [EditionUpgrade](wcd-editionupgrade.md) | ✅ | | ✅ | |
| [EmbeddedLockdownProfiles](https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5) | | | | |
-| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✔️ |
-| [FirstExperience](wcd-firstexperience.md) | | | ✔️ | |
-| [Folders](wcd-folders.md) |✔️ | ✔️ | | |
-| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✔️ |
-| [Licensing](wcd-licensing.md) | ✔️ | | | |
-| [Location](wcd-location.md) | | | | ✔️ |
-| [Maps](wcd-maps.md) |✔️ | ✔️ | | |
-| [NetworkProxy](wcd-networkproxy.md) | | ✔️ | | |
-| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✔️ | | |
-| [OOBE](wcd-oobe.md) | ✔️ | | | |
-| [Personalization](wcd-personalization.md) | ✔️ | | | |
-| [Policies](wcd-policies.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [Privacy](wcd-folders.md) |✔️ | ✔️ | | ✔️ |
-| [ProvisioningCommands](wcd-provisioningcommands.md) | ✔️ | | | |
-| [SharedPC](wcd-sharedpc.md) | ✔️ | | | |
-| [SMISettings](wcd-smisettings.md) | ✔️ | | | |
-| [Start](wcd-start.md) | ✔️ | | | |
-| [StartupApp](wcd-startupapp.md) | | | | ✔️ |
-| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✔️ |
-| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✔️ | ✔️ | | ✔️ |
-| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✔️ | | |
-| [TabletMode](wcd-tabletmode.md) |✔️ | ✔️ | | |
-| [TakeATest](wcd-takeatest.md) | ✔️ | | | |
-| [Time](wcd-time.md) | ✔️ | | | |
-| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✔️ | | | ✔️ |
-| [UniversalAppInstall](wcd-universalappinstall.md) | ✔️ | ✔️ | | ✔️ |
-| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✔️ | ✔️ | | ✔️ |
-| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✔️ | ✔️ | | |
-| [WeakCharger](wcd-weakcharger.md) |✔️ | ✔️ | | |
-| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✔️ | | | |
-| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✔️ | | |
-| [Workplace](wcd-workplace.md) |✔️ | ✔️ | | ✔️ |
-
+| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✅ |
+| [FirstExperience](wcd-firstexperience.md) | | | ✅ | |
+| [Folders](wcd-folders.md) |✅ | ✅ | | |
+| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✅ |
+| [Licensing](wcd-licensing.md) | ✅ | | | |
+| [Location](wcd-location.md) | | | | ✅ |
+| [Maps](wcd-maps.md) |✅ | ✅ | | |
+| [NetworkProxy](wcd-networkproxy.md) | | ✅ | | |
+| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✅ | | |
+| [OOBE](wcd-oobe.md) | ✅ | | | |
+| [Personalization](wcd-personalization.md) | ✅ | | | |
+| [Policies](wcd-policies.md) | ✅ | ✅ | ✅ | ✅ |
+| [Privacy](wcd-folders.md) |✅ | ✅ | | ✅ |
+| [ProvisioningCommands](wcd-provisioningcommands.md) | ✅ | | | |
+| [SharedPC](wcd-sharedpc.md) | ✅ | | | |
+| [SMISettings](wcd-smisettings.md) | ✅ | | | |
+| [Start](wcd-start.md) | ✅ | | | |
+| [StartupApp](wcd-startupapp.md) | | | | ✅ |
+| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✅ |
+| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✅ | ✅ | | ✅ |
+| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✅ | | |
+| [TabletMode](wcd-tabletmode.md) |✅ | ✅ | | |
+| [TakeATest](wcd-takeatest.md) | ✅ | | | |
+| [Time](wcd-time.md) | ✅ | | | |
+| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✅ | | | ✅ |
+| [UniversalAppInstall](wcd-universalappinstall.md) | ✅ | ✅ | | ✅ |
+| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✅ | ✅ | | ✅ |
+| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✅ | ✅ | | |
+| [WeakCharger](wcd-weakcharger.md) |✅ | ✅ | | |
+| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✅ | | | |
+| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✅ | | |
+| [Workplace](wcd-workplace.md) |✅ | ✅ | | ✅ |
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 06776b853a..47091d44c1 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -1,16 +1,14 @@
- name: Deploy and update Windows client
href: index.yml
- items:
+ items:
- name: Get started
- items:
- - name: What's new
- href: deploy-whats-new.md
+ items:
- name: Windows client deployment scenarios
- href: windows-10-deployment-scenarios.md
+ href: windows-deployment-scenarios.md
- name: Quick guide to Windows as a service
- href: update/waas-quick-start.md
+ href: update/waas-quick-start.md
- name: Windows as a service overview
- href: update/waas-overview.md
+ href: update/waas-overview.md
- name: Update release cycle
href: update/release-cycle.md
- name: Basics of Windows updates, channels, and tools
@@ -18,7 +16,7 @@
- name: Prepare servicing strategy for Windows client updates
href: update/waas-servicing-strategy-windows-10-updates.md
- name: Deployment proof of concept
- items:
+ items:
- name: Deploy Windows 10 with MDT and Configuration Manager
items:
- name: 'Step by step guide: Configure a test lab to deploy Windows 10'
@@ -26,9 +24,9 @@
- name: Deploy Windows 10 in a test lab using MDT
href: windows-10-poc-mdt.md
- name: Deploy Windows 10 in a test lab using Configuration Manager
- href: windows-10-poc-sc-config-mgr.md
+ href: windows-10-poc-sc-config-mgr.md
- name: Deployment process posters
- href: windows-10-deployment-posters.md
+ href: windows-10-deployment-posters.md
- name: Plan
items:
@@ -41,7 +39,7 @@
- name: Evaluate infrastructure and tools
href: update/eval-infra-tools.md
- name: Determine application readiness
- href: update/plan-determine-app-readiness.md
+ href: update/plan-determine-app-readiness.md
- name: Define your servicing strategy
href: update/plan-define-strategy.md
- name: Delivery Optimization for Windows client updates
@@ -64,11 +62,11 @@
- name: Deprecated features
href: /windows/whats-new/deprecated-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Resources for deprecated features
- href: /windows/whats-new/deprecated-features-resources?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+ href: /windows/whats-new/deprecated-features-resources?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Removed features
- href: /windows/whats-new/removed-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+ href: /windows/whats-new/removed-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Prepare
- items:
+ items:
- name: Prepare for Windows 11
href: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Prepare to deploy Windows client updates
@@ -97,7 +95,7 @@
href: update/waas-manage-updates-wsus.md
- name: Deploy
- items:
+ items:
- name: Deploy Windows client
items:
- name: Deploy Windows client with Autopilot
@@ -139,11 +137,11 @@
- name: Safeguard holds
href: update/safeguard-holds.md
- name: Manage the Windows client update experience
- items:
+ items:
- name: Manage device restarts after updates
href: update/waas-restart.md
- name: Manage additional Windows Update settings
- href: update/waas-wu-settings.md
+ href: update/waas-wu-settings.md
- name: Use Windows Update for Business
items:
- name: What is Windows Update for Business?
@@ -151,7 +149,7 @@
- name: Configure Windows Update for Business
href: update/waas-configure-wufb.md
- name: Use Windows Update for Business and WSUS
- href: update/wufb-wsus.md
+ href: update/wufb-wsus.md
- name: Enforcing compliance deadlines for updates
href: update/wufb-compliancedeadlines.md
- name: Integrate Windows Update for Business with management solutions
@@ -165,7 +163,7 @@
- name: Prerequisites for Windows Update for Business deployment service
href: update/deployment-service-prerequisites.md
- name: Deploy updates with the deployment service
- items:
+ items:
- name: Deploy feature updates using Graph Explorer
href: update/deployment-service-feature-updates.md
- name: Deploy expedited updates using Graph Explorer
@@ -177,28 +175,28 @@
- name: Activate
items:
- name: Windows subscription activation
- href: windows-10-subscription-activation.md
+ href: windows-subscription-activation.md
- name: Windows Enterprise E3 in CSP
- href: windows-10-enterprise-e3-overview.md
+ href: windows-enterprise-e3-overview.md
- name: Configure VDA for subscription activation
href: vda-subscription-activation.md
- name: Deploy Windows Enterprise licenses
href: deploy-enterprise-licenses.md
- - name: Volume Activation
+ - name: Volume Activation
items:
- name: Overview
href: volume-activation/volume-activation-windows-10.md
- - name: Plan for volume activation
+ - name: Plan for volume activation
href: volume-activation/plan-for-volume-activation-client.md
- - name: Activate using Key Management Service
+ - name: Activate using Key Management Service
href: volume-activation/activate-using-key-management-service-vamt.md
- - name: Activate using Active Directory-based activation
+ - name: Activate using Active Directory-based activation
href: volume-activation/activate-using-active-directory-based-activation-client.md
- name: Activate clients running Windows 10
href: volume-activation/activate-windows-10-clients-vamt.md
- - name: Monitor activation
+ - name: Monitor activation
href: volume-activation/monitor-activation-client.md
- - name: Use the Volume Activation Management Tool
+ - name: Use the Volume Activation Management Tool
href: volume-activation/use-the-volume-activation-management-tool-client.md
href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
- name: Volume Activation Management Tool (VAMT)
@@ -282,19 +280,19 @@
- name: Windows Update for Business reports
items:
- name: Windows Update for Business reports overview
- href: update/wufb-reports-overview.md
+ href: update/wufb-reports-overview.md
- name: Enable Windows Update for Business reports
- items:
+ items:
- name: Windows Update for Business reports prerequisites
href: update/wufb-reports-prerequisites.md
- name: Enable Windows Update for Business reports
- href: update/wufb-reports-enable.md
+ href: update/wufb-reports-enable.md
- name: Configure clients with a script
href: update/wufb-reports-configuration-script.md
- name: Configure clients manually
href: update/wufb-reports-configuration-manual.md
- name: Configure clients with Microsoft Intune
- href: update/wufb-reports-configuration-intune.md
+ href: update/wufb-reports-configuration-intune.md
- name: Use Windows Update for Business reports
items:
- name: Windows Update for Business reports workbook
@@ -302,13 +300,13 @@
- name: Delivery Optimization data in reports
href: update/wufb-reports-do.md
- name: Software updates in the Microsoft 365 admin center
- href: update/wufb-reports-admin-center.md
+ href: update/wufb-reports-admin-center.md
- name: Use Windows Update for Business reports data
href: update/wufb-reports-use.md
- name: FAQ for Windows Update for Business reports
- href: update/wufb-reports-faq.yml
- - name: Feedback and support
- href: update/wufb-reports-help.md
+ href: update/wufb-reports-faq.yml
+ - name: Feedback and support
+ href: update/wufb-reports-help.md
- name: Windows Update for Business reports schema reference
items:
- name: Windows Update for Business reports schema reference
@@ -316,27 +314,27 @@
- name: UCClient
href: update/wufb-reports-schema-ucclient.md
- name: UCClientReadinessStatus
- href: update/wufb-reports-schema-ucclientreadinessstatus.md
+ href: update/wufb-reports-schema-ucclientreadinessstatus.md
- name: UCClientUpdateStatus
href: update/wufb-reports-schema-ucclientupdatestatus.md
- name: UCDeviceAlert
href: update/wufb-reports-schema-ucdevicealert.md
- name: UCDOAggregatedStatus
- href: update/wufb-reports-schema-ucdoaggregatedstatus.md
+ href: update/wufb-reports-schema-ucdoaggregatedstatus.md
- name: UCDOStatus
- href: update/wufb-reports-schema-ucdostatus.md
+ href: update/wufb-reports-schema-ucdostatus.md
- name: UCServiceUpdateStatus
href: update/wufb-reports-schema-ucserviceupdatestatus.md
- name: UCUpdateAlert
href: update/wufb-reports-schema-ucupdatealert.md
- name: Enumerated types
- href: update/wufb-reports-schema-enumerated-types.md
+ href: update/wufb-reports-schema-enumerated-types.md
- name: Troubleshooting
items:
- name: Resolve upgrade errors
items:
- - name: Resolve Windows client upgrade errors
- href: upgrade/resolve-windows-10-upgrade-errors.md
+ - name: Resolve Windows upgrade errors
+ href: upgrade/resolve-windows-upgrade-errors.md
- name: Quick fixes
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: SetupDiag
@@ -362,7 +360,7 @@
- name: Determine the source of Windows Updates
href: ./update/how-windows-update-works.md
- name: Windows Update security
- href: ./update/windows-update-security.md
+ href: ./update/windows-update-security.md
- name: Common Windows Update errors
href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows Update error code reference
@@ -385,9 +383,11 @@
- name: Servicing stack updates
href: update/servicing-stack-updates.md
- name: Update CSP policies
- href: /windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+ href: /windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Additional Windows Update settings
href: update/waas-wu-settings.md
+ - name: Update other Microsoft products
+ href: update/update-other-microsoft-products.md
- name: Delivery Optimization reference
href: do/waas-delivery-optimization-reference.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows client in S mode
@@ -406,22 +406,6 @@
href: configure-a-pxe-server-to-load-windows-pe.md
- name: Windows ADK for Windows 10 scenarios for IT Pros
href: windows-adk-scenarios-for-it-pros.md
- - name: Windows To Go
- items:
- - name: Deploy Windows To Go in your organization
- href: deploy-windows-to-go.md
- - name: "Windows To Go: feature overview"
- href: planning/windows-to-go-overview.md
- - name: Best practice recommendations for Windows To Go
- href: planning/best-practice-recommendations-for-windows-to-go.md
- - name: Deployment considerations for Windows To Go
- href: planning/deployment-considerations-for-windows-to-go.md
- - name: Prepare your organization for Windows To Go
- href: planning/prepare-your-organization-for-windows-to-go.md
- - name: Security and data protection considerations for Windows To Go
- href: planning/security-and-data-protection-considerations-for-windows-to-go.md
- - name: "Windows To Go: frequently asked questions"
- href: planning/windows-to-go-frequently-asked-questions.yml
- name: User State Migration Tool (USMT) technical reference
items:
- name: USMT overview articles
@@ -450,7 +434,7 @@
href: usmt/usmt-reroute-files-and-settings.md
- name: Verify the Condition of a Compressed Migration Store
href: usmt/verify-the-condition-of-a-compressed-migration-store.md
-
+
- name: USMT Reference
items:
- name: USMT Requirements
@@ -592,4 +576,4 @@
- name: Install fonts in Windows client
href: windows-10-missing-fonts.md
- name: Customize Windows PE boot images
- href: customize-boot-image.md
+ href: customize-boot-image.md
\ No newline at end of file
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
deleted file mode 100644
index 674bd00551..0000000000
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: Windows Autopilot EULA dismissal – important information
-description: A notice about EULA dismissal through Windows Autopilot
-ms.prod: windows-client
-ms.localizationpriority: medium
-ms.date: 11/23/2022
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ROBOTS: NOINDEX
-ms.topic: article
-ms.technology: itpro-deploy
----
-# Windows Autopilot EULA dismissal – important information
-
-> [!IMPORTANT]
-> The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience).
-
-Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.
-
-By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This consent includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you didn't suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you haven't validly acquired a license for the software from Microsoft or its licensed distributors.
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f3f16802b4..8afd2c00f8 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,14 +1,14 @@
---
title: Configure a PXE server to load Windows PE (Windows 10)
description: This article describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Configure a PXE server to load Windows PE
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 3b52b209f3..fc07e5a9ba 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -1,14 +1,14 @@
---
title: Customize Windows PE boot images
description: This article describes how to customize a Windows PE (WinPE) boot image including updating with the latest cumulative update, adding drivers, and adding optional components.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.date: 09/05/2023
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index f94f31723e..4fde853386 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,27 +1,28 @@
---
title: Deploy Windows Enterprise licenses
-description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows Enterprise E3 or E5 subscription activation, or for Windows Enterprise E3 in CSP.
+description: Steps to deploy Windows Enterprise licenses for Windows Enterprise E3 or E5 subscription activation, or for Windows Enterprise E3 in CSP.
author: frankroj
ms.author: frankroj
manager: aaroncz
-ms.prod: windows-client
-ms.technology: itpro-fundamentals
+ms.service: windows-client
+ms.subservice: itpro-fundamentals
ms.localizationpriority: medium
ms.topic: how-to
ms.collection:
- highpri
- tier2
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
-ms.date: 11/14/2023
+ms.date: 03/04/2024
+zone_pivot_groups: windows-versions-11-10
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Deploy Windows Enterprise licenses
-This article describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5 licenses with [subscription activation](windows-10-subscription-activation.md) or [Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Microsoft Entra ID.
+This article describes how to deploy Windows Enterprise E3 or E5 licenses with [subscription activation](windows-subscription-activation.md) or [Enterprise E3 in CSP](windows-enterprise-e3-overview.md) and Microsoft Entra ID.
-These activation features require a supported and licensed version of Windows 10 Pro or Windows 11 Pro:
+These activation features require a supported and licensed version of Windows Pro:
- Subscription activation with an enterprise agreement (EA) or a Microsoft Products & Services Agreement (MPSA).
- Enterprise E3 in CSP.
@@ -30,9 +31,9 @@ These activation features require a supported and licensed version of Windows 10
## Enable subscription activation with an existing EA
-If you're an EA customer with an existing Microsoft 365 tenant, use the following steps to enable Windows subscription licenses on your existing tenant:
+EA customers with an existing Microsoft 365 tenant can use the following steps to enable Windows subscription licenses on the existing tenant:
-1. Work with your reseller to place an order for one $0 SKU per user. As of October 1, 2022, there are three SKUs available, depending on your current Windows Enterprise SA license:
+1. Work with the reseller to place an order for one $0 SKU per user. As of October 1, 2022, there are three SKUs available, depending on the current Windows Enterprise SA license:
| SKU | Description |
|---------|---------|
@@ -41,13 +42,14 @@ If you're an EA customer with an existing Microsoft 365 tenant, use the followin
| **VRM-00001** | `Win OLS Activation User GCC Sub Per User` |
> [!NOTE]
- > As of October 1, 2022, subscription activation is available for _commercial_ and _GCC_ tenants. It's currently not available on GCC High or DoD tenants.
+ >
+ > As of October 1, 2022, subscription activation is available for _commercial_ and _GCC_ tenants. It's currently not available on GCC High or DoD tenants.
-1. After an order is placed, the OLS admin on the agreement will receive a service activation email, which indicates the subscription licenses have been provisioned on the tenant.
+1. After an order is placed, the OLS admin on the agreement will receive a service activation email, which indicates the subscription licenses is provisioned on the tenant.
-1. You can now assign subscription licenses to users.
+1. Subscription licenses can now be assigned to users.
-If you need to update contact information and resend the activation email, use the following process:
+To update contact information and resend the activation email, use the following process:
1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
@@ -55,257 +57,508 @@ If you need to update contact information and resend the activation email, use t
1. Select **Online Services Agreement List**.
-1. Enter your agreement number, and then select **Search**.
+1. Enter the agreement number, and then select **Search**.
1. Select the **Service Name**.
1. In the **Subscription Contact** section, select the name listed under **Last Name**.
-1. Update the contact information, then select **Update Contact Details**. This action will trigger a new email.
+1. Update the contact information, then select **Update Contact Details**. This action triggers a new email.
-## Preparing for deployment: reviewing requirements
+## Prepare for deployment: reviewing requirements
-- Devices must be running a supported version of Windows 10 Pro or Windows 11 Pro
+- Devices must be running a supported version of Windows Pro.
- Microsoft Entra joined, or hybrid domain joined with Microsoft Entra Connect. Customers who are federated with Microsoft Entra ID are also eligible.
For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this article.
-
-
### Active Directory synchronization with Microsoft Entra ID
-If you have an on-premises Active Directory Domain Services (AD DS) domain, you need to synchronize the identities in the on-premises AD DS domain with Microsoft Entra ID. This synchronization is required for users to have a _single identity_ that they can use to access their on-premises apps and cloud services that use Microsoft Entra ID. An example of a cloud service is Windows Enterprise E3 or E5.
-
-**Figure 1** illustrates the integration between the on-premises AD DS domain with Microsoft Entra ID. Microsoft Entra Connect is responsible for synchronization of identities between the on-premises AD DS domain and Microsoft Entra ID. Microsoft Entra Connect is a service that you can install on-premises or in a virtual machine in Azure.
-
-:::image type="content" source="images/enterprise-e3-ad-connect.png" alt-text="Figure 1 illustrates the integration between the on-premises AD DS domain with Azure AD.":::
-
-Figure 1: On-premises AD DS integrated with Microsoft Entra ID
+If there's an on-premises Active Directory Domain Services (AD DS) domain, identities in the on-premises AD DS domain need to be synchronized with Microsoft Entra ID. This synchronization is required for users to have a _single identity_ that they can use to access their on-premises apps and cloud services that use Microsoft Entra ID. An example of a cloud service is Windows Enterprise E3 or E5.
For more information about integrating on-premises AD DS domains with Microsoft Entra ID, see the following resources:
+- [Configure Microsoft Entra hybrid join](/entra/identity/devices/how-to-hybrid-join)
- [What is hybrid identity with Microsoft Entra ID?](/azure/active-directory/hybrid/whatis-hybrid-identity)
- [Microsoft Entra Connect and Microsoft Entra Connect Health installation roadmap](/azure/active-directory/hybrid/how-to-connect-install-roadmap)
-## Assigning licenses to users
+## Assign licenses to users
-After you've ordered the Windows subscription (Windows 10 Business, E3 or E5), you'll receive an email with guidance on how to use Windows as an online service:
+After the Windows subscription is ordered, an email is sent with guidance on how to use Windows as an online service. The following methods are available to assign licenses:
-:::image type="content" source="images/al01.png" alt-text="An example email from Microsoft to complete your profile after purchasing Online Services through Microsoft Volume Licensing.":::
+- When the required Microsoft Entra subscription is available, [group-based licensing](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users.
-The following methods are available to assign licenses:
-
-- When you have the required Microsoft Entra subscription, [group-based licensing](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users.
-
-- You can sign in to the Microsoft 365 admin center and manually assign licenses:
-
- :::image type="content" source="images/al02.png" alt-text="A screenshot of the admin center, showing assignment of the Windows 10 Enterprise E3 product license to a specific user.":::
-
-- You can assign licenses by uploading a spreadsheet.
-
-- [How to use PowerShell to automatically assign licenses to your Microsoft 365 users](https://social.technet.microsoft.com/wiki/contents/articles/15905.how-to-use-powershell-to-automatically-assign-licenses-to-your-office-365-users.aspx).
-
-> [!TIP]
-> Other solutions may exist from the community. For example, a Microsoft MVP shared the following process: [Assign EMS licenses based on local Active Directory group membership](https://ronnydejong.com/2015/03/04/assign-ems-licenses-based-on-local-active-directory-group-membership/).
+- Licenses can be manually assigned by signing into the [Microsoft 365 admin center](https://admin.microsoft.com/).
+- Licenses can be assigned by uploading a spreadsheet.
+- Licenses can be assigned via [PowerShell](/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell).
## Explore the upgrade experience
-Now that you've established a subscription and assigned licenses to users, you can upgrade devices running supported versions of Windows 10 Pro or Windows 11 Pro to Enterprise edition.
+Now that a subscription is established and licenses are assigned to users, devices running supported versions of Windows Pro can be upgraded to Enterprise edition.
-> [!NOTE]
-> The following experiences are specific to Windows 10. The general concepts also apply to Windows 11.
-
-
+> [!TIP]
+>
+> This upgrade experience walkthrough assumes Autopilot isn't being used. For the Autopilot experience when joining Microsoft Entra ID, see [User-driven Microsoft Entra join: Deploy the device](/autopilot/tutorial/user-driven/azure-ad-join-deploy-device).
### Step 1: Join Windows Pro devices to Microsoft Entra ID
-You can join a Windows Pro device to Microsoft Entra ID during setup, the first time the device starts. You can also join a device that's already set up.
+The first time the device starts, a Windows Pro device can join Microsoft Entra ID during setup. Existing devices can also join Microsoft Entra ID.
-
+#### Join a device to Microsoft Entra ID during OOBE when the device is started for the first time
-#### Join a device to Microsoft Entra ID the first time the device is started
+::: zone pivot="windows-11"
-1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then select **Next**.
+1. Power on the device for the first time to initiate Windows Setup and the Out of Box experience (OOBE).
- :::image type="content" source="images/enterprise-e3-who-owns.png" alt-text="A screenshot of the 'Who owns this PC?' page in Windows 10 setup.":::
+1. In the **Is this the right country or region?** screen, select the desired country/region and then select the **Yes** button.
- Figure 2: The "Who owns this PC?" page in initial Windows 10 setup.
+1. In the **Is this the right keyboard layout or input method?** screen, select the desired keyboard/input methods and then select the **Yes** button.
-1. On the **Choose how you'll connect** page, select **Join Microsoft Entra ID**, and then select **Next**.
+1. In the **Want to add a second keyboard layout?** screen, if desired add additional keyboard/input methods by selecting **Add layout**. Otherwise select the **Skip** button.
- :::image type="content" source="images/enterprise-e3-choose-how.png" alt-text="A screenshot of the 'Choose how you'll connect' page in Windows 10 setup.":::
+1. If no network connection is detected, the **Let's connect you to a network** screen appears. Connect to a wireless or wired network that has Internet access, and then select the **Next** button.
- Figure 3: The "Choose how you'll connect" page in initial Windows 10 setup.
+1. At this point, updates for Windows Setup might be installed. If updates are installed, the device reboots to finish installing the updates.
-1. On the **Let's get you signed in** page, enter your Microsoft Entra credentials, and then select **Sign in**.
+1. In Windows 11 Pro editions, the **Let's name your device** screen appears. Give the device a name and then select the **Next** button. After the device is given a name, the device might reboot.
- :::image type="content" source="images/enterprise-e3-lets-get.png" alt-text="A screenshot of the 'Let's get you signed in' page in Windows 10 setup.":::
+1. In Windows 11 Pro editions, the **How would you like to set up this device?** screen appears. Select **Set up for work or school** and then select the **Next** button.
- Figure 4: The "Let's get you signed in" page in initial Windows 10 setup.
+1. In the **Let's set things up for your work or school** screen:
-Now the device is Microsoft Entra joined to the organization's subscription.
+ 1. In the **someone@example.com** text box under **Sign in**, enter the username for the Microsoft Entra user account, and then select the **Next** button. The username is in the email format of user@domain.com.
-
+ 1. In the **Password** text box under **Enter password**, enter the password for the Microsoft Entra user account, and then select the **Sign in** button.
-#### Join a device to Microsoft Entra ID when the device is already set up with Windows 10 Pro
+1. The device proceeds with the rest of the Windows setup including configuration of organization specific settings.
+
+1. In the **Choose privacy settings for your device** screen, configure privacy settings as desired, using the **Next** button to go between settings. Once complete, select the **Accept** button.
+
+1. Depending on the device and the configuration of organization specific settings, additional screens might appear. For example, the **Windows Hello** screen might appear.
+
+::: zone-end
+
+::: zone pivot="windows-10"
+
+1. Power on the device for the first time to initiate Windows Setup and the Out of Box experience (OOBE).
+
+1. In the **Let's start with region. Is this right?** screen, select the desired country/region and then select the **Yes** button.
+
+1. In the **Is this the right keyboard layout?** screen, select the desired keyboard/input methods and then select the **Yes** button.
+
+1. In the **Want to add a second keyboard layout?** screen, if desired add additional keyboard/input methods by selecting the **Add layout** button. Otherwise select the **Skip** button.
+
+1. If no network connection is detected, the **Let's connect you to a network** screen appears. Connect to a wireless or wired network that has Internet access, and then select the **Next** button.
+
+1. At this point, updates for Windows Setup might be installed. If updates are installed, the device reboots to finish installing the updates.
+
+1. In Windows 10 Pro editions, the **How would you like to set up?** screen appears. Select **Set up for an organization** and then select the **Next** button.
+
+1. In the **Sign in with Microsoft** screen, in the **someone@example.com** text box, enter the username for the Microsoft Entra user account, and then select the **Next** button. The username is in the email format of user@domain.com.
+
+1. In the **Enter your password** screen, in the **Password** text box, enter the password for the Microsoft Entra user account, and then select the **Next** button.
+
+1. The device proceeds with the rest of the Windows setup including configuration of organization specific settings.
+
+1. In the **Choose privacy settings for your device** screen, configure privacy settings as desired. Once complete, select the **Accept** button.
+
+1. Depending on the device and the configuration of organization specific settings, additional screens might appear. For example, the **Windows Hello** screen might appear.
+
+::: zone-end
+
+Once Windows Setup finishes, the user is automatically signed in and the device is Microsoft Entra joined to the organization's subscription.
+
+#### Join a device to Microsoft Entra ID when the device is already set up with Windows
> [!IMPORTANT]
-> Make sure that the user you're signing in with is _not_ the **BUILTIN/Administrator** account. That user can't use the `+ Connect` action to join a work or school account.
+>
+> Make sure that the user signing in isn't the **BUILTIN/Administrator** account. That user can't use the `+ Connect` action to join a work or school account.
-1. Go to **Settings**, select **Accounts**, and select **Access work or school**.
+Open the **Accounts** > **Access work or school** pane in the **Settings** app by selecting the following link:
- :::image type="content" source="images/enterprise-e3-connect-to-work-or-school.png" alt-text="A screenshot of the 'Connect to work or school' settings page.":::
+> [!div class="nextstepaction"]
+> [Access work or school](ms-settings:workplace)
- Figure 5: "Connect to work or school" configuration in Settings.
+or
-1. In **Set up a work or school account**, select **Join this device to Microsoft Entra ID**.
+1. Right-click on the **Start** menu and select **Run**.
- :::image type="content" source="images/enterprise-e3-set-up-work-or-school.png" alt-text="A screenshot of the 'Set up a work or school account' wizard.":::
+1. In the **Run** window, next to **Open:**, enter:
- Figure 6: Set up a work or school account.
+ ```console
+ ms-settings:workplace
+ ```
-1. On the **Let's get you signed in** page, enter your Microsoft Entra credentials, and then select **Sign in**.
+ and then select **OK**.
- :::image type="content" source="images/enterprise-e3-lets-get-2.png" alt-text="A screenshot of the 'Let's get you signed in' window.":::
+or
- Figure 7: The "Let's get you signed in" window.
+::: zone pivot="windows-11"
-Now the device is Microsoft Entra joined to the organization's subscription.
+1. Right-click on the **Start** menu and select **Settings**.
+
+1. In the **Settings** app, select **Accounts** in the left hand pane.
+
+1. In the **Accounts** pane, select **Access work or school**.
+
+Once the **Accounts > Access work or school** pane is open:
+
+1. In the **Accounts > Access work or school** pane, next to **Add a work or school account**, select the **Connect** button.
+
+1. In the **Microsoft account** window that opens:
+
+ 1. In the **Set up a work or school account** page, under **Alternate actions:**, select **Join this device to Microsoft Entra ID**.
+
+ 1. In the **Email or phone** text box of the **Sign in** page, enter the username for the Microsoft Entra user account, and then select the **Next** button. The username is in the email format of user@domain.com.
+
+ 1. In the **Password** text box of the **Enter password** page, enter the password for the Microsoft Entra user account, and then select the **Sign in** button.
+
+ 1. When the **Make sure this is your organization** window opens, confirm the information is correct and then select the **Join** button.
+
+ 1. The device joins the organization's Microsoft Entra ID subscription. Once complete, the **You're all set!** page is displayed. Select the **Done** button to complete the process.
+
+::: zone-end
+
+::: zone pivot="windows-10"
+
+1. Right-click on the **Start** menu and select **Settings**.
+
+1. In the **Settings** app, select **Accounts**.
+
+1. In the left hand pane, select **Access work or school**.
+
+Once the **Access work or school** pane is open:
+
+1. In the **Access work or school** pane, select the **+** button next to **Connect**.
+
+1. In the **Microsoft account** window that opens:
+
+ 1. In the **Set up a work or school account** page, under **Alternate actions:**, select **Join this device to Microsoft Entra ID**.
+
+ 1. In the **Email or phone** text box of the **Sign in** page, enter the username for the Microsoft Entra user account, and then select the **Next** button. The username is in the email format of user@domain.com.
+
+ 1. In the **Password** text box of the **Enter password** page, enter the password for the Microsoft Entra user account, and then select the **Sign in** button.
+
+ 1. When the **Make sure this is your organization** window opens, confirm the information is correct and then select the **Join** button.
+
+ 1. The device joins the organization's Microsoft Entra subscription. Once complete, the **You're all set!** page is displayed. Select the **Done** button to complete the process.
+
+::: zone-end
+
+The device is now Microsoft Entra joined to the organization's subscription.
### Step 2: Pro edition activation
-If the device is running a supported version of Windows 10 or Windows 11, it automatically activates Windows Enterprise edition using the firmware-embedded activation key.
-
-
+Windows Pro has to be activated on the device. However, if the device is running a currently supported version of Windows, most modern devices automatically activates Windows Pro edition using the firmware-embedded activation key.
### Step 3: Sign in using Microsoft Entra account
-Once the device is joined to Microsoft Entra ID, users will sign in with their Microsoft Entra account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
-
-:::image type="content" source="images/enterprise-e3-sign-in.png" alt-text="A screenshot of signing in to Windows 10 as a Microsoft Entra user.":::
-
-Figure 8: Sign in to Windows 10 with a Microsoft Entra account.
+Once the device is joined to Microsoft Entra ID and Windows Setup/OOBE completes, the user signs in with their Microsoft Entra account. Once the user signs in with their Microsoft Entra account, the Windows Enterprise E3 or E5 license associated with the user enables Windows Enterprise edition capabilities on the device.
### Step 4: Verify that Enterprise edition is enabled
-To verify the Windows Enterprise E3 or E5 subscription, go to **Settings**, select **Update & Security**, and select **Activation**.
+To verify the Windows Enterprise E3 or E5 subscription:
-:::image type="content" source="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt-text="A screenshot of verifying Windows 10 Enterprise activation in Settings.":::
+Open the **Activation** pane in the **Settings** app by selecting the following link:
-Figure 9: Verify Windows 10 Enterprise subscription in Settings.
+> [!div class="nextstepaction"]
+> [Activation](ms-settings:activation)
-If there are any problems with the Windows Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
+or
-> [!NOTE]
-> If you use the `slmgr /dli` or `slmgr /dlv` commands to get the activation information for the E3 or E5 license, the license information displayed will be similar to the following output:
->
-> ```console
-> Name: Windows(R), Professional edition
-> Description: Windows(R) Operating System, RETAIL channel
-> Partial Product Key: 3V66T
-> ```
+1. Right-click on the **Start** menu and select **Run**.
+
+1. In the **Run** window, next to **Open:**, enter:
+
+ ```console
+ ms-settings:activation
+ ```
+
+ and then select **OK**.
+
+or
+
+::: zone pivot="windows-11"
+
+1. Right-click on the **Start** menu and select **Settings**.
+
+1. In the **Settings** app, select **System** in the left hand pane.
+
+1. In the **System** pane, **Activation**.
+
+Once the **System > Activation** pane is open:
+
+1. In the **System > Activation** pane, expand **Activation state** and **Subscription** to see full details of the activation state and status:
+
+ 1. Under **Activation state**, verify that Windows is activated. It should display the message:
+
+ `Windows is activated with a digital license`
+
+ 1. Under **Subscription**, verify that the Windows 11 Enterprise subscription is active. It should display the message:
+
+ `Windows 11 Enterprise subscription is active`
+
+ > [!NOTE]
+ >
+ > If the Windows Enterprise subscription hasn't yet been applied, the **Subscription** pane isn't displayed.
+
+::: zone-end
+
+::: zone pivot="windows-10"
+
+1. Right-click on the **Start** menu and select **Settings**.
+
+1. In the **Settings** app, select **Update & Security**.
+
+1. In the left hand pane, select **Activation**.
+
+Once the **Activation** pane is open:
+
+1. In the **Activation** pane:
+
+ 1. Next to **Subscription**, verify that the Windows 10 Enterprise subscription is active. It should display the message:
+
+ `Windows Enterprise 10 subscription is active`
+
+ > [!NOTE]
+ >
+ > If the Windows Enterprise subscription hasn't yet been applied, the **Subscription** field isn't displayed.
+
+ 1. Next to **Activation**, verify that Windows is activated. It should display the message:
+
+ `Windows is activated with a digital license`
+
+::: zone-end
+
+A device is healthy when both the subscription and activation are active. If there are any problems with the Windows Enterprise E3 or E5 license or the activation of the license, the **Activation** pane displays the appropriate error message or status. This information can be used to help diagnose the licensing and activation process.
+
+#### Verify that Enterprise edition is enabled with slmgr
+
+**Slmgr** can also be used to verify the activation information:
+
+1. Open a command prompt.
+
+1. To get basic licensing information, run the following command at the command prompt:
+
+ ```cmd
+ slmgr /dli
+ ```
+
+ A window with output similar to the following opens:
+
+ ```console
+ Name: Windows(R), Professional edition
+ Description: Windows(R) Operating System, RETAIL channel
+ Partial Product Key: 3V66T
+ License Status: Licensed
+ ```
+
+To instead get detailed licensing information, run the following command:
+
+```cmd
+slmgr /dlv
+```
+
+For more information on **Slmgr**, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options).
## Troubleshoot the user experience
-In some instances, users may experience problems with the Windows Enterprise E3 or E5 subscription. The most common problems that users may experience are the following issues:
+In some instances, users might experience problems with activation of the Windows Enterprise E3 or E5 subscription. The most common problems that users might experience are the following issues:
-- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed.
-- An earlier version of Windows 10 Pro isn't activated. For example, Windows 10, versions 1703 or 1709.
+- The Windows Enterprise E3 or E5 subscription has lapsed, was removed, or isn't applied.
+- Windows Pro was never activated.
-### Troubleshoot common problems in the Activation pane
+When there are problems with Windows Enterprise E3 or E5 subscription activation, the following are errors can occur in the [**Activation**](ms-settings:activation) pane:
-Use the following figures to help you troubleshoot when users experience common problems:
+- **Windows Pro isn't activated**
-#### Device in healthy state
+ When Windows Pro isn't activated on a device, the following message is displayed for **Activation** in the [**Activation**](ms-settings:activation) pane:
-The following image illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
+ `Windows is not activated`
-:::image type="content" source="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that's healthy and successfully activated.":::
+ Additionally, the following message might be displayed:
-#### Device that's not activated with active subscription
+ `We can't activate Windows on this device right now. You can try activating again later or go to the Store to buy genuine Windows. Error code: 0xC004F034.`
-Figure 10 illustrates a device on which the Windows 10 Pro isn't activated, but the Windows 10 Enterprise subscription is active.
+ Examples where this problem can occur include:
-:::image type="content" source="images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that isn't activated but the subscription is active.":::
+ - The device doesn't have a firmware-embedded activation key.
+ - The starting edition of Windows wasn't Windows Pro. For example, the starting edition of Windows was Windows Home.
-Figure 10: Windows 10 Pro, version 1703 edition not activated in Settings.
+ In these cases, a Windows Pro key might need to be manually entered.
-It displays the following error: "We can't activate Windows on this device right now. You can try activating again later or go to the Store to buy genuine Windows. Error code: 0xC004F034."
+- **Windows Enterprise subscription isn't active**
-#### Device that's activated without an Enterprise subscription
+ When a device with a Windows Enterprise subscription has lapsed or has been removed, the following message is displayed for **Subscription** in the [**Activation**](ms-settings:activation) pane:
-Figure 11 illustrates a device on which the Windows 10 Pro is activated, but the Windows 10 Enterprise subscription is lapsed or removed.
+ `Windows Enterprise subscription isn't valid.`
-:::image type="content" source="images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that's activated but the subscription isn't active.":::
+ ::: zone pivot="windows-11"
-Figure 11: Windows 10 Enterprise subscription lapsed or removed in Settings.
+ > [!NOTE]
+ >
+ > If the Windows Enterprise subscription has never been applied, the **Subscription** pane isn't displayed.
-It displays the following error: "Windows 10 Enterprise subscription isn't valid."
+ ::: zone-end
-#### Device that's not activated and without an Enterprise subscription
+ ::: zone pivot="windows-10"
-Figure 12 illustrates a device on which the Windows 10 Pro license isn't activated and the Windows 10 Enterprise subscription is lapsed or removed.
+ > [!NOTE]
+ >
+ > If the Windows Enterprise subscription has never been applied, the **Subscription** field isn't displayed.
-:::image type="content" source="images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that's not activated and the subscription isn't active.":::
-
-Figure 12: Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings.
-
-It displays both of the previously mentioned error messages.
+ ::: zone-end
### Review requirements on devices
-Devices must be running a supported version of Windows 10 Pro or Windows 11 Pro. Earlier versions of Windows 10, such as version 1703, don't support this feature.
+When there are Windows Enterprise E3 or E5 license activation issues on a device, verify that it meets all of the requirements:
-Devices must also be joined to Microsoft Entra ID, or hybrid domain joined with Microsoft Entra Connect. Customers who are federated with Microsoft Entra ID are also eligible.
+- Devices must be running a currently supported version of Windows Pro. Versions of Windows Pro that are out support don't support this feature.
-Use the following procedures to review whether a particular device meets these requirements.
+- Devices must be joined to Microsoft Entra ID, or hybrid domain joined with Microsoft Entra Connect. Customers who are federated with Microsoft Entra ID are also eligible.
-#### Firmware-embedded activation key
+- For automatic activation of Windows Pro, the device must have a firmware-embedded activation key.
-To determine if the computer has a firmware-embedded activation key, enter the following command at an elevated Windows PowerShell prompt:
+Use the following guides to verify each one of these requirements:
-```powershell
-(Get-CimInstance -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
-```
+- **Determine if the version of Windows is currently supported**.
-If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device doesn't have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+ To determine if the version of Windows is currently supported:
-
+ 1. Open a command prompt
-#### Determine if a device is Microsoft Entra joined
+ 1. In the command prompt window, enter:
-1. Open a command prompt and enter `dsregcmd /status`.
+ ```cmd
+ winver.exe
+ ```
-1. Review the output in the **Device State** section. If the **AzureAdJoined** value is **YES**, the device is joined to Microsoft Entra ID.
+ 1. The **About Windows** window opens and displays both the OS version and the build information of Windows.
-#### Determine the version of Windows
+ 1. Compare the information from the **About Windows** window against the Windows support lifecycle:
-1. Open a command prompt and enter `winver`.
+ - [Windows 11 release information](/windows/release-health/windows11-release-information).
+ - [Windows 10 release information](/windows/release-health/release-information).
-1. The **About Windows** window displays the OS version and build information.
+- **Determine if a device is Microsoft Entra joined**.
-1. Compare this information again the Windows support lifecycle:
+ To determine if a device is Microsoft Entra joined:
- - [Windows 10 release information](/windows/release-health/release-information)
- - [Windows 11 release information](/windows/release-health/windows11-release-information)
+ 1. Open a command prompt.
-> [!NOTE]
-> If a device is running a version of Windows 10 Pro prior to version 1703, it won't upgrade to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal.
+ 1. In the command prompt window, enter:
-### Delay in the activation of Enterprise license of Windows 10
+ ```cmd
+ dsregcmd.exe /status
+ ```
-This delay is by design. Windows 10 and Windows 11 include a built-in cache that's used when determining upgrade eligibility. This behavior includes processing responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
+ 1. Review the output. Under the first section called **Device State**, verify that the value of **AzureAdJoined** is **YES**. If the value is **YES**, the device is joined to Microsoft Entra ID.
-## Known issues
+ ```console
+ +----------------------------------------------------------------------+
+ | Device State |
+ +----------------------------------------------------------------------+
-If a device isn't able to connect to Windows Update, it can lose activation status or be blocked from upgrading to Windows Enterprise. To work around this issue:
+ AzureAdJoined : YES
+ EnterpriseJoined : NO
+ DomainJoined : NO
+ Virtual Desktop : NOT SET
+ Device Name : Demo-PC
+ ```
-- Make sure that the device doesn't have the following registry value: `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations = 1 (REG_DWORD)`. If this registry value exists, it must be set to `0`.
+- **Determine if devices has a firmware-embedded activation key**.
-- Make sure that the following group policy setting is **disabled**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Don't connect to any Windows Update Internet locations.
+ To determine if the device has a firmware-embedded activation key:
+
+ 1. Open an elevated Windows PowerShell command prompt.
+
+ 1. In the elevated Windows PowerShell command prompt, enter:
+
+ ```powershell
+ (Get-CimInstance -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
+ ```
+
+ 1. If the device has a firmware-embedded activation key, the key is displayed in the output. If the output is blank, the device doesn't have a firmware embedded activation key. Most modern OEM-provided devices designed to run currently supported versions of Windows have a firmware-embedded key.
+
+- **Make sure the Microsoft Entra user has been assigned a license**.
+
+ For more information, see [Assigning licenses to users](#assign-licenses-to-users).
+
+## Recommended practices
+
+### Adding Conditional Access policy
+
+When a device has been offline for an extended period of time, the Subscription Activation might not reactivate automatically on the device. To resolve this issue, use Conditional Access policies to control access by excluding one of the following cloud apps from their Conditional Access policies using **Select Excluded Cloud Apps**:
+
+- [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
+
+- [Windows Store for Business, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
+
+Although the app ID is the same in both instances, the name of the cloud app depends on the tenant.
+
+For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
+
+
+
+Setting this Conditional Access policy ensures that Subscription Activation continues to work seamlessly.
+
+Starting with Windows 11, version 23H2 with [KB5034848](https://support.microsoft.com/help/5034848) or later, users are prompted for authentication with a toast notification when Subscription Activation needs to reactivate. The toast notification will show the following message:
+
+> **Your account requires authentication**
+>
+> **Please sign in to your work or school account to verify your information.**
+
+Additionally, in the [**Activation**](ms-settings:activation) pane, the following message might appear:
+
+> **Please sign in to your work or school account to verify your information.**
+
+The prompt for authentication usually occurs when a device has been offline for an extended period of time. This change eliminates the need for an exclusion in the Conditional Access policy for Windows 11, version 23H2 with [KB5034848](https://support.microsoft.com/help/5034848) or later. A Conditional Access policy can still be used with Windows 11, version 23H2 with [KB5034848](https://support.microsoft.com/help/5034848) or later if the prompt for user authentication via a toast notification isn't desired.
+
+### Make sure Windows Update isn't blocked
+
+If a device isn't able to connect to Windows Update, it can lose activation status or be blocked from upgrading to Windows Enterprise. Make sure that Windows Update isn't blocked on the device:
+
+- Using `gpedit.msc` or group policy editor in the domain, make sure that the following group policy setting is set to **Disabled** or **Not Configured**:
+
+ ::: zone pivot="windows-11"
+
+ **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Manage updates offered from Windows Server Update Service** > **Do not connect to any Windows Update Internet locations**
+
+ ::: zone-end
+
+ ::: zone pivot="windows-10"
+
+ **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Do not connect to any Windows Update Internet locations**
+
+ ::: zone-end
+
+ If this policy is set to **Enabled**, it must be changed to **Disabled** or **Not Configured**.
+
+- In the following registry key of the registry:
+
+ `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`
+
+ check if the value `DoNotConnectToWindowsUpdateInternetLocations` exists. If the value does exist, verify that it has a REG_DWORD value of `0`. If the value is instead set to `1`, it must be changed to `0`. The value can be changed by running the following command from an elevated command prompt:
+
+ ```cmd
+ reg.exe add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v DoNotConnectToWindowsUpdateInternetLocations /t REG_DWORD /d 1 /f
+ ```
+
+ > [!NOTE]
+ >
+ > Make sure to first check the group policy of **Do not connect to any Windows Update Internet locations**. If the policy is **Enabled**, then this registry key will eventually be reset back to `1` even after it's manually set to `0` via `reg.exe`. Setting the policy of **Do not connect to any Windows Update Internet locations** to **Disabled** or **Not Configured** will make sure the registry value remains as `0`.
+
+### Delay in the activation of Enterprise license of Windows
+
+There might be a delay in the activation of the Enterprise license in Windows. This delay is by design. Windows uses a built-in cache when determining upgrade eligibility. This behavior includes processing responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
## Virtual Desktop Access (VDA)
-Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Azure or in another qualified multitenant hoster.
+Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Azure or in another qualified multitenant host.
Virtual machines (VMs) must be configured to enable Windows Enterprise subscriptions for VDA. Active Directory-joined and Microsoft Entra joined clients are supported. For more information, see [Enable VDA for Enterprise subscription activation](vda-subscription-activation.md).
+
+## Related content
+
+- [Windows subscription activation](windows-subscription-activation.md).
+- [MDM enrollment of Windows devices](/windows/client-management/mdm-enrollment-of-windows-devices).
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index b8025d4dc9..c2a4d9ce76 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -1,75 +1,55 @@
---
-title: Deploy Windows 10 with Microsoft 365
+title: Deploy Windows with Microsoft 365
manager: aaroncz
ms.author: frankroj
-description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-ms.prod: windows-client
+description: Learn about deploying Windows with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.date: 02/13/2024
+ms.subservice: itpro-deploy
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
-# Deploy Windows 10 with Microsoft 365
-
-*Applies to:*
-
-- Windows 10
+# Deploy Windows with Microsoft 365
This article provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
+[Microsoft 365](https://www.microsoft.com/microsoft-365) is an offering from Microsoft that combines [Windows](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/security/business) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
-For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor that can walk you through the entire process of deploying Windows 10. The wizard supports multiple Windows 10 deployment methods, including:
+For Windows deployment, Microsoft 365 includes a deployment advisor that walks through the entire process of deploying Windows. The wizard supports multiple Windows deployment methods, including:
-- Windows Autopilot
-- In-place upgrade
-- Deploying Windows 10 upgrade with Intune
-- Deploying Windows 10 upgrade with Microsoft Configuration Manager
-- Deploying a computer refresh with Microsoft Configuration Manager
+- Windows Autopilot.
+- In-place upgrade.
+- Deploying Windows upgrade with Intune.
+- Deploying Windows upgrade with Microsoft Configuration Manager.
+- Deploying a computer refresh with Microsoft Configuration Manager.
## Free trial account
-### If you already have a Microsoft services subscription account and access to the Microsoft 365 Admin Center
+If an existing Microsoft services subscription account exists, and there's access to the Microsoft 365 Admin Center:
-From the [Microsoft 365 Admin Center](https://portal.office.com), go to Billing and then Purchase services.
-In the Enterprise Suites section of the service offerings, you'll find Microsoft 365 E3 and Microsoft 365 E5 tiles.
-There are "Start Free Trial" options available for your selection by hovering your mouse over the tiles.
+1. Sign into the [Microsoft 365 Admin Center](https://admin.microsoft.com/).
+1. Go to **Billing** and then **Purchase services**.
+1. In the Enterprise Suites section of the service offerings, find the Microsoft 365 E3 and Microsoft 365 E5 tiles.
+1. Select one of the available **Start Free Trial** options.
-### If you do not already have a Microsoft services subscription
+If there isn't an existing Microsoft services subscription, Microsoft 365 deployment advisor and other resources can be tried for free! Just follow these steps:
-You can check out the Microsoft 365 deployment advisor and other resources for free! Just follow the steps below.
+1. [Obtain a free Microsoft 365 trial](https://www.microsoft.com/microsoft-365/try).
+1. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
> [!NOTE]
-> If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
-
-1. [Obtain a free Microsoft 365 trial](/microsoft-365/commerce/try-or-buy-microsoft-365).
-2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
-3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview).
-
-Examples of these two deployment advisors are shown below.
-
-- [Deploy Windows 10 with Microsoft 365](#deploy-windows-10-with-microsoft-365)
- - [Free trial account](#free-trial-account)
- - [If you already have a Microsoft services subscription account and access to the Microsoft 365 Admin Center](#if-you-already-have-a-microsoft-services-subscription-account-and-access-to-the-microsoft-365-admin-center)
- - [If you do not already have a Microsoft services subscription](#if-you-do-not-already-have-a-microsoft-services-subscription)
- - [Microsoft 365 deployment advisor example](#microsoft-365-deployment-advisor-example)
- - [Windows Analytics deployment advisor example](#windows-analytics-deployment-advisor-example)
- - [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster)
- - [Related articles](#related-articles)
-
-## Microsoft 365 deployment advisor example
-
-
-
-## Windows Analytics deployment advisor example
+>
+> When setup guide runs for the first time, the **Prepare your environment** guide appears. This guide makes sure the basics are covered like domain verification and a method for adding users. At the end of the **Prepare your environment** guide, there's a **Ready to continue** button that goes back to the original guide that was selected.
## Microsoft 365 Enterprise poster
-[](https://aka.ms/m365eposter)
+Select [Microsoft 365 Enterprise poster](https://aka.ms/m365eposter) to see the latest version of the Microsoft 365 Enterprise poster.
## Related articles
-[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-[Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home)
+- [Windows deployment scenarios](windows-deployment-scenarios.md).
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
deleted file mode 100644
index d42a253d04..0000000000
--- a/windows/deployment/deploy-whats-new.md
+++ /dev/null
@@ -1,227 +0,0 @@
----
-title: What's new in Windows client deployment
-description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-deploy
-author: frankroj
-manager: aaroncz
-ms.author: frankroj
-ms.topic: conceptual
-ms.collection:
- - highpri
- - tier2
-ms.date: 11/17/2023
-appliesto:
- - ✅ Windows 11
- - ✅ Windows 10
----
-
-# What's new in Windows client deployment
-
-This article provides an overview of new solutions and online content related to deploying Windows client in your organization.
-
-- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](/windows/whats-new/index).
-
-## [Preview] Windows Autopilot diagnostics page
-
-When you deploy Windows 11 with Autopilot, you can enable users to view additional information about the Autopilot provisioning process. A new **Windows Autopilot diagnostics Page** is available to provide IT admins and end users with a user-friendly view to troubleshoot Autopilot failures. For more information, see [Windows Autopilot: What's new](/mem/autopilot/windows-autopilot-whats-new#preview-windows-autopilot-diagnostics-page).
-
-## Windows 11
-
-Check out the following new articles about Windows 11:
-
-- [Overview of Windows 11](/windows/whats-new/windows-11).
-- [Plan for Windows 11](/windows/whats-new/windows-11-plan).
-- [Prepare for Windows 11](/windows/whats-new/windows-11-prepare).
-- [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is available.
-
-## Deployment tools
-
-- [SetupDiag](#setupdiag) is included with all currently supported versions of Windows.
-- New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
-- VPN support is added to [Windows Autopilot](#windows-autopilot).
-- An in-place upgrade wizard is available in [Configuration Manager](#microsoft-configuration-manager).
-
-## The Modern Desktop Deployment Center
-
-The [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home) has content to help you with large-scale deployment of supported version of Windows and Microsoft 365 Apps for enterprise.
-
-## Microsoft 365
-
-Microsoft 365 is a new offering from Microsoft that combines:
-
-- A currently supported version of Windows.
-- Office 365.
-- Enterprise Mobility and Security (EMS).
-
-See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a [Microsoft 365 Enterprise poster](deploy-m365.md#microsoft-365-enterprise-poster).
-
-## Windows servicing and support
-
-### Delivery Optimization
-
-Windows PowerShell cmdlets for Delivery Optimization is improved:
-
-- **Get-DeliveryOptimizationStatus** has the **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
-- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
-- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
-
-Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
-
-- Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
-- Automatic cloud-based congestion detection is available for PCs with cloud service support.
-- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content.
-
-The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
-
-- Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth).
- - Reason: Replaced with separate policies for foreground and background.
-- Max Upload Bandwidth (DOMaxUploadBandwidth).
- - Reason: impacts uploads to internet peers only, which isn't used in enterprises.
-- Absolute max throttle (DOMaxDownloadBandwidth).
- - Reason: separated to foreground and background.
-
-### Windows Update for Business
-
-[Windows Update for Business](./update/waas-manage-updates-wufb.md) enhancements in this release include:
-
-- **Intune console updates**: target version is now available allowing you to specify which supported version of Windows you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
-
-- **Validation improvements**: To ensure devices and end users stay productive and protected, Microsoft blocks devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, a new policy is available that enables admins to opt devices out of the built-in safeguard holds.
-
-- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows automatically signs in as the user and locks their device in order to complete the update. This automatic sign-on ensures that when the user returns and unlocks the device, the update is completed.
-
-- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There's now a single, common start date for phased deployments (no more SAC-T designation). In addition, there's a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
-
-- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
-
-- **Pause updates**: The ability to pause updates for both feature and monthly updates is extended. This extension ability is for all currently supported editions of Windows, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, the device needs to update before pausing again.
-
-- **Improved update notifications**: When there's an update requiring you to restart your device, a colored dot appears on the Power button in the Start menu and on the Windows icon in the taskbar.
-
-- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
-
-- **Improved update orchestration to improve system responsiveness**: This feature improves system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
-
-Microsoft previously announced that we're [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. These editions include all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there's no change for these editions). These support policies are summarized in the following table:
-
-
-
-## Windows 10 Enterprise upgrade
-
-Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md).
-
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. With Windows 10 Enterprise E3 in CSP, small and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
-
-For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
-
-## Deployment solutions and tools
-
-### Windows Autopilot
-
-[Windows Autopilot](/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose, and recover devices.
-
-With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](/windows/deployment/windows-autopilot/user-driven) Microsoft Entra hybrid join with VPN support.
-
-If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios now skip the language, locale, and keyboard pages. In previous versions, these language settings were only supported with self-deploying profiles.
-
-The following Windows Autopilot features are available in Windows 10, version 1903 and later:
-
-- [Windows Autopilot for pre-provisioned deployment](/autopilot/pre-provision) is new in Windows 10, version 1903. Pre-provisioned deployment enables partners or IT staff to pre-provision devices so they're fully configured and business ready for your users.
-- The Intune [enrollment status page](/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
-- [Cortana voiceover](/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates begin downloading automatically during OOBE.
-- Windows Autopilot sets the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
-
-### Microsoft Configuration Manager
-
-An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
-
-### Windows 10 Subscription Activation
-
-Windows 10 Education support is added to Windows 10 Subscription Activation.
-
-With Windows 10, version 1903, you can step up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions - Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
-
-### SetupDiag
-
-[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why an update of Windows failed. SetupDiag works by searching Windows Setup log files. When log files are being searched, SetupDiag uses a set of rules to match known issues.
-
-During the upgrade process, Windows Setup extracts all its sources files to the `%SystemDrive%\$Windows.~bt\Sources` directory. **SetupDiag.exe** is also installed to this directory. If there's an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under `%SystemDrive%\Windows.Old` for cleanup.
-
-### Upgrade Readiness
-
-Upgrade Readiness helps you ensure that applications and drivers are ready for an upgrade of Windows. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details.
-
-Input from the community heavily influenced the development of Upgrade Readiness and the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
-
-For more information about Upgrade Readiness, see the following articles:
-
-- [Windows Analytics blog](https://aka.ms/blog/WindowsAnalytics/)
-- [Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview)
-
-### Update Compliance
-
-Update Compliance helps you to keep supported Windows devices in your organization secure and up-to-date.
-
-Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues.
-
-For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md).
-
-### Device Health
-
-Device Health is the newest Windows Analytics solution that complements the existing Upgrade Readiness and Update Compliance solutions by helping to identify devices crashes and the cause. Device drivers that are causing crashes are identified along with alternative drivers that might reduce the number of crashes. Windows Information Protection misconfigurations are also identified. For more information, see [Monitor the health of devices with Device Health](/mem/configmgr/desktop-analytics/overview).
-
-### MBR2GPT
-
-MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT.
-
-There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface. Security features of supported versions of Windows that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
-
-For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
-
-### Microsoft Deployment Toolkit (MDT)
-
-MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019.
-
-For the latest information about MDT, see the [MDT release notes](/mem/configmgr/mdt/release-notes).
-
-> [!IMPORTANT]
->
-> MDT doesn't support versions of Windows after Windows 10 and Windows Server 2019.
-
-### Windows Assessment and Deployment Kit (ADK)
-
-IT Pros can use the tools in the Windows Assessment and Deployment Kit (Windows ADK) to deploy Windows.
-
-Download the Windows ADK and Windows PE add-on for Windows 11 [here](/windows-hardware/get-started/adk-install).
-
-For information about what's new in the ADK, see [What's new in the Windows ADK](/windows-hardware/get-started/what-s-new-in-kits-and-tools).
-
-Also see [Windows ADK for Windows scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
-
-## Testing and validation guidance
-
-### Windows 10 deployment proof of concept (PoC)
-
-The Windows 10 PoC guide enables you to test Windows 10 deployment in a virtual environment and become familiar with deployment tools such as MDT and Configuration Manager. The PoC guide provides step-by-step instructions for installing and using Hyper-V to create a virtual lab environment. The guide makes extensive use of Windows PowerShell to streamline each phase of the installation and setup.
-
-For more information, see the following guides:
-
-- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md).
-- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md).
-- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md).
-
-## Troubleshooting guidance
-
-[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and continues to be updated with new fixes. The article provides a detailed explanation of the Windows upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
-
-## Related articles
-
-- [Overview of Windows as a service](update/waas-overview.md).
-- [Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md).
-- [Windows 10 release information](/windows/windows-10/release-information).
-- [Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications).
-- [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md).
-- [Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md).
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 94c3d4ad20..c5ed56316b 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Add a Windows 10 operating system image using Configuration Manager
description: Operating system images are typically the production image used for deployment throughout the organization.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 49a76b890d..40fdcea0df 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Add drivers to a Windows 10 deployment with Windows PE using Configuratio
description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 8c9f73f7e0..da7c70c515 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Create a custom Windows PE boot image with Configuration Manager (Windows
description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Configuration Manager.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 95074a8b3d..af5baf8233 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -3,11 +3,11 @@ title: Create a task sequence with Configuration Manager (Windows 10)
description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 8c8f05cc7c..7159edcbe3 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Create an app to deploy with Windows 10 using Configuration Manager
description: Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index e3a76f89f8..648a274ad0 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -3,11 +3,11 @@ title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
description: In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 603cdd71f6..4929876f5a 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Finalize operating system configuration for Windows 10 deployment
description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 2cbc8a589e..42526dd62d 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Prepare for Zero Touch Installation of Windows 10 with Configuration Mana
description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: how-to
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 2ea7c6d6a7..e31c4ebfb5 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manage
description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index f2a38e6125..48c9e2bcbb 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manage
description: In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index 9de18e31aa..bddc7bf6cb 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Perform in-place upgrade to Windows 10 via Configuration Manager
description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Configuration Manager task sequence.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
@@ -154,5 +154,5 @@ On **PC0004**:
## Related articles
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
-[Configuration Manager Team blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/bg-p/ConfigurationManagerBlog)
+- [Windows 10 deployment scenarios](../windows-deployment-scenarios.md).
+- [Configuration Manager Team blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/bg-p/ConfigurationManagerBlog).
diff --git a/windows/deployment/deploy-windows-mdt/TOC.yml b/windows/deployment/deploy-windows-mdt/TOC.yml
deleted file mode 100644
index 51493a1083..0000000000
--- a/windows/deployment/deploy-windows-mdt/TOC.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-- name: Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT)
- items:
- - name: Get started with MDT
- href: get-started-with-the-microsoft-deployment-toolkit.md
- - name: Deploy Windows 10 with MDT
- items:
- - name: Prepare for deployment with MDT
- href: prepare-for-windows-deployment-with-mdt.md
- - name: Create a Windows 10 reference image
- href: create-a-windows-10-reference-image.md
- - name: Deploy a Windows 10 image using MDT
- href: deploy-a-windows-10-image-using-mdt.md
- - name: Build a distributed environment for Windows 10 deployment
- href: build-a-distributed-environment-for-windows-10-deployment.md
- - name: Refresh a Windows 7 computer with Windows 10
- href: refresh-a-windows-7-computer-with-windows-10.md
- - name: Replace a Windows 7 computer with a Windows 10 computer
- href: replace-a-windows-7-computer-with-a-windows-10-computer.md
- - name: Perform an in-place upgrade to Windows 10 with MDT
- href: upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
- - name: Customize MDT
- items:
- - name: Configure MDT settings
- href: configure-mdt-settings.md
- - name: Set up MDT for BitLocker
- href: set-up-mdt-for-bitlocker.md
- - name: Configure MDT deployment share rules
- href: configure-mdt-deployment-share-rules.md
- - name: Configure MDT for UserExit scripts
- href: configure-mdt-for-userexit-scripts.md
- - name: Simulate a Windows 10 deployment in a test environment
- href: simulate-a-windows-10-deployment-in-a-test-environment.md
- - name: Use the MDT database to stage Windows 10 deployment information
- href: use-the-mdt-database-to-stage-windows-10-deployment-information.md
- - name: Assign applications using roles in MDT
- href: assign-applications-using-roles-in-mdt.md
- - name: Use web services in MDT
- href: use-web-services-in-mdt.md
- - name: Use Orchestrator runbooks with MDT
- href: use-orchestrator-runbooks-with-mdt.md
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
deleted file mode 100644
index 1f8a403732..0000000000
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ /dev/null
@@ -1,136 +0,0 @@
----
-title: Assign applications using roles in MDT (Windows 10)
-description: This article will show you how to add applications to a role in the MDT database and then assign that role to a computer.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Assign applications using roles in MDT
-
-This article will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this article, the application we're adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
-
-## Create and assign a role entry in the database
-
-1. On MDT01, using Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration** and then expand **Database**.
-
-2. In the **Database** node, right-click **Role**, select **New**, and create a role entry with the following settings:
-
- 1. Role name: Standard PC
- 2. Applications / Lite Touch Applications:
- 3. Install - Adobe Reader XI - x86
-
-
-
-Figure 12. The Standard PC role with the application added
-
-## Associate the role with a computer in the database
-
-After creating the role, you can associate it with one or more computer entries.
-
-1. Using Deployment Workbench, expand **MDT Production**, expand **Advanced Configuration**, expand **Database**, and select **Computers**.
-
-2. In the **Computers** node, double-click the **PC00075** entry, and add the following setting:
- - Roles: Standard PC
-
-
-
-Figure 13. The Standard PC role added to PC00075 (having ID 1 in the database).
-
-## Verify database access in the MDT simulation environment
-
-When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications aren't installed, but you can see which applications would be installed if you did a full deployment of the computer.
-
-1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
-
-2. Modify the C:\\MDT\\CustomSettings.ini file to look like below:
-
- ```ini
- [Settings]
- Priority=CSettings, CRoles, RApplications, Default
- [Default]
- _SMSTSORGNAME=Contoso
- OSInstall=Y
- UserDataLocation=AUTO
- TimeZoneName=Pacific Standard Time
- AdminPassword=P@ssw0rd
- JoinDomain=contoso.com
- DomainAdmin=CONTOSO\MDT_JD
- DomainAdminPassword=P@ssw0rd
- MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
- SLShare=\\MDT01\Logs$
- ScanStateArgs=/ue:*\* /ui:CONTOSO\*
- USMTMigFiles001=MigApp.xml
- USMTMigFiles002=MigUser.xml
- HideShell=YES
- ApplyGPOPack=NO
- SkipAppsOnUpgrade=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=NO
- SkipDomainMembership=YES
- SkipUserData=NO
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=NO
- SkipBitLocker=YES
- SkipSummary=YES
- SkipCapture=YES
- SkipFinalSummary=NO
- EventService=http://MDT01:9800
- [CSettings]
- SQLServer=MDT01
- Instance=SQLEXPRESS
- Database=MDT
- Netlib=DBNMPNTW
- SQLShare=Logs$
- Table=ComputerSettings
- Parameters=UUID, AssetTag, SerialNumber, MacAddress
- ParameterCondition=OR
- [CRoles]
- SQLServer=MDT01
- Instance=SQLEXPRESS
- Database=MDT
- Netlib=DBNMPNTW
- SQLShare=Logs$
- Table=ComputerRoles
- Parameters=UUID, AssetTag, SerialNumber, MacAddress
- ParameterCondition=OR
- [RApplications]
- SQLServer=MDT01
- Instance=SQLEXPRESS
- Database=MDT
- Netlib=DBNMPNTW
- SQLShare=Logs$
- Table=RoleApplications
- Parameters=Role
- Order=Sequence
- ```
-
-3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-
- ```powershell
- Set-Location C:\MDT
- .\Gather.ps1
-
- ```
-
-
-
-Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe Reader XI application that would have been installed if you deployed this machine.
-
-## Related articles
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
deleted file mode 100644
index dbfe7666fd..0000000000
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ /dev/null
@@ -1,304 +0,0 @@
----
-title: Build a distributed environment for Windows 10 deployment (Windows 10)
-description: In this article, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Build a distributed environment for Windows 10 deployment
-
-**Applies to:**
-
-- Windows 10
-
-Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
-
-Four computers are used in this article: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
-
-For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-
-
-
-Computers used in this article.
-
-> [!NOTE]
-> HV01 is also used in this topic to host the PC0006 virtual machine.
-
-## Replicate deployment shares
-
-Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content.
-
-> [!NOTE]
-> Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target.
-
-### Linked deployment shares in MDT
-
-LDS is a built-in feature in MDT for replicating content. However, LDS works best with strong connections such as LAN connections with low latency. For most WAN links, DFS-R is the better option.
-
-### Why DFS-R is a better option
-
-DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your main deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
-
-## Set up Distributed File System Replication (DFS-R) for replication
-
-Setting up DFS-R for replication is a quick and straightforward process: Prepare the deployment servers, create a replication group, then configure some replication settings.
-
-### Prepare MDT01 for replication
-
-On **MDT01**:
-
-1. Install the DFS Replication role on MDT01 by entering the following at an elevated Windows PowerShell prompt:
-
- ```powershell
- Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
- ```
-
-2. Wait for installation to complete, and then verify that the installation was successful. See the following output:
-
-```output
-PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
-
-Success Restart Needed Exit Code Feature Result
-------- -------------- --------- --------------
-True No Success {DFS Replication, DFS Management Tools, Fi...
-```
-
-### Prepare MDT02 for replication
-
-On **MDT02**:
-
-1. Perform the same procedure on MDT02 by entering the following at an elevated Windows PowerShell prompt:
-
- ```powershell
- Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
- ```
-
-2. Wait for installation to complete, and then verify that the installation was successful. See the following output:
-
-```output
-PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
-
-Success Restart Needed Exit Code Feature Result
-------- -------------- --------- --------------
-True No Success {DFS Replication, DFS Management Tools, Fi...
-```
-
-### Create the MDTProduction folder on MDT02
-
-On **MDT02**:
-
-1. Create and share the **D:\\MDTProduction** folder using default permissions by entering the following at an elevated command prompt:
-
- ```powershell
- mkdir d:\MDTProduction
- New-SmbShare -Name "MDTProduction$" -Path "D:\MDTProduction"
- ```
-
-2. You should see the following output:
-
- ```output
- C:\> New-SmbShare -Name "MDTProduction$" -Path "D:\MDTProduction"
-
- Name ScopeName Path Description
- ---- --------- ---- -----------
- MDTProduction$ * D:\MDTProduction
- ```
-
-### Configure the deployment share
-
-When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT that can be done by using the **DefaultGateway** property.
-
-On **MDT01**:
-
-1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the `Boostrap.ini` file as follows. Under `[DefaultGateway]` enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (that is, server) to use.
-
- ```ini
- [Settings]
- Priority=DefaultGateway, Default
-
- [DefaultGateway]
- 10.10.10.1=NewYork
- 10.10.20.1=Stockholm
-
- [NewYork]
- DeployRoot=\\MDT01\MDTProduction$
-
- [Stockholm]
- DeployRoot=\\MDT02\MDTProduction$
-
- [Default]
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-
- > [!NOTE]
- > The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
-
-2. Save the `Bootstrap.ini` file.
-
-3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. Use the default settings for the Update Deployment Share Wizard. This process will take a few minutes.
-
-4. After the update is complete, use the Windows Deployment Services console on MDT01. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**.
-
-5. Browse and select the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings.
-
- 
-
- Replacing the updated boot image in WDS.
-
- > [!TIP]
- > If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
-
-## Replicate the content
-
-Once the MDT01 and MDT02 servers are prepared, you're ready to configure the actual replication.
-
-### Create the replication group
-
-1. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and select **New Replication Group**.
-
-2. On the **Replication Group Type** page, select **Multipurpose replication group**, and select **Next**.
-
-3. On the **Name and Domain** page, assign the **MDTProduction** name, and select **Next**.
-
-4. On the **Replication Group Members** page, select **Add**, add **MDT01** and **MDT02**, and then select **Next**.
-
- 
-
- Adding the Replication Group Members.
-
-5. On the **Topology Selection** page, select the **Full mesh** option and select **Next**.
-
-6. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and select **Next**.
-
-7. On the **Primary Member** page, select **MDT01** and select **Next**.
-
-8. On the **Folders to Replicate** page, select **Add**, enter **D:\\MDTProduction** as the folder to replicate, select **OK**, and then select **Next**.
-
-9. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and select **Edit**.
-
-10. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, select **OK**, and then select **Next**.
-
-11. On the **Review Settings and Create Replication Group** page, select **Create**.
-
-12. On the **Confirmation** page, select **Close**.
-
-### Configure replicated folders
-
-1. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
-
-2. In the middle pane, right-click the **MDT01** member and select **Properties**.
-
-3. On the **MDT01 (MDTProduction) Properties** page, configure the following and then select **OK**:
-
- 1. In the **Staging** tab, set the quota to **20480 MB**.
-
- 2. In the **Advanced** tab, set the quota to **8192 MB**.
-
- In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Below is a Windows PowerShell example that calculates the size of the 16 largest files in the D:\\MDTProduction deployment share:
-
- ```powershell
- (Get-ChildItem D:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
- ```
-
-4. In the middle pane, right-click the **MDT02** member and select **Properties**.
-
-5. On the **MDT02 (MDTProduction) Properties** page, configure the following and then select **OK**:
- 1. In the **Staging** tab, set the quota to **20480 MB**.
-
- 2. In the **Advanced** tab, set the quota to **8192 MB**.
-
- > [!NOTE]
- > It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly.
-
-6. Verify that MDT01 and MDT02 are members of the MDTProduction replication group, with MDT01 being primary as follows using an elevated command prompt:
-
- ```cmd
- C:\> dfsradmin membership list /rgname:MDTProduction /attr:MemName,IsPrimary
- MemName IsPrimary
- MDT01 Yes
- MDT02 No
- ```
-
-### Verify replication
-
-On **MDT02**:
-
-1. Wait until you start to see content appear in the **D:\\MDTProduction** folder.
-
-2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
-
-3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and select **Next**.
-
-4. On the **Path and Name** page, accept the default settings and select **Next**.
-
-5. On the **Members to Include** page, accept the default settings and select **Next**.
-
-6. On the **Options** page, accept the default settings and select **Next**.
-
-7. On the **Review Settings and Create Report** page, select **Create**.
-
-8. Open the report in Internet Explorer, and if necessary, select the **Allow blocked content** option.
-
- 
- The DFS Replication Health Report.
-
- > [!NOTE]
- > If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
-
-## Configure Windows Deployment Services (WDS) in a remote site
-
-Like you did in the previous article for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
-
-1. On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
-
-2. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
-
-## Deploy a Windows 10 client to the remote site
-
-Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure.
-
-> [!NOTE]
-> For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the `Boostrap.ini` file.
-
-1. Create a virtual machine with the following settings:
-
- 1. **Name**: PC0006
- 2. **Location**: C:\\VMs
- 3. **Generation**: 2
- 4. **Memory**: 2048 MB
- 5. **Hard disk**: 60 GB (dynamic disk)
- 6. Install an operating system from a network-based installation server
-
-2. Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
-
-3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
-
- 1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
- 2. Computer Name: PC0006
- 3. Applications: Select the Install - Adobe Reader
-
-4. Setup will now start and perform the following steps:
-
- 1. Install the Windows 10 Enterprise operating system.
- 2. Install applications.
- 3. Update the operating system using your local Windows Server Update Services (WSUS) server.
-
-
-
-## Related articles
-
-- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-- [Configure MDT settings](configure-mdt-settings.md)
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
deleted file mode 100644
index 36f7e1544c..0000000000
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: Configure MDT deployment share rules (Windows 10)
-description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Configure MDT deployment share rules
-
-In this article, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
-
-## Assign settings
-
-When using MDT, you can assign setting in three distinct ways:
-
-- You can pre-stage the information before deployment.
-- You can prompt the user or technician for information.
-- You can have MDT generate the settings automatically.
-
-In order to illustrate these three options, let's look at some sample configurations.
-
-## Sample configurations
-
-Before adding the more advanced components like scripts, databases, and web services, consider the commonly used configurations below; they demonstrate the power of the rules engine.
-
-### Set computer name by MAC Address
-
-If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. When you have many machines, it makes sense to use the database instead.
-
-```ini
-[Settings]
-Priority=MacAddress, Default
-[Default]
-OSInstall=YES
-[00:15:5D:85:6B:00]
-OSDComputerName=PC00075
-```
-
-In the preceding sample, you set the PC00075 computer name for a machine with a MAC Address of 00:15:5D:85:6B:00.
-
-### Set computer name by serial number
-
-Another way to assign a computer name is to identify the machine via its serial number.
-
-```ini
-[Settings]
-Priority=SerialNumber, Default
-[Default]
-OSInstall=YES
-[CND0370RJ7]
-OSDComputerName=PC00075
-```
-
-In this sample, you set the PC00075 computer name for a machine with a serial number of CND0370RJ7.
-
-### Generate a computer name based on a serial number
-
-You also can configure the rules engine to use a known property, like a serial number, to generate a computer name on the fly.
-
-```ini
-[Settings]
-Priority=Default
-[Default]
-OSInstall=YES
-OSDComputerName=PC-%SerialNumber%
-```
-
-In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7.
-
-> [!NOTE]
-> Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
-
-### Generate a limited computer name based on a serial number
-
-To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
-
-```ini
-[Settings]
-Priority=Default
-[Default]
-OSInstall=YES
-OSDComputerName=PC-#Left("%SerialNumber%",12)#
-```
-
-In the preceding sample, you still configure the rules to set the computer name to a prefix (PC-) followed by the serial number. However, by adding the Left VBScript function, you configure the rule to use only the first 12 serial-number characters for the name.
-
-### Add laptops to a different organizational unit (OU) in Active Directory
-
-In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you're deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType isn't a reserved word; rather, it's the name of the section to read.
-
-```ini
-[Settings]
-Priority=ByLaptopType, Default
-[Default]
-MachineObjectOU=OU=Workstations,OU=Contoso,DC=contoso,DC=com
-[ByLaptopType]
-Subsection=Laptop-%IsLaptop%
-[Laptop-True]
-MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com
-```
-
-## Related articles
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
deleted file mode 100644
index 443854bdd5..0000000000
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Configure MDT for UserExit scripts (Windows 10)
-description: In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Configure MDT for UserExit scripts
-
-In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
-
-## Configure the rules to call a UserExit script
-
-You can call a UserExit by referencing the script in your rules. Then you can configure a property to be set to the result of a function of the VBScript. In this example, we have a VBScript named Setname.vbs (provided in the book sample files, in the UserExit folder).
-
-```ini
-[Settings]
-Priority=Default
-[Default]
-OSINSTALL=YES
-UserExit=Setname.vbs
-OSDComputerName=#SetName("%MACADDRESS%")#
-```
-
-The UserExit=Setname.vbs calls the script and then assigns the computer name to what the SetName function in the script returns. In this sample, the %MACADDRESS% variable is passed to the script
-
-## The Setname.vbs UserExit script
-
-The Setname.vbs script takes the MAC Address passed from the rules. The script then does some string manipulation to add a prefix (PC) and remove the semicolons from the MAC Address.
-
-```vb
-Function UserExit(sType, sWhen, sDetail, bSkip)
- UserExit = Success
-End Function
-Function SetName(sMac)
- Dim re
- Set re = new RegExp
- re.IgnoreCase = true
- re.Global = true
- re.Pattern = ":"
- SetName = "PC" & re.Replace(sMac, "")
-End Function
-```
-
-The first three lines of the script make up a header that all UserExit scripts have. The interesting part is the lines between Function and End Function. Those lines add a prefix (PC), remove the colons from the MAC Address, and return the value to the rules by setting the SetName value.
-
-> [!NOTE]
-> The purpose of this sample isn't to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
-
-## Related articles
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
deleted file mode 100644
index 167059f1e7..0000000000
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Configure MDT settings (Windows 10)
-description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Configure MDT settings
-
-One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this article, you learn about configuring customizations for your environment.
-For the purposes of this article, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
-
-
-
-The computers used in this article.
-
-## In this section
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
-
-## Related articles
-
-- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
deleted file mode 100644
index 7100f080ec..0000000000
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ /dev/null
@@ -1,775 +0,0 @@
----
-title: Create a Windows 10 reference image (Windows 10)
-description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Create a Windows 10 reference image
-
-**Applies to:**
-
-- Windows 10
-
-Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this article, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this article, you 'll have a Windows 10 reference image that can be used in your deployment solution.
-
-> [!NOTE]
-> For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-
-For the purposes of this article, we'll use three computers: DC01, MDT01, and HV01.
-
-- DC01 is a domain controller for the contoso.com domain.
-- MDT01 is a contoso.com domain member server.
-- HV01 is a Hyper-V server that will be used to build the reference image.
-
- 
- Computers used in this article.
-
-## The reference image
-
-The reference image described in this guide is designed primarily for deployment to physical devices. However, the reference image is typically created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are:
-
-- To reduce development time and can use snapshots to test different configurations quickly.
-- To rule out hardware issues. You get the best possible image, and if you've a problem, it's not likely to be hardware related.
-- To ensure that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
-- The image is easy to move between lab, test, and production.
-
-## Set up the MDT build lab deployment share
-
-With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
-
-### Create the MDT build lab deployment share
-
-On **MDT01**:
-
-1. Sign in as **contoso\\administrator** using a password of **pass@word1** (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) article).
-
-2. Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
-
-3. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
-
-4. Use the following settings for the New Deployment Share Wizard:
-
- - Deployment share path: **D:\\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT Build Lab**
-
-5. Accept the default selections on the Options page and select **Next**.
-
-6. Review the Summary page, select **Next**, wait for the deployment share to be created, then select **Finish**.
-
-7. Verify that you can access the **\\\\MDT01\\MDTBuildLab$** share.
-
- 
- The Deployment Workbench with the MDT Build Lab deployment share.
-
-### Enable monitoring
-
-To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, select **Properties**, select the **Monitoring** tab, and select **Enable monitoring for this deployment share**. This step is optional.
-
-### Configure permissions for the deployment share
-
-In order to read files in the deployment share and write the reference image back to it, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTBuildLab** folder
-
-On **MDT01**:
-
-1. Ensure you're signed in as **contoso\\administrator**.
-
-2. Modify the NTFS permissions for the **D:\\MDTBuildLab** folder by running the following command in an elevated Windows PowerShell prompt:
-
- ```powershell
- icacls "D:\MDTBuildLab" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
- grant-smbshareaccess -Name MDTBuildLab$ -AccountName "Contoso\MDT_BA" -AccessRight Full -force
- ```
-
-## Add setup files
-
-This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
-
-### Add the Windows 10 installation files
-
-MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
-
-> [!NOTE]
-> Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
-
-### Add Windows 10 Enterprise x64 (full source)
-
-On **MDT01**:
-
-1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
-
- 
-
-2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Build Lab**.
-
-3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
-
-4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
-
- - Full set of source files
- - Source directory: (location of your source files)
- - Destination directory name: **W10EX64RTM**
-
-5. After adding the operating system, in the **Operating Systems** > **Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**. See the following example.
-
- 
-
-> [!NOTE]
-> Depending on the DVD you used, there might be multiple editions available. For the purposes of this guide, we are using the Windows 10 Enterprise image, but other images will also work.
-
-## Add applications
-
-Before you create an MDT task sequence, you need to add applications and scripts you wish to install to the MDT Build Lab share.
-
-On **MDT01**:
-
-First, create an MDT folder to store the Microsoft applications that will be installed:
-
-1. In the MDT Deployment Workbench, expand **Deployment Shares \\ MDT Build Lab \\ Applications**
-
-2. Right-click **Applications** and then select **New Folder**.
-
-3. Under **Folder name**, type **Microsoft**.
-
-4. Select **Next** twice, and then select **Finish**.
-
-The steps in this section use a strict naming standard for your MDT applications.
-
-- Use the **Install -** prefix for typical application installations that run a setup installer of some kind.
-- Use the **Configure -** prefix when an application configures a setting in the operating system.
-- You also add an **- x86**, **- x64**, or **- x86-x64** suffix to indicate the application's architecture (some applications have installers for both architectures).
-
-Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency.
-
-By storing configuration items as MDT applications, it's easy to move these objects between various solutions, or between test and production environments.
-
-In example sections, you 'll add the following applications:
-
-- Install - Microsoft Office 365 Pro Plus - x64
-- Install - Microsoft Visual C++ Redistributable 2019 - x86
-- Install - Microsoft Visual C++ Redistributable 2019 - x64
-
->The 64-bit version of Microsoft Office 365 Pro Plus is recommended unless you need legacy app support. For more information, see [Choose between the 64-bit or 32-bit version of Office](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261)
-
-Download links:
-
-- [Office Deployment Tool](https://www.microsoft.com/download/details.aspx?id=49117)
-- [Microsoft Visual C++ Redistributable 2019 - x86](https://aka.ms/vs/16/release/VC_redist.x86.exe)
-- [Microsoft Visual C++ Redistributable 2019 - x64](https://aka.ms/vs/16/release/VC_redist.x64.exe)
-
-Download all three items in this list to the D:\\Downloads folder on MDT01.
-
-> [!NOTE]
-> For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder, and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
-
-> [!NOTE]
-> All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
-
-### Create configuration file: Microsoft Office 365 Professional Plus x64
-
-1. After downloading the most current version of the Office Deployment tool from the Microsoft Download Center using the link provided above, run the self-extracting executable file and extract the files to **D:\\Downloads\\Office365**. The Office Deployment Tool (setup.exe) and several sample configuration.xml files will be extracted.
-
-2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Microsoft 365 Apps for enterprise that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
-
- For example, you can use the following configuration.xml file, which provides these configuration settings:
- - Install the 64-bit version of Microsoft 365 Apps for enterprise in English directly from the Office Content Delivery Network (CDN) on the internet.
- > [!NOTE]
- > 64-bit is now the default and recommended edition.
- - Use the General Availability Channel and get updates directly from the Office CDN on the internet.
- - Perform a silent installation. You won't see anything that shows the progress of the installation and you won't see any error messages.
-
- ```xml
-
- Expand to show PowerShell commands to partition an MBR disk
-
- ```powershell
- # The following command will set $Disk to all USB drives with >20 GB of storage
-
- $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-
- #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
- #
- # To skip the confirmation prompt, append -confirm:$False
- Clear-Disk -InputObject $Disk[0] -RemoveData
-
- # This command initializes a new MBR disk
- Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
-
- # This command creates a 350 MB system partition
- $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
-
- # This formats the volume with a FAT32 Filesystem
- # To skip the confirmation dialog, append -Confirm:$False
- Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
- -Partition $SystemPartition
-
- # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
- $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
- Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
- -Partition $OSPartition
-
- # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
- Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
- Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-
- # This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
- Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
- ```
-
-
- Expand to show example san_policy.xml file
-
- ```xml
-
-
- Expand to show example san_policy.xml file
-
- ```xml
-
-
- Expand this section to show PowerShell commands to run
-
- ```powershell
- # The following command will set $Disk to all USB drives with >20 GB of storage
-
- $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-
- #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
- #
- # To skip the confirmation prompt, append -confirm:$False
- Clear-Disk -InputObject $Disk[0] -RemoveData
-
- # This command initializes a new MBR disk
- Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
-
- # This command creates a 350 MB system partition
- $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
-
- # This formats the volume with a FAT32 Filesystem
- # To skip the confirmation dialog, append -Confirm:$False
- Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
- -Partition $SystemPartition
-
- # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
- $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
- Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
- -Partition $OSPartition
-
- # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
- Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
- Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-
- # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
- Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
- ```
-
-
- Expand this section to show example unattend.xml file
-
- ```xml
-
-
- Expand this section to show PowerShell commands to run
-
- ```powershell
- # The following command will set $Disk to all USB drives with >20 GB of storage
-
- $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-
- #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
- #
- # To skip the confirmation prompt, append -confirm:$False
- Clear-Disk -InputObject $Disk[0] -RemoveData
-
- # This command initializes a new MBR disk
- Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
-
- # This command creates a 350 MB system partition
- $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
-
- # This formats the volume with a FAT32 Filesystem
- # To skip the confirmation dialog, append -Confirm:$False
- Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
- -Partition $SystemPartition
-
- # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
- $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
- Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
- -Partition $OSPartition
-
- # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
- Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
- Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-
- # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
- Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
- ```
-
-
-Expand this section to view Windows To Go multiple drive provisioning sample script
-
-```powershell
-<#
-.SYNOPSIS
-Windows To Go multiple drive provisioning sample script.
-
-.DESCRIPTION
-This sample script will provision one or more Windows To Go drives, configure offline domain join (using random machine names) and provides an option for BitLocker encryption. To provide a seamless first boot experience, an unattend file is created that will set the first run (OOBE) settings to defaults. To improve performance of the script, copy your install image to a local location on the computer used for provisioning the drives.
-
-.EXAMPLE
-.\WTG_MultiProvision.ps1 -InstallWIMPath c:\companyImages\amd64_enterprise.wim
-provision drives connected to your machine with the provided image.
-#>
-param (
- [parameter(Mandatory=$true)]
- [string]
-#Path to install wim. If you have the full path to the wim or want to use a local file.
- $InstallWIMPath,
-
- [string]
-#Domain to which to join the Windows To Go workspaces.
- $DomainName
-)
-
-
-<#
- In order to set BitLocker Group Policies for our offline WTG image we need to create a Registry.pol file
- in the System32\GroupPolicy folder. This file requires binary editing, which is not possible in PowerShell
- directly so we have some C# code that we can use to add a type in our PowerShell instance that will write
- the data for us.
-#>
-$Source = @"
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Text;
-
-namespace MS.PolicyFileEditor
-{
- //The PolicyEntry represents the DWORD Registry Key/Value/Data entry that will
- //be written into the file.
- public class PolicyEntry
- {
- private List
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-
-
-
-
-
-
-
-
-
diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md
index 64ed4fae58..853283a0cc 100644
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ b/windows/deployment/planning/compatibility-administrator-users-guide.md
@@ -3,10 +3,10 @@ title: Compatibility Administrator User's Guide (Windows 10)
manager: aaroncz
ms.author: frankroj
description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows.
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
index 49fca85218..dd2905355f 100644
--- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
+++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
@@ -3,11 +3,11 @@ title: Compatibility Fix Database Management Strategies and Deployment (Windows
manager: aaroncz
ms.author: frankroj
description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database.
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Compatibility Fix Database Management Strategies and Deployment
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index 79207612a8..e37a77e25a 100644
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -1,25 +1,25 @@
---
title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista
-description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10.
+description: Find released compatibility fixes for all Windows operating systems from Windows Vista through Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions.
@@ -28,131 +28,128 @@ You can fix some compatibility issues that are due to the changes made between W
If you start the Compatibility Administrator as an Administrator (with elevated privileges), all repaired applications can run successfully; however, virtualization and redirection might not occur as expected. To verify that a compatibility fix addresses an issue, you must test the repaired application by running it under the destination user account.
-
-
## Compatibility Fixes
-
-The following table lists the known compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. The fixes are listed in alphabetical order.
+The following table lists the known released compatibility fixes for all Windows operating systems from Windows Vista through Windows 10. The fixes are listed in alphabetical order.
|Fix|Fix Description|
|--- |--- |
-|8And16BitAggregateBlts|Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance.|
-|8And16BitDXMaxWinMode|Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode.|
+|8And16BitAggregateBlts|8/16-bit mitigation can cause performance issues in applications. This layer aggregates all the blt operations and improves performance.|
+|8And16BitDXMaxWinMode|The 8/16-bit mitigation runs applications that use DX8/9 in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode.|
|8And16BitGDIRedraw|This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette.|
|AccelGdipFlush|This fix increases the speed of GdipFlush, which has perf issues in DWM.|
|AoaMp4Converter|This fix resolves a display issue for the AoA Mp4 Converter.|
-|BIOSRead|This problem is indicated when an application cannot access the **Device\PhysicalMemory** object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.
Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64 bits long.
Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI.
`MAJORVERSION.MINORVERSION.LETTER`
For example, NtLmSsp\WMI.
`MAJORVERSION.MINORVERSION.LETTER`
fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message.
Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.
Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.
Desktop or Quick Launch shortcuts: You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.
Desktop or Quick Launch shortcuts: You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.
Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application.
Where MessageString1 and MessageString2 reflect the message strings that can pass.
Where MessageString1 and MessageString2 reflect the message strings that can pass.
For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](/previous-versions/windows/it-pro/windows-7/dd638327(v=ws.10)).|
-|VirtualizeRegisterTypeLib|The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.
For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](/previous-versions/windows/it-pro/windows-7/dd638327(v=ws.10)).|
+|VirtualizeRegisterTypeLib|The fix when used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This fix functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.
Where Component1.dll and Component2.dll reflect the components to be skipped.
Where Component1.dll and Component2.dll reflect the components to be skipped.
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)|
-|Marvell|Libertas 802.11b/g Wireless|pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)|
-|Qualcomm|Atheros AR6004 Wireless LAN Adapter|sd\vid_0271&pid_0401|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)
64-bit driver not available|
-|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_20031a56|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)
64-bit driver not available|
-|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_020a1028&rev_01|Contact the system OEM or Qualcom for driver availability.|
-|Qualcomm|Atheros AR5005G Wireless Network Adapter|pci\ven_168c&dev_001a&subsys_04181468&rev_01|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
index a6299026c3..e37786a9a6 100644
--- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index a39866b132..7155581ea8 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Fixing Applications by Using the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Fixing Applications by Using the SUA Tool
diff --git a/windows/deployment/planning/images/wtg-first-boot-home.gif b/windows/deployment/planning/images/wtg-first-boot-home.gif
deleted file mode 100644
index 46cd605a2e..0000000000
Binary files a/windows/deployment/planning/images/wtg-first-boot-home.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-first-boot-work.gif b/windows/deployment/planning/images/wtg-first-boot-work.gif
deleted file mode 100644
index c1a9a9d31d..0000000000
Binary files a/windows/deployment/planning/images/wtg-first-boot-work.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-gpt-uefi.gif b/windows/deployment/planning/images/wtg-gpt-uefi.gif
deleted file mode 100644
index 2ff2079a3c..0000000000
Binary files a/windows/deployment/planning/images/wtg-gpt-uefi.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-image-deployment.gif b/windows/deployment/planning/images/wtg-image-deployment.gif
deleted file mode 100644
index d622911f3e..0000000000
Binary files a/windows/deployment/planning/images/wtg-image-deployment.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-mbr-bios.gif b/windows/deployment/planning/images/wtg-mbr-bios.gif
deleted file mode 100644
index b93796944a..0000000000
Binary files a/windows/deployment/planning/images/wtg-mbr-bios.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif b/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif
deleted file mode 100644
index f21592c310..0000000000
Binary files a/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-startup-options.gif b/windows/deployment/planning/images/wtg-startup-options.gif
deleted file mode 100644
index 302da78ea6..0000000000
Binary files a/windows/deployment/planning/images/wtg-startup-options.gif and /dev/null differ
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index 2cf46ee778..a50feb249b 100644
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Install/Uninstall Custom Databases (Windows 10)
description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 9c90b3ca24..69b7bd6cd3 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -3,11 +3,11 @@ title: Managing Application-Compatibility Fixes and Custom Fix Databases (Window
description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Managing Application-Compatibility Fixes and Custom Fix Databases
diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
deleted file mode 100644
index 5f5b94be3f..0000000000
--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: Prepare your organization for Windows To Go (Windows 10)
-description: Though Windows To Go is no longer being developed, you can find info here about the what, why, and when of deployment.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Prepare your organization for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the "what", "why", and "when" questions an IT professional might have when planning to deploy Windows To Go.
-
-## What is Windows To Go?
-
-Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. A Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
-
-Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are:
-
-- USB boot capable
-- Have USB boot enabled in the firmware
-- Meet Windows 7 minimum system requirements
-- Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM isn't a supported processor for Windows To Go.
-- Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace
-
-Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
-
-The following articles will familiarize you with how you can use a Windows To Go workspace. They also give you an overview of some of the things you should consider in your design.
-
-## Usage scenarios
-
-
-The following scenarios are examples of situations in which Windows To Go workspaces provide a solution for an IT implementer:
-
-- **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection, or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
-
-- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker. Then they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive. And run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
-
-- **Managed free seating.** The employee is issued a Windows To Go drive. This drive is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return, they use the same USB flash drive but use a different host computer.
-
-- **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work. This boot caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
-
-- **Travel lightly.** In this situation, you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
-
-> [!NOTE]
-> If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object isn't potentially deleted from Active Directory Domain Services (AD DS).
-
- ## Infrastructure considerations
-
-Because Windows To Go requires no other software and minimal configuration, the same tools used to deploy images to other PCs can be used by an enterprise to install Windows To Go on a large group of USB devices. Moreover, because Windows To Go is compatible with connectivity and synchronization solutions already in use—such as Remote Desktop, DirectAccess and Folder Redirection—no other infrastructure or management is necessary for this deployment. A Windows To Go image can be created on a USB drive that is identical to the hard drive inside a desktop. However, you may wish to consider making some modifications to your infrastructure to help make management of Windows To Go drives easier and to be able to identify them as a distinct device group.
-
-## Activation considerations
-
-Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
-
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This method is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
-
-You should investigate other software manufacturer's licensing requirements to ensure they're compatible with roaming usage before deploying them to a Windows To Go workspace.
-
-> [!NOTE]
-> Using Multiple Activation Key (MAK) activation isn't a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
-
- For more information about these activation methods and how they can be used in your organization, see [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)).
-
-## Organizational unit structure and use of Group Policy Objects
-
-You may find it beneficial to create other Active Directory organizational unit (OU) structures to support your Windows To Go deployment: one for host computer accounts and one for Windows To Go workspace computer accounts. Creating an organizational unit for host computers allows you to enable the Windows To Go Startup Options using Group Policy for only the computers that will be used as Windows To Go hosts. Setting this policy helps to prevent computers from being accidentally configured to automatically boot from USB devices and allows closer monitoring and control of those computers that can boot from a USB device. The organizational unit for Windows To Go workspaces allows you to apply specific policy controls to them, such as the ability to use the Store application, power state controls, and line-of-business application installation.
-
-If you're deploying Windows To Go workspaces for a scenario in which they're not going to be roaming, but are instead being used on the same host computer, such as with temporary or contract employees, you might wish to enable hibernation or the Windows Store.
-
-For more information about Group Policy settings that can be used with Windows To Go, see [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-## Computer account management
-
-If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule, or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
-
-## User account and data management
-
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with, and to keep it accessible when the workspace isn't being used. For this reason, we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
-
-Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
-
-## Remote connectivity
-
-If you want Windows To Go to be able to connect back to organizational resources when it's being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
-
-## Related articles
-
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
index 826f2dfc4c..aa27616363 100644
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Searching for Fixed Applications in Compatibility Administrator (Windows
description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Searching for Fixed Applications in Compatibility Administrator
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 4c0f2e2689..847fb0731b 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Searching for Installed Compatibility Fixes with the Query Tool in Compat
description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
deleted file mode 100644
index b376163521..0000000000
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Security and data protection considerations for Windows To Go (Windows 10)
-description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 12/31/2017
----
-
-# Security and data protection considerations for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
-
-## Backup and restore
-
-When you don't save data on the Windows To Go drive, you don't need for a backup and restore solution for Windows To Go. If you're saving data on the drive and aren't using folder redirection and offline files, you should back up all of your data to a network location such as cloud storage or a network share, after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement.
-
-If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
-
-## BitLocker
-
-We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) can't be used by BitLocker to protect the drive. Instead, you'll be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
-
-You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
-
-> [!Tip]
-> If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
-
-When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
-
-## Disk discovery and data leakage
-
-We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive won't appear in Windows Explorer and an Auto-Play prompt won't be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
-
-To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - "4" to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)).
-
-## Security certifications for Windows To Go
-
-Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider's specific hardware environment. For more information about Windows security certifications, see the following articles.
-
-- [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria)
-
-- [FIPS 140 Evaluation](/windows/security/threat-protection/fips-140-validation)
-
-## Related articles
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-
-
-
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index 25850695fc..cb8a3ebc82 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Showing Messages Generated by the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Showing Messages Generated by the SUA Tool
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index 4f53104c76..47b4ffba5c 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -3,11 +3,11 @@ title: SUA User's Guide (Windows 10)
description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# SUA User's Guide
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index a2dff7087c..c6af910322 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -3,11 +3,11 @@ title: Tabs on the SUA Tool Interface (Windows 10)
description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Tabs on the SUA Tool Interface
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
index b2ff9f8850..481d2ce883 100644
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md
@@ -3,11 +3,11 @@ title: Testing Your Application Mitigation Packages (Windows 10)
description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Testing Your Application Mitigation Packages
diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
index ee6976fca5..7327ff75b9 100644
--- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
+++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
@@ -3,10 +3,10 @@ title: Understanding and Using Compatibility Fixes (Windows 10)
description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index cb156708b7..d3c2f77b38 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -3,11 +3,11 @@ title: Using the Compatibility Administrator Tool (Windows 10)
description: This section provides information about using the Compatibility Administrator tool.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the Compatibility Administrator Tool
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index f6e1a6fbee..2ae090b3f3 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -3,11 +3,11 @@ title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the Sdbinst.exe Command-Line Tool
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
index 5b72bfbc4b..043d002305 100644
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ b/windows/deployment/planning/using-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Using the SUA Tool (Windows 10)
description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the SUA Tool
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
index ce121c5440..8f7ed9170b 100644
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ b/windows/deployment/planning/using-the-sua-wizard.md
@@ -3,11 +3,11 @@ title: Using the SUA wizard (Windows 10)
description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the SUA wizard
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
index 44cf622430..38b8b8cf10 100644
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
index e444794da2..83227970dd 100644
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ b/windows/deployment/planning/windows-10-compatibility.md
@@ -3,11 +3,11 @@ title: Windows 10 compatibility (Windows 10)
description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index b3911601ff..434b7da17f 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -3,11 +3,11 @@ title: Windows 10 deployment considerations (Windows 10)
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
index 853855b43b..6728d4c2ee 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@@ -3,13 +3,13 @@ metadata:
title: Windows 10 Enterprise FAQ for IT pros (Windows 10)
description: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage updates, Windows as a service, servicing channels, deployment tools
- ms.prod: windows-client
- ms.technology: itpro-deploy
+ ms.service: windows-client
+ ms.subservice: itpro-deploy
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
ms.date: 10/28/2022
- ms.reviewer:
+ ms.reviewer:
author: frankroj
ms.author: frankroj
manager: aaroncz
@@ -26,17 +26,17 @@ sections:
Where can I download Windows 10 Enterprise?
answer: |
If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you don't have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/Licensing/how-to-buy/how-to-buy.aspx).
-
+
- question: |
What are the system requirements?
answer: |
- For details, see [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752).
-
+ For details, see [Windows 10 Enterprise system requirements](https://www.microsoft.com/windows/Windows-10-specifications#areaheading-uid09f4).
+
- question: |
What are the hardware requirements for Windows 10?
answer: |
Most computers that are compatible with Windows 8.1 will be compatible with Windows 10. You may need to install updated drivers in Windows 10 for your devices to properly function. For more information, see [Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications).
-
+
- question: |
Can I evaluate Windows 10 Enterprise?
answer: |
@@ -55,17 +55,17 @@ sections:
- [Dell driver packs for enterprise client OS deployment](https://www.dell.com/support/kbdoc/en-us/000124139/dell-command-deploy-driver-packs-for-enterprise-client-os-deployment)
- [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/solutions/ht074984)
- [Panasonic Driver Pack for Enterprise](https://pc-dl.panasonic.co.jp/itn/drivers/driver_packages.html)
-
+
- question: |
Where can I find out if an application or device is compatible with Windows 10?
answer: |
Many existing Win32 and Win64 applications already run reliably on Windows 10 without any changes. You can also expect strong compatibility and support for Web apps and devices.
-
+
- question: |
Is there an easy way to assess if my organization's devices are ready to upgrade to Windows 10?
answer: |
[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without other infrastructure requirements. This service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects.
-
+
- name: Administration and deployment
questions:
- question: |
@@ -78,36 +78,36 @@ sections:
- [MDT](/mem/configmgr/mdt) is a collection of tools, processes, and guidance for automating desktop and server deployment.
- The [Windows ADK](/windows-hardware/get-started/adk-install) has tools that allow you to customize Windows images for large-scale deployment, and test system quality and performance. You can download the latest version of the Windows ADK for Windows 10 from the Hardware Dev Center.
-
+
- question: |
Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
answer: |
Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
-
+
- question: |
Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
answer: |
If you have Windows 7 Enterprise or Windows 8.1 Enterprise and current Windows 10 Enterprise E3 or E5 subscription, you're entitled to the upgrade to Windows 10 Enterprise through the rights of Software Assurance. You can find your product keys and installation media at the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-
+
For devices that are licensed under a volume license agreement for Windows that doesn't include Software Assurance, new licenses will be required to upgrade these devices to Windows 10.
-
+
- name: Managing updates
questions:
- question: |
What is Windows as a service?
answer: |
The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. For more information, see [Overview of Windows as a service](../update/waas-overview.md).
-
+
- question: |
How is servicing different with Windows as a service?
answer: |
Traditional Windows servicing has included several release types: major revisions (for example, Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality two to three times per year, and quality updates that provide security and reliability fixes at least once a month.
-
+
- question: |
What are the servicing channels?
answer: |
- To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: General Availability Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels).
-
+ To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: General Availability Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels).
+
- question: |
What tools can I use to manage Windows as a service updates?
answer: |
@@ -116,25 +116,25 @@ sections:
- Windows Update for Business
- Windows Server Update Services
- Microsoft Configuration Manager
-
+
For more information, see [Servicing Tools](../update/waas-overview.md#servicing-tools).
-
+
- name: User experience
questions:
- question: |
Where can I find information about new features and changes in Windows 10 Enterprise?
answer: |
For an overview of the new enterprise features in Windows 10 Enterprise, see [What's new in Windows 10](/windows/whats-new/) and [What's new in Windows 10, version 1703](/windows/whats-new/whats-new-windows-10-version-1703) in the Docs library.
-
+
Another place to track the latest information about new features of interest to IT professionals is the [Windows for IT Pros blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog). Here you'll find announcements of new features, information on updates to the Windows servicing model, and details about the latest resources to help you more easily deploy and manage Windows 10.
-
+
To find out which version of Windows 10 is right for your organization, you can also [compare Windows editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
+
- question: |
How will people in my organization adjust to using Windows 10 Enterprise after upgrading from Windows 7 or Windows 8.1?
answer: |
Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1.
-
+
- question: |
How does Windows 10 help people work with applications and data across various devices?
answer: |
@@ -143,13 +143,13 @@ sections:
- Universal apps now open in windows instead of full screen.
- [Multitasking is improved with adjustable Snap](https://blogs.windows.com/windows-insider/2015/06/04/arrange-your-windows-in-a-snap/), which allows you to have more than two windows side-by-side on the same screen and to customize how those windows are arranged.
- Tablet Mode to simplify using Windows with a finger or pen by using touch input.
-
+
- name: Help and support
questions:
- question: |
Where can I ask a question about Windows 10?
answer: |
Use the following resources for additional information about Windows 10.
- - If you're an IT professional or if you have a question about administering, managing, or deploying Windows 10 in your organization or business, visit the [Windows 10 IT Professional forums](https://social.technet.microsoft.com/forums/home?category=windows10itpro) on TechNet.
- - If you're an end user or if you have a question about using Windows 10, visit the [Windows 10 forums on Microsoft Community](https://answers.microsoft.com/windows/forum).
- - If you're a developer or if you have a question about making apps for Windows 10, visit the [Windows Desktop Development forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsdesktopdev).
+ - [Microsoft Q&A](/answers/)
+ - [Microsoft Support Community](https://answers.microsoft.com/)
+
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
index 7341f4b302..06a835b0ba 100644
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md
@@ -3,11 +3,11 @@ title: Windows 10 infrastructure requirements (Windows 10)
description: Review the infrastructure requirements for deployment and management of Windows 10, prior to significant Windows 10 deployments within your organization.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
deleted file mode 100644
index 4907345be4..0000000000
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
+++ /dev/null
@@ -1,455 +0,0 @@
-### YamlMime:FAQ
-metadata:
- title: Windows To Go frequently asked questions (Windows 10)
- description: Though Windows To Go is no longer being developed, these frequently asked questions (FAQ) can provide answers about the feature.
- ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e
- ms.reviewer:
- author: frankroj
- ms.author: frankroj
- manager: aaroncz
- keywords: FAQ, mobile, device, USB
- ms.prod: windows-client
- ms.technology: itpro-deploy
- ms.mktglfcycl: deploy
- ms.pagetype: mobility
- ms.sitesec: library
- audience: itpro
- ms.topic: faq
- ms.date: 10/28/2022
-title: 'Windows To Go: frequently asked questions'
-summary: |
- **Applies to**
-
- - Windows 10
-
- > [!IMPORTANT]
- > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
- The following list identifies some commonly asked questions about Windows To Go.
-
- - [What is Windows To Go?](#what-is-windows-to-go-)
-
- - [Does Windows To Go rely on virtualization?](#does-windows-to-go-rely-on-virtualization-)
-
- - [Who should use Windows To Go?](#who-should-use-windows-to-go-)
-
- - [How can Windows To Go be deployed in an organization?](#how-can-windows-to-go-be-deployed-in-an-organization-)
-
- - [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#is-windows-to-go-supported-on-both-usb-2-0-and-usb-3-0-drives-)
-
- - [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#is-windows-to-go-supported-on-usb-2-0-and-usb-3-0-ports-)
-
- - [How do I identify a USB 3.0 port?](#how-do-i-identify-a-usb-3-0-port-)
-
- - [Does Windows To Go run faster on a USB 3.0 port?](#does-windows-to-go-run-faster-on-a-usb-3-0-port-)
-
- - [Can the user self-provision Windows To Go?](#can-the-user-self-provision-windows-to-go-)
-
- - [How can Windows To Go be managed in an organization?](#how-can-windows-to-go-be-managed-in-an-organization-)
-
- - [How do I make my computer boot from USB?](#how-do-i-make-my-computer-boot-from-usb-)
-
- - [Why isn't my computer booting from USB?](#why-isn-t-my-computer-booting-from-usb-)
-
- - [What happens if I remove my Windows To Go drive while it's running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-s-running-)
-
- - [Can I use BitLocker to protect my Windows To Go drive?](#can-i-use-bitlocker-to-protect-my-windows-to-go-drive-)
-
- - [Why can't I enable BitLocker from Windows To Go Creator?](#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
-
- - [What power states do Windows To Go support?](#what-power-states-does-windows-to-go-support-)
-
- - [Why is hibernation disabled in Windows To Go?](#why-is-hibernation-disabled-in-windows-to-go-)
-
- - [Does Windows To Go support crash dump analysis?](#does-windows-to-go-support-crash-dump-analysis-)
-
- - [Do "Windows To Go Startup Options" work with dual boot computers?](#do--windows-to-go-startup-options--work-with-dual-boot-computers-)
-
- - [I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not?](#i-plugged-my-windows-to-go-drive-into-a-running-computer-and-i-can-t-see-the-partitions-on-the-drive--why-not-)
-
- - [I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not?](#i-m-booted-into-windows-to-go--but-i-can-t-browse-to-the-internal-hard-drive-of-the-host-computer--why-not-)
-
- - [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#why-does-my-windows-to-go-drive-have-an-mbr-disk-format-with-a-fat32-system-partition-)
-
- - [Is Windows To Go secure if I use it on an untrusted machine?](#is-windows-to-go-secure-if-i-use-it-on-an-untrusted-computer-)
-
- - [Does Windows To Go work with ARM processors?](#does-windows-to-go-work-with-arm-processors-)
-
- - [Can I synchronize data from Windows To Go with my other computer?](#can-i-synchronize-data-from-windows-to-go-with-my-other-computer-)
-
- - [What size USB Flash Drive do I need to make a Windows To Go drive?](#what-size-usb-flash-drive-do-i-need-to-make-a-windows-to-go-drive-)
-
- - [Do I need to activate Windows To Go every time I roam?](#do-i-need-to-activate-windows-to-go-every-time-i-roam-)
-
- - [Can I use all Windows features on Windows To Go?](#can-i-use-all-windows-features-on-windows-to-go-)
-
- - [Can I use all my applications on Windows To Go?](#can-i-use-all-my-applications-on-windows-to-go-)
-
- - [Does Windows To Go work slower than standard Windows?](#does-windows-to-go-work-slower-than-standard-windows-)
-
- - [If I lose my Windows To Go drive, will my data be safe?](#if-i-lose-my-windows-to-go-drive--will-my-data-be-safe-)
-
- - [Can I boot Windows To Go on a Mac?](#can-i-boot-windows-to-go-on-a-mac-)
-
- - [Are there any APIs that allow applications to identify a Windows To Go workspace?](#are-there-any-apis-that-allow-applications-to-identify-a-windows-to-go-workspace-)
-
- - [How is Windows To Go licensed?](#how-is-windows-to-go-licensed-)
-
- - [Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive?](#does-windows-recovery-environment-work-with-windows-to-go--what-s-the-guidance-for-recovering-a-windows-to-go-drive-)
-
- - [Why won't Windows To Go work on a computer running Windows XP or Windows Vista?](#why-won-t-windows-to-go-work-on-a-computer-running-windows-xp-or-windows-vista-)
-
- - [Why does the operating system on the host computer matter?](#why-does-the-operating-system-on-the-host-computer-matter-)
-
- - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-)
-
- - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-it-doesn-t-have-a-drive-letter-assigned-and-how-can-i-fix-it-)
-
- - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-)
-
- - [How do I upgrade the operating system on my Windows To Go drive?](#how-do-i-upgrade-the-operating-system-on-my-windows-to-go-drive-)
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What is Windows To Go?
- answer: |
- Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
-
- - question: |
- Does Windows To Go rely on virtualization?
- answer: |
- No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
-
- - question: |
- Who should use Windows To Go?
- answer: |
- Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home.
-
- - question: |
- How can Windows To Go be deployed in an organization?
- answer: |
- Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are:
-
- - A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware)
-
- - A Windows 10 Enterprise or Windows 10 Education image
-
- - A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
-
- You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you're creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
-
- - question: |
- Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?
- answer: |
- No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go.
-
- - question: |
- Is Windows To Go supported on USB 2.0 and USB 3.0 ports?
- answer: |
- Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
-
- - question: |
- How do I identify a USB 3.0 port?
- answer: |
- USB 3.0 ports are usually marked blue or carry an SS marking on the side.
-
- - question: |
- Does Windows To Go run faster on a USB 3.0 port?
- answer: |
- Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace.
-
- - question: |
- Can the user self-provision Windows To Go?
- answer: |
- Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases include support for user self-provisioning of Windows To Go drives.
-
- - question: |
- How can Windows To Go be managed in an organization?
- answer: |
- Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
-
- - question: |
- How do I make my computer boot from USB?
- answer: |
- For host computers running Windows 10
-
- - Using Cortana, search for **Windows To Go startup options**, and then press Enter.
- - In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
-
- For host computers running Windows 8 or Windows 8.1:
-
- Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter.
-
- In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB.
-
- > [!NOTE]
- > Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization.
-
-
-
- If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually.
-
- To do this, early during boot time (usually when you see the manufacturer's logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer's site to be sure if you don't know which key to use to enter firmware setup.)
-
- After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first.
-
- Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis.
-
- For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
-
- **Warning**
- Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
-
-
-
- - question: |
- Why isn't my computer booting from USB?
- answer: |
- Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
-
- 1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device.
-
- 2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don't support booting from a device connected to a USB 3 PCI add-on card or external USB hubs.
-
- 3. If the computer isn't booting from a USB 3.0 port, try to boot from a USB 2.0 port.
-
- If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support.
-
- - question: |
- What happens if I remove my Windows To Go drive while it's running?
- answer: |
- If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive isn't reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds.
-
- **Warning**
- You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive.
-
-
-
- - question: |
- Can I use BitLocker to protect my Windows To Go drive?
- answer: |
- Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
-
- - question: |
- Why can't I enable BitLocker from Windows To Go Creator?
- answer: |
- Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three subfolders for fixed, operating system and removable data drive types.
-
- When you're using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation:
-
- 1. **Control use of BitLocker on removable drives**
-
- If this setting is disabled BitLocker can't be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive.
-
- 2. **Configure use of smart cards on removable data drives**
-
- If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you haven't already signed on using your smart card credentials before starting the Windows To Go Creator wizard.
-
- 3. **Configure use of passwords for removable data drives**
-
- If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection isn't available, the Windows To Go Creator wizard will fail to enable BitLocker.
-
- Additionally, the Windows To Go Creator will disable the BitLocker option if the drive doesn't have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go.
-
- - question: |
- What power states does Windows To Go support?
- answer: |
- Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace.
-
- - question: |
- Why is hibernation disabled in Windows To Go?
- answer: |
- When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you're confident that you'll only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc).
-
- - question: |
- Does Windows To Go support crash dump analysis?
- answer: |
- Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
-
- - question: |
- Do "Windows To Go Startup Options" work with dual boot computers?
- answer: |
- Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
-
- If you have configured a dual boot computer with a Windows operating system and another operating system, it might work occasionally and fail occasionally. Using this configuration is unsupported.
-
- - question: |
- I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not?
- answer: |
- Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That's why you can't see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter.
-
- **Warning**
- It's strongly recommended that you don't plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised.
-
-
-
- - question: |
- I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not?
- answer: |
- Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you're booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive.
-
- **Warning**
- It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefore user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-
-
- - question: |
- Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?
- answer: |
- This is done to allow Windows To Go to boot from UEFI and legacy systems.
-
- - question: |
- Is Windows To Go secure if I use it on an untrusted computer?
- answer: |
- While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive.
-
- - question: |
- Does Windows To Go work with ARM processors?
- answer: |
- No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
-
- - question: |
- Can I synchronize data from Windows To Go with my other computer?
- answer: |
- To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need.
-
- - question: |
- What size USB flash drive do I need to make a Windows To Go drive?
- answer: |
- The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size.
-
- - question: |
- Do I need to activate Windows To Go every time I roam?
- answer: |
- No, Windows To Go requires volume activation; either using the [Key Management Service](/previous-versions/tn-archive/ff793434(v=technet.10)) (KMS) server in your organization or using [Active Directory](/previous-versions/windows/hh852637(v=win.10)) based volume activation. The Windows To Go workspace won't need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or through a remote connection using DirectAccess or a virtual private network connection), once activated the machine won't need to be activated again until the activation validity interval has passed. In a KMS configuration, the activation validity interval is 180 days.
-
- - question: |
- Can I use all Windows features on Windows To Go?
- answer: |
- Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh.
-
- - question: |
- Can I use all my applications on Windows To Go?
- answer: |
- Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
-
- - question: |
- Does Windows To Go work slower than standard Windows?
- answer: |
- If you're using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you're booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds.
-
- - question: |
- If I lose my Windows To Go drive, will my data be safe?
- answer: |
- Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user won't be able to access your data without your password. If you don't enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive.
-
- - question: |
- Can I boot Windows To Go on a Mac?
- answer: |
- We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
-
- - question: |
- Are there any APIs that allow applications to identify a Windows To Go workspace?
- answer: |
- Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true, it means that the operating system was booted from an external USB device.
-
- Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
-
- For more information, see the MSDN article on the [Win32\_OperatingSystem class](/windows/win32/cimwin32prov/win32-operatingsystem).
-
- - question: |
- How is Windows To Go licensed?
- answer: |
- Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
-
- - question: |
- Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive?
- answer: |
- No, use of Windows Recovery Environment isn't supported on Windows To Go. It's recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should reprovision the workspace.
-
- - question: |
- Why won't Windows To Go work on a computer running Windows XP or Windows Vista?
- answer: |
- Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
-
- - question: |
- Why does the operating system on the host computer matter?
- answer: |
- It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
-
- - question: |
- My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
- answer: |
- The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
-
- You can reset the BitLocker system measurements to incorporate the new boot order using the following steps:
-
- 1. Sign in to the host computer using an account with administrator privileges.
-
- 2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**.
-
- 3. Click **Suspend Protection** for the operating system drive.
-
- A message is displayed, informing you that your data won't be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive.
-
- 4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
-
- 5. Restart the computer again and then sign in to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.)
-
- 6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**.
-
- 7. Click **Resume Protection** to re-enable BitLocker protection.
-
- The host computer will now be able to be booted from a USB drive without triggering recovery mode.
-
- > [!NOTE]
- > The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
-
-
-
- - question: |
- I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?
- answer: |
- Reformatting the drive erases the data on the drive, but doesn't reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps:
-
- 1. Open a command prompt with full administrator permissions.
-
- > [!NOTE]
- > If your user account is a member of the Administrators group, but isn't the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them.
-
-
-
- 2. Start the [diskpart](/windows-server/administration/windows-commands/diskpart) command interpreter, by typing `diskpart` at the command prompt.
-
- 3. Use the `select disk` command to identify the drive. If you don't know the drive number, use the `list` command to display the list of disks available.
-
- 4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive.
-
- - question: |
- Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?
- answer: |
- One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
-
- In certain cases, third-party drivers for different hardware models or versions can reuse device IDs, driver file names, registry keys (or any other operating system constructs that don't support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver.
-
- This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message "Installing devices…" displaying every time that a Windows to Go drive is roamed between two PCs that require conflicting drivers.
-
- - question: |
- How do I upgrade the operating system on my Windows To Go drive?
- answer: |
- There's no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be reimaged with a new version of Windows in order to transition to the new operating system version.
-
-additionalContent: |
-
- ## Additional resources
-
- - [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
- - [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
- - [Windows To Go: feature overview](windows-to-go-overview.md)
- - [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
- - [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
- - [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
deleted file mode 100644
index 4332f5785a..0000000000
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ /dev/null
@@ -1,155 +0,0 @@
----
-title: Windows To Go feature overview (Windows 10)
-description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: overview
-ms.technology: itpro-deploy
-ms.collection:
- - highpri
- - tier2
-ms.date: 10/28/2022
----
-
-# Windows To Go: feature overview
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
-
-PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go isn't intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some other considerations that you should keep in mind before you start to use Windows To Go:
-
-- [Windows To Go: feature overview](#windows-to-go-feature-overview)
- - [Differences between Windows To Go and a typical installation of Windows](#differences-between-windows-to-go-and-a-typical-installation-of-windows)
- - [Roaming with Windows To Go](#roaming-with-windows-to-go)
- - [Prepare for Windows To Go](#prepare-for-windows-to-go)
- - [Hardware considerations for Windows To Go](#hardware-considerations-for-windows-to-go)
-
-> [!NOTE]
-> Windows To Go isn't supported on Windows RT.
-
-## Differences between Windows To Go and a typical installation of Windows
-
-Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are:
-
-- **Internal disks are offline.** To ensure data isn't accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive won't be listed in Windows Explorer.
-- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption, a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
-- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
-- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
-- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer's standard for the computer doesn't apply when running a Windows To Go workspace, so the feature was disabled.
-- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces can't be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
-
-## Roaming with Windows To Go
-
-Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer, it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is next booted on that host computer, it will be able to identify the host computer and load the correct set of drivers automatically.
-
-The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware, which will cause difficulties if the workspace is being used with multiple host computers.
-
-## Prepare for Windows To Go
-
-Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
-
-These same tools can be used to provision Windows To Go drive, just as if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) to review deployment tools available.
-
-> [!IMPORTANT]
-> Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported.
-
-As you decide what to include in your Windows To Go image, be sure to consider the following questions:
-
-Are there any drivers that you need to inject into the image?
-
-How will data be stored and synchronized to appropriate locations from the USB device?
-
-Are there any applications that are incompatible with Windows To Go roaming that shouldn't be included in the image?
-
-What should be the architecture of the image - 32bit/64bit?
-
-What remote connectivity solution should be supported in the image if Windows To Go is used outside the corporate network?
-
-For more information about designing and planning your Windows To Go deployment, see [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md).
-
-## Hardware considerations for Windows To Go
-
-**For USB drives**
-
-The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following items:
-
-- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly.
-- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later.
-- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details.
-
-As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives:
-
-> [!WARNING]
-> Using a USB drive that has not been certified is not supported.
-
-- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://www.kingston.com/support/technical/products?model=dtws))
-- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws))
-- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws))
-- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
-
-- Super Talent Express RC4 for Windows To Go
-
- -and-
-
- Super Talent Express RC8 for Windows To Go
-
- ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721))
-
-- Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
-
- We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility, see [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
-
-**For host computers**
-
-When assessing the use of a PC as a host for a Windows To Go workspace, you should consider the following criteria:
-
-- Hardware that has been certified for use with Windows 7 or later operating systems will work well with Windows To Go.
-- Running a Windows To Go workspace from a computer that is running Windows RT isn't a supported scenario.
-- Running a Windows To Go workspace on a Mac computer isn't a supported scenario.
-
-The following table details the characteristics that the host computer must have to be used with Windows To Go:
-
-|Item|Requirement|
-|--- |--- |
-|Boot process|Capable of USB boot|
-|Firmware|USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you're unsure of the ability of your PC to boot from USB)|
-|Processor architecture|Must support the image on the Windows To Go drive|
-|External USB Hubs|Not supported; connect the Windows To Go drive directly to the host machine|
-|Processor|1 GHz or faster|
-|RAM|2 GB or greater|
-|Graphics|DirectX 9 graphics device with WDDM 1.2 or greater driver|
-|USB port|USB 2.0 port or greater|
-
-**Checking for architectural compatibility between the host PC and the Windows To Go drive**
-
-In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
-
-|Host PC Firmware Type|Host PC Processor Architecture|Compatible Windows To Go Image Architecture|
-|--- |--- |--- |
-|Legacy BIOS|32-bit|32-bit only|
-|Legacy BIOS|64-bit|32-bit and 64-bit|
-|UEFI BIOS|32-bit|32-bit only|
-|UEFI BIOS|64-bit|64-bit only|
-
-## Other resources
-
-- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
-- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
-- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
-
-## Related articles
-
-[Deploy Windows To Go in your organization](../deploy-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index f49339b0fd..8e5e27c8df 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -2,13 +2,13 @@
title: Windows Pro in S mode
description: Overview of Windows Pro and Enterprise in S mode.
ms.localizationpriority: high
-ms.prod: windows-client
+ms.service: windows-client
manager: aaroncz
author: frankroj
ms.author: frankroj
ms.topic: conceptual
ms.date: 04/26/2023
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Windows Pro in S mode
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 72d37a8849..c8ea253ee3 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -1,8 +1,8 @@
---
title: Windows Updates using forward and reverse differentials
description: A technique to produce compact software updates optimized for any origin and destination revision pair
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index ba7b6d264d..164a2970b3 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -1,8 +1,8 @@
---
title: How to check Windows release health
description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index f5f57bd6c5..d1b6ebd87e 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -1,8 +1,8 @@
---
title: Create a deployment plan
description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/deployment-service-drivers.md b/windows/deployment/update/deployment-service-drivers.md
index 4373f59f58..ca104fce34 100644
--- a/windows/deployment/update/deployment-service-drivers.md
+++ b/windows/deployment/update/deployment-service-drivers.md
@@ -2,8 +2,8 @@
title: Deploy drivers and firmware updates
titleSuffix: Windows Update for Business deployment service
description: Use Windows Update for Business deployment service to deploy driver and firmware updates to devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/deployment-service-expedited-updates.md b/windows/deployment/update/deployment-service-expedited-updates.md
index 9279a5e9d4..0b59cbea9e 100644
--- a/windows/deployment/update/deployment-service-expedited-updates.md
+++ b/windows/deployment/update/deployment-service-expedited-updates.md
@@ -2,8 +2,8 @@
title: Deploy expedited updates
titleSuffix: Windows Update for Business deployment service
description: Learn how to use Windows Update for Business deployment service to deploy expedited updates to devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -32,7 +32,11 @@ In this article, you will:
## Prerequisites
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
+All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met, including ensuring that the *Update Health Tools* is installed on the clients.
+- The *Update Health Tools* are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device, use one of the following methods:
+ - Run a [readiness test for expedited updates](#readiness-test-for-expediting-updates)
+ - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
+ - Example PowerShell script to verify tools installation: `Get-CimInstance -ClassName Win32_Product \| Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
### Permissions
@@ -213,8 +217,8 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments/$entity",
"id": "de910e12-3456-7890-abcd-ef1234567890",
- "createdDateTime": "2023-02-09T22:55:04.8547517Z",
- "lastModifiedDateTime": "2023-02-09T22:55:04.8547524Z",
+ "createdDateTime": "2024-01-30T19:43:37.1672634Z",
+ "lastModifiedDateTime": "2024-01-30T19:43:37.1672644Z",
"state": {
"effectiveValue": "offering",
"requestedValue": "none",
@@ -222,15 +226,19 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
},
"content": {
"@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
- "catalogEntry@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('de910e12-3456-7890-abcd-ef1234567890')/content/microsoft.graph.windowsUpdates.catalogContent/catalogEntry/$entity",
+ "catalogEntry@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('073fb534-5cdd-4326-8aa2-a4d29037b60f')/content/microsoft.graph.windowsUpdates.catalogContent/catalogEntry/$entity",
"catalogEntry": {
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
- "id": "693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432",
+ "id": "e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5",
"displayName": null,
"deployableUntilDateTime": null,
- "releaseDateTime": "2023-01-10T00:00:00Z",
+ "releaseDateTime": "2023-08-08T00:00:00Z",
"isExpeditable": false,
- "qualityUpdateClassification": "security"
+ "qualityUpdateClassification": "security",
+ "catalogName": null,
+ "shortName": null,
+ "qualityUpdateCadence": "monthly",
+ "cveSeverityInformation": null
}
},
"settings": {
@@ -238,10 +246,12 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
"monitoring": null,
"contentApplicability": null,
"userExperience": {
- "daysUntilForcedReboot": 2
+ "daysUntilForcedReboot": 2,
+ "offerAsOptional": null
},
"expedite": {
- "isExpedited": true
+ "isExpedited": true,
+ "isReadinessTest": false
}
},
"audience@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('de910e12-3456-7890-abcd-ef1234567890')/audience/$entity",
@@ -293,6 +303,48 @@ The following example deletes the deployment with a **Deployment ID** of `de910e
DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e12-3456-7890-abcd-ef1234567890
```
+## Readiness test for expediting updates
+
+You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies it's an expedite readiness test, then add members to the deployment audience. The service will check to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results.
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
+content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.windowsUpdates.deployment",
+ "content": {
+ "@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
+ "catalogEntry": {
+ "@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
+ "id": "317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5"
+ }
+ },
+ "settings": {
+ "@odata.type": "microsoft.graph.windowsUpdates.deploymentSettings",
+ "expedite": {
+ "isExpedited": true,
+ "isReadinessTest": true
+ }
+ }
+}
+```
+
+The truncated response displays that **isReadinessTest** is set to `true` and gives you a **DeploymentID** of `de910e12-3456-7890-abcd-ef1234567890`. You can then [add members to the deployment audience](#add-members-to-the-deployment-audience) to have the service check that the devices meet the preresquites then review the results in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab).
+
+```json
+ "expedite": {
+ "isExpedited": true,
+ "isReadinessTest": true
+ }
+ },
+ "audience@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('6a6c03b5-008e-4b4d-8acd-48144208f179_Readiness')/audience/$entity",
+ "audience": {
+ "id": "de910e12-3456-7890-abcd-ef1234567890",
+ "applicableContent": []
+ }
+
+```
[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-update-health-tools-logs.md)]
diff --git a/windows/deployment/update/deployment-service-feature-updates.md b/windows/deployment/update/deployment-service-feature-updates.md
index 070ecd8914..99d6c26f7c 100644
--- a/windows/deployment/update/deployment-service-feature-updates.md
+++ b/windows/deployment/update/deployment-service-feature-updates.md
@@ -2,8 +2,8 @@
title: Deploy feature updates
titleSuffix: Windows Update for Business deployment service
description: Use Windows Update for Business deployment service to deploy feature updates to devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index b3fa2680c5..adf8bfe314 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -2,8 +2,8 @@
title: Overview of the deployment service
titleSuffix: Windows Update for Business deployment service
description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates with the deployment service.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
index d4dbc2e5e1..1f24cbfe24 100644
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ b/windows/deployment/update/deployment-service-prerequisites.md
@@ -2,8 +2,8 @@
title: Prerequisites for the deployment service
titleSuffix: Windows Update for Business deployment service
description: Prerequisites for using the Windows Update for Business deployment service for updating devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 02/14/2023
+ms.date: 01/29/2024
---
# Windows Update for Business deployment service prerequisites
@@ -48,9 +48,9 @@ Windows Update for Business deployment service supports Windows client devices o
### Windows operating system updates
-- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB 4023057](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
+- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device:
- Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
- - As an Admin, run the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
+ - As an Admin, run the following PowerShell script: `Get-CimInstance -ClassName Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index 65a6b7777a..da9f167b83 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -2,8 +2,8 @@
title: Troubleshoot the deployment service
titleSuffix: Windows Update for Business deployment service
description: Solutions to commonly encountered problems when using the Windows Update for Business deployment service.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: troubleshooting
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 9352455d20..d12a78f404 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -1,8 +1,8 @@
---
title: Evaluate infrastructure and tools
description: Review the steps to ensure your infrastructure is ready to deploy updates to clients in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: article
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 41a21d5d7c..51371de0c7 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,8 +1,8 @@
---
title: Best practices - user-initiated feature update installation
description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: best-practice
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 972dd73a69..f7968c1ebc 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,8 +1,8 @@
---
title: FoD and language packs for WSUS and Configuration Manager
description: Learn how to make FoD and language packs available to clients when you're using WSUS or Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index 5dc206f1aa..46dca308f1 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,8 +1,8 @@
---
title: Windows client updates, channels, and tools
description: Brief summary of the kinds of Windows updates, the channels they're served through, and the tools for managing them
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index ef02459999..70f2c18280 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,8 +1,8 @@
---
title: How Windows Update works
description: In this article, learn about the process Windows Update uses to download and install updates on Windows client devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/images/waas-active-hours-policy.PNG b/windows/deployment/update/images/waas-active-hours-policy.png
similarity index 100%
rename from windows/deployment/update/images/waas-active-hours-policy.PNG
rename to windows/deployment/update/images/waas-active-hours-policy.png
diff --git a/windows/deployment/update/images/waas-active-hours.PNG b/windows/deployment/update/images/waas-active-hours.png
similarity index 100%
rename from windows/deployment/update/images/waas-active-hours.PNG
rename to windows/deployment/update/images/waas-active-hours.png
diff --git a/windows/deployment/update/includes/update-history.md b/windows/deployment/update/includes/update-history.md
index 9963e0b8b6..cc5fb9bb9f 100644
--- a/windows/deployment/update/includes/update-history.md
+++ b/windows/deployment/update/includes/update-history.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/24/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
index 24da4ab44e..572d549362 100644
--- a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
index d8c96ee718..c386f7fd42 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
@@ -20,7 +20,7 @@ The following policies exclude drivers from Windows Update for a device:
- **Group Policy**: `\Windows Components\Windows Update\Do not include drivers with Windows Updates` set to `enabled`
- **CSP**: [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#excludewudriversinqualityupdate) set to `1`
- **Registry**: `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversFromQualityUpdates` set to `1`
- - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Allow`
+ - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Block`
**Behavior with the deployment service**: Devices with driver exclusion polices that are enrolled for **drivers** and added to an audience though the deployment service:
- Will display the applicable driver content in the deployment service
@@ -42,4 +42,4 @@ The following policies define the source for driver updates as either Windows Up
- Will install drivers that are approved from the deployment service
> [!NOTE]
-> When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device.
\ No newline at end of file
+> When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device.
diff --git a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
index ed62f731f1..f84dd43e0a 100644
--- a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
index 336236ee43..9cfcff85ad 100644
--- a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
index 23bbb2b2d9..40f67810ab 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
index 8d869d1f69..8250bc9e1d 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md b/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
index 682134eb32..d4681b40c2 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
index 34e70ba899..a57711bffd 100644
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md b/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
index 4e0d5caaff..cd39b4dd7e 100644
--- a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
+++ b/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
index da738e8991..a698c7f33b 100644
--- a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
+++ b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 04/26/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-endpoints.md b/windows/deployment/update/includes/wufb-reports-endpoints.md
index 88fd5d146e..a3bfb9b575 100644
--- a/windows/deployment/update/includes/wufb-reports-endpoints.md
+++ b/windows/deployment/update/includes/wufb-reports-endpoints.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 12/15/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
index 70c1948c7a..f0f14e2a67 100644
--- a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
+++ b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-script-error-codes.md b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
index 479b5a9eff..7057d0789c 100644
--- a/windows/deployment/update/includes/wufb-reports-script-error-codes.md
+++ b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 07/11/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index baae39d605..080e86b6ad 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -1,8 +1,8 @@
---
title: Update Windows installation media with Dynamic Update
description: Learn how to acquire and apply Dynamic Update packages to existing Windows images prior to deployment
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index 1245ce7f59..7f6fffc7b4 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -1,8 +1,8 @@
---
title: Migrating and acquiring optional Windows content
description: How to keep language resources and Features on Demand during operating system updates for your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index 3116459b20..dcc9544f7e 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -1,8 +1,8 @@
---
title: Define readiness criteria
description: Identify important roles and figure out how to classify apps so you can plan and manage your deployment
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index 9f3f2e92b7..e2175c7b40 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -1,8 +1,8 @@
---
title: Define update strategy
description: Example of using a calendar-based approach to achieve consistent update installation in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index 735e5a3095..6801a4cca8 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -1,8 +1,8 @@
---
title: Determine application readiness
description: How to test your apps to identify which need attention prior to deploying an update in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index ad9ebeff3a..a9af4519db 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -1,8 +1,8 @@
---
title: Prepare to deploy Windows
description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/release-cycle.md b/windows/deployment/update/release-cycle.md
index bb6949ca8e..2d4e8ecb19 100644
--- a/windows/deployment/update/release-cycle.md
+++ b/windows/deployment/update/release-cycle.md
@@ -1,8 +1,8 @@
---
title: Update release cycle for Windows clients
description: Learn about the release cycle for updates so Windows clients in your organization stay productive and protected.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 86232917dd..104400de70 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -1,8 +1,8 @@
---
title: Safeguard holds for Windows
description: What are safeguard holds? How to can you tell if a safeguard hold is in effect, and what to do about it.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index 30227f3553..0e0a112ae1 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -1,8 +1,8 @@
---
title: Opt out of safeguard holds
description: How to install an update in your organization even when a safeguard hold for a known issue has been applied to it.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 7aa9bf3ff1..85af66e440 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -1,8 +1,8 @@
---
title: Servicing stack updates
description: In this article, learn how servicing stack updates improve the code that installs the other updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index b534f09c0c..28b05bb90e 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -1,8 +1,8 @@
---
title: Windows 10 Update Baseline
description: Use an update baseline to optimize user experience and meet monthly update goals in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/update-other-microsoft-products.md b/windows/deployment/update/update-other-microsoft-products.md
new file mode 100644
index 0000000000..01f1505029
--- /dev/null
+++ b/windows/deployment/update/update-other-microsoft-products.md
@@ -0,0 +1,76 @@
+---
+title: Update other Microsoft products
+titleSuffix: Windows Update for Business
+description: List of other Microsoft products that are updated when install updates for other Microsoft products (allowmuupdateservice) is used.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: reference
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+appliesto:
+- ✅ Windows 11
+- ✅ Windows 10
+ms.date: 02/27/2024
+---
+
+# Update other Microsoft products
+
+This article contains a list of other Microsoft products that might be updated when the following policy is used:
+
+- **Group policy**: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\Configure Automatic Updates
+ - `Install updates for other Microsoft products` element under Configure Automatic Updates
+- **MDM**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowMUUpdateService](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowmuupdateservice)
+
+> [!Note]
+> This policy includes drivers. If you need to exclude drivers, use [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update&bc=/windows/deployment/breadcrumb/toc.json#excludewudriversinqualityupdate).
+
+
+## List of other Microsoft products
+
+The following is a list of other Microsoft products that might be updated:
+
+- Active Directory Rights Management Service
+- AppFabric
+- Azure File Sync
+- Bing Bar
+- Bing IME
+- BizTalk
+- East Asia IME for Windows Content
+- Exchange
+- IME Dictionary Update
+- Live Search
+- MED-V
+- Microsoft Advanced Threat Analytics
+- Microsoft Application Virtualization
+- Microsoft Azure StorSimple
+- Microsoft Dynamics CRM
+- Microsoft Information Protection
+- Microsoft Lync Server and Microsoft Lync
+- Microsoft Monitoring Agent
+- Microsoft SRS Device
+- Microsoft StreamInsight
+- Mobile and IoT
+- MSRC
+- Office 2016 (MSI versions of Office)
+- PlayReady
+- Windows Admin Center
+- Silverlight
+- Skype for Business
+- SQL
+- System Center Application Controller
+- System Center Configuration Manager
+- System Center Data Protection Manager
+- System Center Operations Manager
+- System Center Orchestrator
+- System Center Virtual Machine Manager
+- Visual Studio
+- Windows Azure Hyper-V Recovery Manager
+- Windows Azure Pack - Web Sites
+- Windows Azure Pack
+- Windows Azure Service Bus
+- Windows Embedded Developer Update
+- Windows Intune
+- Windows Live Sign-in Assistant
+- Windows Small Business Server
+- Zune
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index b7fa2d5094..50b404df35 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -1,8 +1,8 @@
---
title: Policies for update compliance and user experience
description: Explanation and recommendations for update compliance, activity, and user experience for your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 7856c98348..11732bc1ca 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -1,8 +1,8 @@
---
title: Configure BranchCache for Windows client updates
description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 2a1baa5255..cf98c00264 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -2,31 +2,31 @@
title: Configure Windows Update for Business
manager: aaroncz
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
-ms.prod: windows-client
+ms.service: windows-client
author: mestew
ms.localizationpriority: medium
ms.author: mstewart
ms.topic: conceptual
-ms.technology: itpro-updates
+ms.subservice: itpro-updates
ms.collection:
- tier1
-appliesto:
+appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.date: 11/30/2023
+ms.date: 02/27/2024
---
# Configure Windows Update for Business
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
> [!NOTE]
> Windows Server _doesn't_ get feature updates from Windows Update, so only the quality update policies apply. This behavior doesn't apply to [Azure Stack hyperconverged infrastructure (HCI)](/azure-stack/hci/).
-
-You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this article provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
+
+You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this article provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
> [!IMPORTANT]
> Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
@@ -34,17 +34,17 @@ You can use Group Policy or your mobile device management (MDM) service to confi
## Start by grouping devices
-By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups, which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.
+By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups, which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.
>[!TIP]
->In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/).
+>In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft's design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/).
## Configure devices for the appropriate service channel
-With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels).
+With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels).
**Release branch policies**
@@ -65,7 +65,7 @@ Starting with Windows 10, version 1703, users can configure the branch readiness
## Configure when devices receive feature updates
-After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
+After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` won't install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
@@ -87,7 +87,7 @@ For example, a device on the General Availability Channel with `DeferFeatureUpda
You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again.
-Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
+Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
In cases where the pause policy is first applied after the configured start date has passed, you can extend the pause period up to a total of 35 days by configuring a later start date.
@@ -104,7 +104,7 @@ In cases where the pause policy is first applied after the configured start date
| MDM for Windows 10, version 1607 or later: ../Vendor/MSFT/Policy/Config/Update/**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
| MDM for Windows 10, version 1511: ../Vendor/MSFT/Policy/Config/Update/**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
-You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
+You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
The local group policy editor (GPEdit.msc) won't reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
@@ -125,9 +125,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
## Configure when devices receive quality updates
-Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
+Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
-You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
+You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates. For a list of other Microsoft products that might be updated, see [Update other Microsoft products](update-other-microsoft-products.md).
**Policy settings for deferring quality updates**
@@ -145,7 +145,7 @@ You can set your system to receive updates for other Microsoft products—known
You can also pause a system from receiving quality updates for a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality updates. Following this scan, you can then pause quality updates for the device again.
-Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
+Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
In cases where the pause policy is first applied after the configured start date has passed, you can extend the pause period up to a total of 35 days by configuring a later start date.
@@ -210,10 +210,10 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
| MDM for Windows 10, version 1607 and later: ../Vendor/MSFT/Policy/Config/Update/**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
## Enable optional updates
-
+
In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy.
-To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**.
+To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**.
:::image type="content" source="media/7991583-update-seeker-enabled.png" alt-text="Screenshot of the Get the latest updates as soon as they're available option in the Windows updates page of Settings." lightbox="media/7991583-update-seeker-enabled.png":::
@@ -230,7 +230,7 @@ The following options are available for the policy:
- **Users can select which optional updates to receive**:
- Users can select which optional updates to install from **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Optional updates**.
- - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled.
+ - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled.
- CFRs are offered to the device, but not necessarily in the early phases of the rollout.
- Users can enable the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. If the user enables the **Get the latest updates as soon as they're available**, then:
- The device will receive CFRs in early phases of the rollout.
@@ -249,7 +249,7 @@ The following options are available for the policy:
## Enable features that are behind temporary enterprise feature control
-New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly.
+New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly.
The features that are behind temporary enterprise feature control will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them. For a list of features that are turned off by default, see [Windows 11 features behind temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control).
@@ -274,7 +274,7 @@ The following are quick-reference tables of the supported policy values for Wind
| BranchReadinessLevel | REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast 4: Systems take feature updates for the Windows Insider build - Slow 8: Systems take feature updates for the Release Windows Insider build Other value or absent: Receive all applicable updates |
| DeferFeatureUpdates | REG_DWORD | 1: Defer feature updatesOther value or absent: Don't defer feature updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
-| DeferQualityUpdates | REG_DWORD | 1: Defer quality updatesOther value or absent: Don't defer quality updates |
+| DeferQualityUpdates | REG_DWORD | 1: Defer quality updatesOther value or absent: Don't defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: Defer quality updates by given days |
| ExcludeWUDriversInQualityUpdate | REG_DWORD | 1: Exclude Windows Update driversOther value or absent: Offer Windows Update drivers |
| PauseFeatureUpdatesStartTime | REG_DWORD |1: Pause feature updatesOther value or absent: Don't pause feature updates |
@@ -310,4 +310,3 @@ When a device running a newer version sees an update available on Windows Update
| PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
| PauseQualityUpdates | PauseQualityUpdatesStartTime |
-
\ No newline at end of file
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index d94af9011d..892daae8af 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -1,8 +1,8 @@
---
title: Integrate Windows Update for Business
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 02/27/2024
---
# Integrate Windows Update for Business with management solutions
@@ -68,6 +68,7 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
- Device is configured to defer quality updates using Windows Update for Business and to be managed by WSUS
- Device is configured to **receive updates for other Microsoft products** along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
+ - For a list of other Microsoft products that might be updated, see [Update other Microsoft products](update-other-microsoft-products.md).
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS weren't enabled.
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index b1aee2ba14..6506f11e90 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -1,8 +1,8 @@
---
title: Deploy updates using Windows Server Update Services
description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 070ded3d1e..25fff01d83 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -2,7 +2,8 @@
title: Windows Update for Business
manager: aaroncz
description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
-ms.prod: windows-client
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
@@ -10,9 +11,9 @@ ms.collection:
- highpri
- tier2
ms.localizationpriority: medium
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
+- ✅ Windows 10
ms.date: 11/07/2023
---
@@ -27,7 +28,7 @@ Windows Update for Business is a free service that is available for the followin
- Enterprise, including Enterprise LTSC, IoT Enterprise, and IoT Enterprise LTSC
Windows Update for Business enables IT administrators to keep their organization's Windows client devices always up to date with the latest security updates and Windows features by directly connecting these systems to the Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions, such as Microsoft Intune, to configure the Windows Update for Business settings that control how and when devices are updated.
-
+
Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
## What can I do with Windows Update for Business?
@@ -85,7 +86,7 @@ An administrator can defer the installation of both feature and quality updates
|Nondeferrable | none |
+ [Insert graphic with the deferrals set to different values showing a feature update rollout)-->
#### Pause an update
@@ -98,7 +99,7 @@ When updating from Windows Update, you get the added benefits of built-in compat
### Recommendations
-For the best experience with Windows Update, follow these guidelines:
+For the best experience with Windows Update, follow these guidelines:
- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 6f20706c2e..52cda69c7b 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -1,8 +1,8 @@
---
title: Overview of Windows as a service
description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
@@ -11,64 +11,61 @@ ms.localizationpriority: medium
ms.collection:
- highpri
- tier2
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
+- ✅ Windows 10
ms.date: 12/31/2017
---
# Overview of Windows as a service
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2).
-Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
+Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
## Building
-Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn't work in today's rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges.
+Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features. That scenario doesn't always work in today's rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges.
-In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features are delivered to the [Windows Insider community](/windows-insider/business/register) as soon as possible, during the development cycle, through a process called *flighting*. Organizations can see exactly what Microsoft is developing and start their testing as soon as possible.
+In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features are delivered to the [Windows Insider Program](/windows-insider/) as soon as possible, during the development cycle, through a process called *flighting*. Organizations can see exactly what Microsoft is developing and start their testing as soon as possible.
Microsoft also depends on receiving feedback from organizations throughout the development process so that it can make adjustments as quickly as possible rather than waiting until after release. For more information about the Windows Insider Program and how to sign up, see the section [Windows Insider](#windows-insider).
-Of course, Microsoft also performs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program.
+Microsoft also runs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program.
## Deploying
Deploying Windows 10 and Windows 11 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, you can use an easy in-place upgrade process to automatically preserve all apps, settings, and data. Afterwards, deployment of feature updates is equally simple.
-
### Application compatibility
-Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing regularly to validate compatibility with new builds.
+Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing regularly to validate compatibility with new builds.
## Servicing
-Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes.
+Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes.
-Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that uses servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
+Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that uses servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
For information about each servicing tool, see [Servicing tools](#servicing-tools).
There are three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For more information, see [Servicing channels](#servicing-channels).
-
There are currently three release channels for Windows clients:
-- The **General Availability Channel** receives feature updates as soon as they're available.
+- The **General Availability Channel** receives feature updates as soon as they're available.
- The **Long-Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
- The **Windows Insider Program** provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update.
>[!NOTE]
->With each General Availability release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
+>With each General Availability release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
>[!IMPORTANT]
->Devices on the General Availability Channel must have their diagnostic data set to **1 (Basic)** or higher in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
+>Devices on the General Availability Channel must have their diagnostic data set to **1 (Basic)** or higher in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
### Feature updates
-New features are packaged into feature updates that you can deploy using existing management tools. These changes come in bite-sized chunks rather than all at once, decreasing user readiness time.
-
+New features are packaged into feature updates that you can deploy using existing management tools. These changes come in bite-sized chunks rather than all at once, decreasing user readiness time.
### Quality updates
@@ -76,12 +73,12 @@ Monthly updates in previous Windows versions were often overwhelming because of
Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month's update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
-## Servicing channels
+## Servicing channels
-There are three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [General Availability Channel](#general-availability-channel) provides new functionality with feature update releases. Organizations can choose when to deploy updates from the General Availability Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information).
+There are three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [General Availability Channel](#general-availability-channel) provides new functionality with feature update releases. Organizations can choose when to deploy updates from the General Availability Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For more information about the versions in each servicing channel, see [Windows release information](/windows/release-health/).
> [!NOTE]
-> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
+> Servicing channels aren't the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
### General Availability Channel
@@ -89,12 +86,9 @@ In the General Availability Channel, feature updates are available annually. Thi
When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel is available but not necessarily immediately mandatory, depending on the policy of the management system. For more information about servicing tools, see [Servicing tools](#servicing-tools).
-
> [!NOTE]
> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
->
->
-> [!NOTE]
+>
> Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools.
### Long-term Servicing Channel
@@ -105,13 +99,12 @@ Specialized systems—such as devices that control medical equipment, point-of-s
>
> The Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.
-Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over the product's lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or perform a search on the [product's lifecycle information](/lifecycle/products/) page.
+Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2-3 years, and organizations can choose to install them as in-place upgrades or even skip releases over the product's lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/), or perform a search on the [product's lifecycle information](/lifecycle/products/) page.
> [!NOTE]
> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows).
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
-
+The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
### Windows Insider
@@ -119,18 +112,16 @@ For many IT pros, gaining visibility into feature updates early can be both intr
Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/business/register).
-
-
## Servicing tools
There are many tools you can use to service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the General Availability Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
- **Windows Update for Business** includes control over update deferment and provides centralized management using Group Policy or MDM. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the General Availability Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Microsoft Intune.
-- **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
-- **Microsoft Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
+- **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
+- **Microsoft Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
-**Servicing tools comparison**
+### Servicing tools comparison
| Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features |
| --- | --- | --- | --- | --- |
@@ -138,5 +129,3 @@ There are many tools you can use to service Windows as a service. Each option ha
| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows Update Delivery](../do/waas-optimize-windows-10-updates.md) | Distribution points, multiple deployment options |
-
-
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index f027e7d657..fce23e0310 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -1,8 +1,8 @@
---
title: Quick guide to Windows as a service (Windows 10)
description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 18b0aa011f..6fd7172197 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -1,8 +1,8 @@
---
title: Manage device restarts after updates
description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows update is installed.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 894cb7361b..78cf2b2e50 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -1,8 +1,8 @@
---
title: Assign devices to servicing channels for updates
description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 31038c9fc0..2e0aea738c 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -1,37 +1,37 @@
---
title: Prepare a servicing strategy for Windows client updates
description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
manager: aaroncz
ms.localizationpriority: medium
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
+- ✅ Windows 10
ms.date: 12/31/2017
---
# Prepare a servicing strategy for Windows client updates
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
Here's an example of what this process might look like:
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they're available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate prerelease builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
-- **Identify excluded devices.** For some organizations, special-purpose devices, like devices that control factory or medical equipment or run ATMs, require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
+- **Identify excluded devices.** For some organizations, special-purpose devices, like devices that control factory or medical equipment or run ATMs, require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you're looking for feedback rather than people to just "try it out" and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
-- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain needs to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for "ADMX download for Windows build xxxx". For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
+- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain needs to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/troubleshoot/windows-server/group-policy/manage-group-policy-adm-file) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for "ADMX download for Windows build xxxx". For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
- **Choose a servicing tool.** Decide which product you'll use to manage the Windows updates in your environment. If you're currently using Windows Server Update Services (WSUS) or Microsoft Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you'll use, consider how you'll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
-- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).
+- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).
Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier "Configure test devices" step of the previous section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase.
-2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it's still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity represents most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the "Recruit volunteers" step of the previous section. Be sure to communicate clearly that you're looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it.
-3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don't prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department.
+2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it's still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity represents most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the "Recruit volunteers" step of the previous section. Be sure to communicate clearly that you're looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it.
+3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don't prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department.
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index b370409adb..84c4092f53 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,8 +1,8 @@
---
title: Manage additional Windows Update settings
description: In this article, learn about additional settings to control the behavior of Windows Update in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index cc945db4c2..23e561ea09 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -1,8 +1,8 @@
---
title: Configure Windows Update for Business by using CSPs and MDM
description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/30/2023
+ms.date: 01/18/2024
---
# Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
@@ -202,9 +202,9 @@ The features that are turned off by default from servicing updates will be enabl
You can enable these features by using [AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol). The following options are available:
-- **0** (default): Allowed. All features in the latest monthly cumulative update are enabled.
- - When the policy is set to **0**, all features that are currently turned off will turn on when the device next reboots
-- **1** - Not allowed. Features that are shipped turned off by default will remain off
+- **0** (default): Not allowed. Features that are shipped turned off by default will remain off
+- **1**: Allowed. All features in the latest monthly cumulative update are enabled.
+ - When the policy is set to **1**, all features that are currently turned off will turn on when the device next reboots.
#### I want to enable optional updates
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 22c937a71a..a039f0c714 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -1,8 +1,8 @@
---
title: Configure Windows Update for Business via Group Policy
description: Walk through of how to configure Windows Update for Business settings using Group Policy to update devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
manager: aaroncz
ms.topic: conceptual
author: mestew
@@ -17,7 +17,7 @@ appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.date: 11/30/2023
+ms.date: 02/27/2024
---
# Walkthrough: Use Group Policy to configure Windows Update for Business
@@ -65,7 +65,7 @@ You can control when updates are applied, for example by deferring when an updat
Both feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
-To enable Microsoft Updates, use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
+To enable Microsoft Updates, use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**. For a list of other Microsoft products that might be updated, see [Update other Microsoft products](update-other-microsoft-products.md).
Drivers are automatically enabled because they're beneficial to device systems. We recommend that you allow the driver policy to allow drivers to update on devices (the default), but you can turn off this setting if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index c37d7cc3d2..b6dbfb03a0 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -1,8 +1,8 @@
---
title: Windows Update error code list by component
description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index b75a881dc0..80f4dcb167 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -1,8 +1,8 @@
---
title: Windows Update log files
description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: troubleshooting
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md
index 7965aa2782..c81a8e7319 100644
--- a/windows/deployment/update/windows-update-overview.md
+++ b/windows/deployment/update/windows-update-overview.md
@@ -1,8 +1,8 @@
---
title: Get started with Windows Update
description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index ab1ed81b28..1d7ec557b6 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -2,8 +2,8 @@
title: Windows Update security
manager: aaroncz
description: Overview of the security for Windows Update including security for the metadata exchange and content download.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 714ea509f5..390117afd2 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -2,8 +2,8 @@
title: Enforce compliance deadlines with policies
titleSuffix: Windows Update for Business
description: This article contains information on how to enforce compliance deadlines using Windows Update for Business.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.localizationpriority: medium
@@ -46,7 +46,8 @@ The deadline calculation for both quality and feature updates is based off the t
The grace period for both quality and feature updates starts its countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, users are able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. Once the *effective deadline* is reached, the device tries to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.) Grace periods are useful for users who may be coming back from vacation, or other extended time away from their device, to ensure a forced reboot doesn't occur immediately after they return.
> [!NOTE]
-> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.
+> - When **Specify deadlines for automatic updates and restarts** is used, updates will be downloaded and installed as soon as they are offered.
+> - When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.
## Policy setting overview for clients running Windows 11, version 21H2 and earlier
diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md
index 0e0b313437..9d93702ea9 100644
--- a/windows/deployment/update/wufb-reports-admin-center.md
+++ b/windows/deployment/update/wufb-reports-admin-center.md
@@ -3,8 +3,8 @@ title: Microsoft 365 admin center software updates page
titleSuffix: Windows Update for Business reports
manager: aaroncz
description: Microsoft admin center populates Windows Update for Business reports data into the software updates page.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 395856651d..94e36fa723 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -2,8 +2,8 @@
title: Configure devices using Microsoft Intune
titleSuffix: Windows Update for Business reports
description: How to configure devices to use Windows Update for Business reports from Microsoft Intune.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index 7c76c5ad32..545ebbed48 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -2,8 +2,8 @@
title: Manually configure devices to send data
titleSuffix: Windows Update for Business reports
description: How to manually configure devices for Windows Update for Business reports using a PowerShell script.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
index 10af47e205..e216694bc7 100644
--- a/windows/deployment/update/wufb-reports-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -2,8 +2,8 @@
title: Configure clients with a script
titleSuffix: Windows Update for Business reports
description: How to get and use the Windows Update for Business reports configuration script to configure devices for Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md
index d71d76d0be..eca5fbdfa8 100644
--- a/windows/deployment/update/wufb-reports-do.md
+++ b/windows/deployment/update/wufb-reports-do.md
@@ -2,8 +2,8 @@
title: Delivery Optimization data in reports
titleSuffix: Windows Update for Business reports
description: This article provides information about Delivery Optimization data in Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -164,7 +164,7 @@ There are many Microsoft [content types](waas-delivery-optimization.md#types-of-
## Frequency Asked Questions
- **What time period does the Delivery Optimization data include?**
-Data is generated/aggregated for the last 28 days for active devices.
+Data is generated/aggregated for the last 28 days for active devices. For Delivery Optimization data to register in the report, the device must have performed some Delivery Optimization action in the 28-day rolling window. This includes device configuration information.
- **Data is showing as 'Unknown', what does that mean?**
You may see data in the report listed as 'Unknown'. This status indicates that the Delivery Optimization DownloadMode setting is either invalid or empty.
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index 27a5b5ad14..1502d549d2 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -2,8 +2,8 @@
title: Enable Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: How to enable the Windows Update for Business reports service through the Azure portal or the Microsoft 365 admin center.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-faq.yml b/windows/deployment/update/wufb-reports-faq.yml
index fe8f250ece..99fee1bb21 100644
--- a/windows/deployment/update/wufb-reports-faq.yml
+++ b/windows/deployment/update/wufb-reports-faq.yml
@@ -3,13 +3,13 @@ metadata:
title: Frequently Asked Questions (FAQ)
titleSuffix: Windows Update for Business reports
description: Answers to frequently asked questions about Windows Update for Business reports.
- ms.prod: windows-client
- ms.technology: itpro-updates
+ ms.service: windows-client
+ ms.subservice: itpro-updates
ms.topic: faq
manager: aaroncz
author: mestew
ms.author: mstewart
- ms.date: 06/20/2023
+ ms.date: 01/26/2024
title: Frequently Asked Questions about Windows Update for Business reports
summary: |
This article answers frequently asked questions about Windows Update for Business reports.
@@ -32,6 +32,7 @@ summary: |
- [Why am I missing devices in reports?](#why-am-i-missing-devices-in-reports)
- [What is the difference between OS version and target version?](#what-is-the-difference-between-os-version-and-target-version)
- [Why are there multiple records for the same device?](#why-are-there-multiple-records-for-the-same-device)
+ - [Why are devices showing an unknown state?](#why-are-devices-showing-an-unknown-state)
- [When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?](#when-should-i-use-the-ucclient--ucclientupdatestatus--or-ucupdatealert-tables)
- [What is the difference between quality and security updates?](#what-is-the-difference-between-quality-and-security-updates)
- [How do I confirm that devices are sending data?](#how-do-i-confirm-that-devices-are-sending-data)
@@ -108,7 +109,10 @@ sections:
- **The workbook has limited the results**: The default limit for rows in Azure workbooks is set to 1000. This limit is to avoid any delay in the load time for the interface. If you noticed that you can't find a specific device, you can export the output in Excel, or open the results in the logs view for the full result by selecting the three dots beside each component.
- question: Why are there multiple records for the same device?
answer: |
- Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.
+ Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.
+ - question: Why are devices showing an unknown state?
+ answer: |
+ An unknown client state is displayed if there isn't an update record for the device. This state can happen for many reasons, like the device not being active, not being able to scan Windows Update, or it doesn't currently have any update related activity occurring.
- question: What is the difference between OS version and target version?
answer: |
The word *target* in data labels refers to the update version, build or KB the client intends to update to. Typically, the fields starting with *OS*, such as OSbuild and OSversion, represents what the device is currently running.
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index 49268fb5a7..3580a4810a 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -2,8 +2,8 @@
title: Feedback, support, and troubleshooting
titleSuffix: Windows Update for Business reports
description: Windows Update for Business reports support, feedback, and troubleshooting information.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: article
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
index a38066595f..080f273243 100644
--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -2,8 +2,8 @@
title: Windows Update for Business reports overview
titleSuffix: Windows Update for Business reports
description: Overview of Windows Update for Business reports to explain what it's used for and the cloud services it relies on.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index c81cd3c96b..30f7ecac00 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -2,8 +2,8 @@
title: Prerequisites for Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: List of prerequisites for enabling and using Windows Update for Business reports in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-enumerated-types.md b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
index af84c4b582..ec7e675fd1 100644
--- a/windows/deployment/update/wufb-reports-schema-enumerated-types.md
+++ b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
@@ -2,8 +2,8 @@
title: Enumerated types
titleSuffix: Windows Update for Business reports
description: Enumerated types for Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index b5383c4ad8..b4c113ef71 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -2,8 +2,8 @@
title: UCClient data schema
titleSuffix: Windows Update for Business reports
description: UCClient schema for Windows Update for Business reports. UCClient acts as an individual device's record.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index 59208c8193..e531090eff 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -2,8 +2,8 @@
title: UCClientReadinessStatus data schema
titleSuffix: Windows Update for Business reports
description: UCClientReadinessStatus schema for Windows Update for Business reports. UCClientReadinessStatus is an individual device's record about Windows 11 readiness.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 058a649dd6..e75f3bed7e 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -2,8 +2,8 @@
title: UCClientUpdateStatus data schema
titleSuffix: Windows Update for Business reports
description: UCClientUpdateStatus schema for Windows Update for Business reports. UCClientUpdateStatus combines the latest client-based data with the latest service data.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index e5dfa88144..c6f38d89f3 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -2,8 +2,8 @@
title: UCDeviceAlert data schema
titleSuffix: Windows Update for Business reports
description: UCDeviceAlert schema for Windows Update for Business reports. UCDeviceAlert is an individual device's record about an alert.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
index 33540428e2..834c5a0b29 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
@@ -2,8 +2,8 @@
title: UCDOAggregatedStatus data schema
titleSuffix: Windows Update for Business reports
description: UCDOAggregatedStatus schema for Windows Update for Business reports. UCDOAggregatedStatus is an aggregation of all UDDOStatus records across the tenant.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
index 98e6832a40..f6ff2a21b3 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
@@ -2,15 +2,16 @@
title: UCDOStatus data schema
titleSuffix: Windows Update for Business reports
description: UCDOStatus schema for Windows Update for Business reports. UCDOStatus provides information, for a single device, on its DO and MCC bandwidth utilization.
-ms.prod: windows-client
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
manager: aaroncz
ms.reviewer: carmenf
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
+- ✅ Windows 10
ms.date: 12/06/2023
---
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index c78b2c076d..f01a18f679 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -2,8 +2,8 @@
title: UCServiceUpdateStatus data schema
titleSuffix: Windows Update for Business reports
description: UCServiceUpdateStatus schema for Windows Update for Business reports. UCServiceUpdateStatus has service-side information for one device and one update.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index 588cbd8cb6..331547385e 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -2,8 +2,8 @@
title: UCUpdateAlert data schema
titleSuffix: Windows Update for Business reports
description: UCUpdateAlert schema for Windows Update for Business reports. UCUpdateAlert is an alert for both client and service updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
index 75cdcb5587..d87b64907c 100644
--- a/windows/deployment/update/wufb-reports-schema.md
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -2,8 +2,8 @@
title: Windows Update for Business reports data schema
titleSuffix: Windows Update for Business reports
description: An overview of Windows Update for Business reports data schema to power additional dashboards and data analysis tools.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
index 2b4f1b8b1a..7fb8613fcf 100644
--- a/windows/deployment/update/wufb-reports-use.md
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -2,8 +2,8 @@
title: Use the Windows Update for Business reports data
titleSuffix: Windows Update for Business reports
description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index d024ceda0d..a8e2e42be7 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -2,8 +2,8 @@
title: Use the workbook for Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: How to use the Windows Update for Business reports workbook from the Azure portal.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/23/2023
+ms.date: 01/29/2024
---
# Windows Update for Business reports workbook
@@ -36,6 +36,8 @@ To access the Windows Update for Business reports workbook:
1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Windows Update for Business reports](wufb-reports-enable.md).
+> [!Important]
+> Don't pin the Windows Update for Business reports workbook to an Azure dashboard. Using a pinned report loads an older copy of the report and it won't display any updates to the report template.
## Summary tab
@@ -72,7 +74,8 @@ The **Quality updates** tab displays generalized data at the top by using tiles.
|**Latest security update**| Count of devices that have reported successful installation of the latest security update. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
| **Missing one security update** | Count of devices that haven't installed the latest security update.| - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).|
| **Missing multiple security updates** | Count of devices that are missing two or more security updates. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
-| **Expedite performance** | Overview of the progress for the expedited deployments of the latest security update. | - Select **View details** to display a flyout with a chart that displays the total progress of each deployment, number of alerts, and count of devices. - Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert. - Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. |
+| **Active alerts** | Count of active update and device alerts for quality updates. | |
+| **Expedite status** | Overview of the progress for the expedited deployments of the latest security update. | Select **View details** to display a flyout with two tabs: **Deployments** and **Readiness** - The **Deployments** tab contins a chart that displays the total progress of each deployment, number of alerts, and count of devices.
- The **Readiness** tab contains a chart that displays the number of devices that are **Eligible** and **Ineligible** to install expedited udpates. The **Readiness** tab also contains a table listing the deployments for expedited updates.
|
-| **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group or from Microsoft Entra groups used with Autopatch groups in **step #2**. The Microsoft Entra device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Microsoft Entra ID when registering devices into its service.
-
-> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code.
-
-> [!NOTE]
-> Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files.
-
-The following table describes some log files and how to use them for troubleshooting purposes:
-
+>
+> Also see the [Windows Error Reporting](windows-error-reporting.md) article in this section for help with locating error codes and log files.
+The following table describes some log files and how to use them for troubleshooting purposes:
|Log file |Phase: Location |Description |When to use|
|---|---|---|---|
-|setupact.log|Down-Level:
$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.
Setup.act is the most important log for diagnosing setup issues.|
-|setupact.log|OOBE:
$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
-|setupact.log|Rollback:
$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
-|setupact.log|Pre-initialization (prior to downlevel):
Windows|Contains information about initializing setup.|If setup fails to launch.|
-|setupact.log|Post-upgrade (after OOBE):
Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
-|setuperr.log|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
-|miglog.xml|Post-upgrade (after OOBE):
Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
-|BlueBox.log|Down-Level:
Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
-|Supplemental rollback logs:
Setupmem.dmp
setupapi.dev.log
Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.
Setupapi: Device install issues - 0x30018
Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
+|**setupact.log**|Down-Level:
$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.
Setup.act is the most important log for diagnosing setup issues.|
+|**setupact.log**|OOBE:
$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
+|**setupact.log**|Rollback:
$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
+|**setupact.log**|Pre-initialization (prior to downlevel):
Windows|Contains information about initializing setup.|If setup fails to launch.|
+|**setupact.log**|Post-upgrade (after OOBE):
Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
+|**setuperr.log**|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
+|**miglog.xml**|Post-upgrade (after OOBE):
Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
+|**BlueBox.log**|Down-Level:
Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
+|Supplemental rollback logs:
**Setupmem.dmp**
**setupapi.dev.log**
Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup attempts to extract a mini-dump.
Setupapi: Device install issues - 0x30018
Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
## Log entry structure
-A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
+A `setupact.log` or `setuperr.log` entry includes the following elements:
-1. **The date and time** - 2016-09-08 09:20:05
+1. **The date and time** - 2023-09-08 09:20:05
+1. **The log level** - Info, Warning, Error, Fatal Error
-2. **The log level** - Info, Warning, Error, Fatal Error
+1. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
+ The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors.
-3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
-
-
- The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors.
-
-
-4. **The message** - Operation completed successfully.
+1. **The message** - Operation completed successfully.
See the following example:
| Date/Time | Log level | Component | Message |
|------|------------|------------|------------|
-|2016-09-08 09:23:50,| Warning | MIG | Couldn't replace object C:\Users\name\Cookies. Target Object can't be removed.|
+|2023-09-08 09:23:50,| Warning | MIG | Couldn't replace object C:\Users\name\Cookies. Target Object can't be removed.|
## Analyze log files
-The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to familiarize yourself with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
+The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to become familiar with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
To analyze Windows Setup log files:
-1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it isn't successful with the upgrade process.
+1. Determine the Windows Setup error code. Windows Setup should return an error code if it isn't successful with the upgrade process.
-2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate.
+1. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate.
-3. Open the log file in a text editor, such as notepad.
+1. Open the log file in a text editor, such as notepad.
-4. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+1. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
-5. To find the last occurrence of the result code:
+1. To find the last occurrence of the result code:
1. Scroll to the bottom of the file and select after the last character.
- 2. Select **Edit**.
- 3. Select **Find**.
- 4. Type the result code.
- 5. Under **Direction** select **Up**.
- 6. Select **Find Next**.
+ 1. Select **Edit**.
+ 1. Select **Find**.
+ 1. Type the result code.
+ 1. Under **Direction** select **Up**.
+ 1. Select **Find Next**.
-6. When you've located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code.
+1. When the last occurrence of the result code is located, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code.
-7. Search for the following important text strings:
+1. Search for the following important text strings:
- `Shell application requested abort`
- `Abandoning apply due to error for object`
-8. Decode Win32 errors that appear in this section.
+1. Decode Win32 errors that appear in this section.
-9. Write down the timestamp for the observed errors in this section.
+1. Write down the timestamp for the observed errors in this section.
-10. Search other log files for additional information matching these timestamps or errors.
+1. Search other log files for additional information matching these timestamps or errors.
-For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
+For example, assume that the error code for an error is **0x8007042B - 0x2000D**. Searching for **8007042B** reveals the following content from the `setuperr.log` file:
> [!NOTE]
-> Some lines in the text below are shortened to enhance readability. For example
->
-> - The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds
+>
+> Some lines in the following text are shortened to enhance readability. For example
+>
+> - The date and time at the start of each line (ex: 2023-10-05 15:27:08) is shortened to minutes and seconds
> - The certificate file name, which is a long text string, is shortened to just "CN."
**setuperr.log** content:
@@ -127,20 +123,20 @@ For example, assume that the error code for an error is 0x8007042B - 0x2000D. Se
27:09, Error SP CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
```
-The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
+The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]**:
```console
27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
```
-The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
+The error **0x00000570** is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: **ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable**.
-Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. Searching the setupact.log file for more details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
+Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. After the `setupact.log` file is searched for more details, the phrase **Shell application requested abort** is found in a location with the same timestamp as the lines in `setuperr.log`. This analysis confirms the suspicion that this file is the cause of the upgrade failure:
**setupact.log** content:
```console
-27:00, Info Gather started at 10/5/2016 23:27:00
+27:00, Info Gather started at 10/5/2023 23:27:00
27:00, Info [0x080489] MIG Setting system object filter context (System)
27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped
27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped
@@ -157,7 +153,7 @@ Therefore, Windows Setup failed because it wasn't able to migrate the corrupt fi
27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened-
27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object.
27:08, Error Gather failed. Last error: 0x00000000
-27:08, Info Gather ended at 10/5/2016 23:27:08 with result 44
+27:08, Info Gather ended at 10/5/2023 23:27:08 with result 44
27:08, Info Leaving MigGather method
27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
```
@@ -166,7 +162,7 @@ Therefore, Windows Setup failed because it wasn't able to migrate the corrupt fi
```console
>>> [Device Install (UpdateDriverForPlugAndPlayDevices) - PCI\VEN_8086&DEV_8C4F]
->>> Section start 2019/09/26 20:13:01.623
+>>> Section start 2023/09/26 20:13:01.623
cmd: rundll32.exe "C:\WINDOWS\Installer\MSI6E4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_95972906 484 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.InstallDrivers
ndv: INF path: C:\WINDOWS\TEMP\{15B1CD41-69F5-48EA-9F45-0560A40FE2D8}\Drivers\lynxpoint\LynxPointSystem.inf
ndv: Install flags: 0x00000000
@@ -250,15 +246,12 @@ Therefore, Windows Setup failed because it wasn't able to migrate the corrupt fi
<<< [Exit status: FAILURE(0xC1900101)]
```
-This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file.
+This analysis indicates that the Windows upgrade error can be resolved by deleting the `C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]` file.
> [!NOTE]
-> In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.
+>
+> In this example, the full file name is `C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f`.
## Related articles
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
+- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors).
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
deleted file mode 100644
index cf7359540a..0000000000
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Resolve Windows 10 upgrade errors - Windows IT Pro
-manager: aaroncz
-ms.author: frankroj
-description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
-ms.prod: windows-client
-author: frankroj
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Resolve Windows 10 upgrade errors: Technical information for IT Pros
-
-**Applies to**
-- Windows 10
-
->[!IMPORTANT]
->This article contains technical instructions for IT administrators. If you are not an IT administrator, try some of the [quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) described in this article then contact [Microsoft Support](https://support.microsoft.com/contactus/) starting with the Virtual Agent. To talk to a person about your issue, click **Get started** to interact with the Virtual Agent, then enter "Talk to a person" two times. The Virtual Agent can also help you to resolve many Windows upgrade issues. Also see: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/help/10587/windows-10-get-help-with-upgrade-installation-errors) and [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
-
-This article contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
-
-The article has been divided into subtopics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
-
-The following four levels are assigned:
-
-Level 100: Basic
-Level 200: Moderate
-Level 300: Moderate advanced
-Level 400: Advanced
-
-## In this guide
-
-See the following topics in this article:
-
-- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
-- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure.
-- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows 10 upgrade errors, and an explanation of phases used during the upgrade process.
-- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows 10 upgrade.
-- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
- - [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.
- - [Extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes): Information about extend codes.
-- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
- - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
- - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
-- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 200\ Causes and mitigation procedures associated with specific error codes.
- - [0xC1900101](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0xc1900101): Information about the 0xC1900101 result code.
- - [0x800xxxxx](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0x800xxxxx): Information about result codes that start with 0x800.
- - [Other result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
- - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
-- [Submit Windows 10 upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
-
-## Related articles
-
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
-
diff --git a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
new file mode 100644
index 0000000000..db42df75b3
--- /dev/null
+++ b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
@@ -0,0 +1,57 @@
+---
+title: Resolve Windows upgrade errors - Windows IT Pro
+manager: aaroncz
+ms.author: frankroj
+description: Resolve Windows upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+author: frankroj
+ms.localizationpriority: medium
+ms.topic: article
+ms.service: windows-client
+ms.subservice: itpro-deploy
+ms.date: 01/18/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
+---
+
+# Resolve Windows upgrade errors: Technical information for IT Pros
+
+> [!IMPORTANT]
+>
+> This article contains technical instructions for IT administrators. The article isn't intended for non-IT administrators such as home or consumer users.
+
+This article contains a brief introduction to the Windows installation processes, and provides resolution procedures that IT administrators can use to resolve issues with a Windows upgrade.
+
+The article is divided into subtopics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
+
+The following four levels are assigned:
+
+- Level 100: Basic
+- Level 200: Moderate
+- Level 300: Moderate advanced
+- Level 400: Advanced
+
+## In this guide
+
+See the following articles in this section:
+
+- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps to take to eliminate many Windows upgrade errors.
+- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help isolate the root cause of an upgrade failure.
+- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows upgrade errors, and an explanation of phases used during the upgrade process.
+- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows upgrade.
+- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
+ - [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.
+ - [Extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes): Information about extend codes.
+- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
+ - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
+ - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
+- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 200\ Causes and mitigation procedures associated with specific error codes.
+ - [0xC1900101](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0xc1900101): Information about the 0xC1900101 result code.
+ - [0x800xxxxx](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0x800xxxxx): Information about result codes that start with 0x800.
+ - [Other result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
+ - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
+- [Submit Windows upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
+
+## Related articles
+
+- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors).
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index 3b512451f5..00ae1403ff 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -1,8 +1,9 @@
---
title: SetupDiag
description: SetupDiag works by examining Windows Setup log files. This article shows how to use the SetupDiag tool to diagnose Windows Setup errors.
-ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.reviewer: shendrix
+ms.service: windows-client
+ms.subservice: itpro-deploy
author: frankroj
manager: aaroncz
ms.author: frankroj
@@ -11,34 +12,34 @@ ms.topic: troubleshooting
ms.collection:
- highpri
- tier2
-ms.date: 10/28/2022
+ms.date: 01/18/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# SetupDiag
-**Applies to**
-- Windows 10
+> [!NOTE]
+>
+> This article is a 300 level article (moderate advanced). See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
->[!NOTE]
->This is a 300 level topic (moderate advanced).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
- [](https://go.microsoft.com/fwlink/?linkid=870142)
+> [!div class="nextstepaction"]
+> [Download the latest version of SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142)
## About SetupDiag
-Current downloadable version of SetupDiag: 1.6.2107.27002.
-> Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues.
+> [!IMPORTANT]
+>
+> When SetupDiag is run manually, Microsoft recommends running the latest version of SetupDiag. The latest version is available via the following [download link](https://go.microsoft.com/fwlink/?linkid=870142). Running the latest version ensures the latest functionality and fixes known issues.
-SetupDiag is a diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful.
+SetupDiag is a diagnostic tool that can be used to obtain details about why a Windows upgrade was unsuccessful.
-SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.
+SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows. SetupDiag can be run on the computer that failed to update. The logs can also be exported from the computer to another location and then running SetupDiag in offline mode.
-## SetupDiag in Windows 10, version 2004 and later
+SetupDiag is included with [Windows Setup](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario) in all currently supported versions of Windows.
-With the release of Windows 10, version 2004, SetupDiag is included with [Windows Setup](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario).
-
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there's an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
+During the upgrade process, Windows Setup extracts all its sources files, including **SetupDiag.exe**, to the **%SystemDrive%\$Windows.~bt\Sources** directory. If there's an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure.
When run by Windows Setup, the following [parameters](#parameters) are used:
@@ -47,145 +48,200 @@ When run by Windows Setup, the following [parameters](#parameters) are used:
- /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml
- /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results
-The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**. Note that the registry path isn't the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the /RegPath parameter isn't specified, data is stored in the registry at HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag.
+The resulting SetupDiag analysis can be found at `%WinDir%\Logs\SetupDiag\SetupDiagResults.xml` and in the registry under `HKLM\SYSTEM\Setup\SetupDiag\Results`.
+
+> [!NOTE]
+>
+> When Windows Setup runs SetupDiag automatically, the registry path isn't the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the `/RegPath` parameter isn't specified, data is stored in the registry at `HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag`.
> [!IMPORTANT]
+>
> When SetupDiag indicates that there were multiple failures, the last failure in the log file is typically the fatal error, not the first one.
-If the upgrade process proceeds normally, the **Sources** directory including **setupdiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **setupdiag.exe** will also be removed.
-
-## Using SetupDiag
-
-To quickly use SetupDiag on your current computer:
-1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137).
-2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
-3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**.
-4. When SetupDiag has finished downloading, open the folder where you downloaded the file. By default, this folder is the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane.
-5. Double-click the **SetupDiag** file to run it. Select **Yes** if you're asked to approve running the program.
- - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You'll need to change directories to the location of SetupDiag to run it this way.
-6. A command window will open while SetupDiag diagnoses your computer. Wait for this process to finish.
-7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file.
-8. Use Notepad to open the log file: **SetupDiagResults.log**.
-9. Review the information that is displayed. If a rule was matched, this information can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below.
-
-For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below.
-
-The [Release notes](#release-notes) section at the bottom of this article has information about recent updates to this tool.
+If the upgrade process proceeds normally, the **Sources** directory including **SetupDiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **SetupDiag.exe** is also removed.
## Requirements
-1. The destination OS must be Windows 10.
-2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you aren't sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions:
+1. The destination version of Windows must be a currently supported version of Windows. The originally installed version of Windows can be a version of Windows that's out of support as long as:
+ - The destination version of Windows is a currently supported version of Windows.
+ - Upgrade to the destination version of Windows is supported from the original installed version of Windows.
+
+1. [.NET Framework 4.7.2](https://go.microsoft.com/fwlink/?linkid=863265) or newer must be installed. To determine which version of .NET is preinstalled with a specific version of Windows, see [.NET Framework system requirements: Supported client operating systems](/dotnet/framework/get-started/system-requirements#supported-client-operating-systems). To determine which version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed).
+
+ The following command-line query can be used to display the currently installed version of .NET:
+
+ ```cmd
+ reg.exe query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
```
- reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
- ```
+
+ As long as at least the required version of .NET is installed, no additional action is required, including if a newer version is installed.
+
+## Using SetupDiag
+
+To quickly use SetupDiag on the current computer:
+
+1. Verify that the system meets the [requirements](#requirements).
+
+1. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
+
+1. If the web browser asks what to do with the file, choose **Save**. By default, the file is saved to the **Downloads** folder. If desired, the file can also be saved to a different location by using **Save As**.
+
+1. When SetupDiag finishes downloading, open the folder where the file was downloaded. By default, this folder is the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane.
+
+1. Double-click the **SetupDiag** file to run it. Select **Yes** if asked to approve running the program.
+
+ Double-clicking the file to run it automatically closes the command window when SetupDiag completes its analysis. To instead keep the window open to review the messages SetupDiag generates, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. When running from a command prompt, make sure to change directories to where SetupDiag is located.
+
+1. A command window opens while SetupDiag diagnoses the computer. Wait for this process to finish.
+
+1. When SetupDiag finishes, two files are created in the same folder where SetupDiag was run from. One is a configuration file, the other is a log file.
+
+1. Use Notepad to open the log file **SetupDiagResults.log**.
+
+1. Review the information that is displayed. If a rule was matched, this information can say why the computer failed to upgrade, and potentially how to fix the problem. See the section [Text log sample](#text-log-sample).
+
+For instructions on how to run the tool in offline mode and with more advanced options, see the sections [Parameters](#parameters) and [Examples](#examples).
## Parameters
| Parameter | Description |
| --- | --- |
-| /? |
|
-| /Output:\
|
-| /LogsPath:\
|
-| /ZipLogs:\
|
-| /Format:\
|
-| /Scenario:\[Recovery\] |
|
-| /Verbose |
|
-| /NoTel |
|
-| /AddReg |
|
-| /RegPath |
|
+| **/?** | Displays interactive help |
+| **/Output:\[Full path and file name for output log file\]** | This optional parameter specifies the name and location for the results log file. The output file contains the analysis from SetupDiag. Only text format output is supported. UNC paths work provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, the entire path must be enclosed in double quotes (**"**). See the [Examples](#examples) sections for an example.
Default: If not specified, SetupDiag creates the file **SetupDiagResults.log** in the same directory where **SetupDiag.exe** is run. |
+| **/LogsPath:\[Full path to logs\]** | This optional parameter specifies the location of logs to parse and where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag recursively searches all child directories. Defaults to checking the current system for logs. |
+| **/ZipLogs:\[True \| False\]** | This optional parameter Tells **SetupDiag.exe** to create a zip file containing the results and all the log files that were parsed. The zip file is created in the same directory where **SetupDiag.exe** is run.
Default: If not specified, a value of 'true' is used. |
+| **/Format:\[xml \| json\]** | This optional parameter specifies the output format for log files to be XML or JSON. If this parameter isn't specified, text format is used by default. |
+| **/Scenario:\[Recovery \| Debug\]** | This optional parameter can do one of the following two items based on the argument used:
|
+| **/Verbose** | This optional parameter creates a diagnostic log in the current directory, with debugging information, additional data, and details about SetupDiag. By default, SetupDiag only produces a log file entry for major errors. Using **/Verbose** causes SetupDiag to always produce another log file with debugging details. These details can be useful when reporting a problem with SetupDiag. |
+| **/NoTel** | This optional parameter tells **SetupDiag.exe** not to send diagnostic telemetry to Microsoft. |
+| **/RegPath** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry under the given path. Registry paths should start with **HKEY_LOCAL_MACHINE** or **HKEY_CURRENT_USER** and be accessible at the elevation level SetupDiag is executed under. If this parameter isn't specified, the default path is **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**. |
+| **/AddReg** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry on the executing system in offline mode. SetupDiag by default adds failure information to the registry in Online mode only. Registry data goes to **HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** unless otherwise specified. |
-Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag.
-- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0, when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter isn't needed.
+> [!NOTE]
+>
+> The **/Mode** parameter is deprecated in SetupDiag.
+>
+> In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In current versions of SetupDiag, when /LogsPath is specified then SetupDiag automatically runs in offline mode, therefore the /Mode parameter isn't needed.
-### Examples:
+### Examples
-In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run).
+- In the following example, SetupDiag is run with default parameters in online mode. The results file is **SetupDiagResults.log** in the same folder where SetupDiag is run.
-```
-SetupDiag.exe
-```
+ ```cmd
+ SetupDiag.exe
+ ```
-In the following example, SetupDiag is run in online mode (this mode is the default). It will know where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
+- In the following example, SetupDiag is run in online mode (this mode is the default). It knows where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
-```
-SetupDiag.exe /Output:C:\SetupDiag\Results.log
-```
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.log
+ ```
-The following example uses the /Output parameter to save results to a path name that contains a space:
+- The following example uses the **/Output** parameter to save results to a path name that contains a space:
-```
-SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log"
-```
+ ```cmd
+ SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log"
+ ```
-The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**.
+- The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**.
-```
-SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
-```
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
+ ```
-The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the results to the directory specified by the /Output parameter.
+- The following example sets recovery scenario in offline mode. In the example, SetupDiag searches for reset/recovery logs in the specified LogsPath location and output the results to the directory specified by the **/Output** parameter.
-```
-SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
-```
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
+ ```
-The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format.
+- The following example sets recovery scenario in online mode. In the example, SetupDiag searches for reset/recovery logs on the current system and output results in XML format.
-```
-SetupDiag.exe /Scenario:Recovery /Format:xml
-```
+ ```cmd
+ SetupDiag.exe /Scenario:Recovery /Format:xml
+ ```
+- The following example is an example of Offline Mode. SetupDiag is instructed to parse setup/upgrade log files in the LogsPath directory and output the results to `C:\SetupDiag\Results.txt`.
+
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.txt /LogsPath:D:\Temp\Logs\Logs1 /RegPath:HKEY_CURRENT_USER\SYSTEM\SetupDiag
+ ```
+
+- The following example is an example of Online Mode. SetupDiag is instructed to look for setup/upgrade logs on the current system and output its results in XML format to `C:\SetupDiag\Results.xml`.
+
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.xml /Format:xml
+ ```
+
+- The following example is an example of Online Mode where no parameters are needed or used. SetupDiag is instructed to look for setup/upgrade logs on the current system and output the results to the same directory where SetupDiag is located.
+
+ ```cmd
+ SetupDiag.exe
+ ```
+
+- The following example is an example of Reset/Recovery Offline Mode. SetupDiag is instructed to look for reset/recovery logs in the specified LogsPath location. It then outputs the results to the directory specified by the **/Output** parameter.
+
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
+ ```
+
+- The following example is an example of Reset/Recovery Online Mode. SetupDiag is instructed to look for reset/recovery logs on the current system and output its results in XML format.
+
+ ```cmd
+ SetupDiag.exe /Scenario:Recovery /Format:xml
+ ```
## Log files
-[Windows Setup Log Files and Event Logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location:
+[Windows Setup Log Files and Event Logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, SetupDiag should be run against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to the offline location:
-\\$Windows.~bt\sources\panther
-
\\$Windows.~bt\Sources\Rollback
-
\Windows\Panther
-
\Windows\Panther\NewOS
+- `\$Windows.~bt\sources\panther`
+- `\$Windows.~bt\Sources\Rollback`
+- `\Windows\Panther`
+- `\Windows\Panther\NewOS`
-If you copy the parent folder and all subfolders, SetupDiag will automatically search for log files in all subdirectories.
+If the parent folder and all subfolders are copied, SetupDiag automatically searches for log files in all subdirectories.
## Setup bug check analysis
-When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It's also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
+When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. This condition is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
-If crash dumps [are enabled](/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup-related minidumps.
+If crash dumps [are enabled](/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup extracts a minidump (`setupmem.dmp`) file. SetupDiag can also debug these setup-related minidumps.
+
+To debug a setup-related bug check:
+
+- Specify the **/LogsPath** parameter. Memory dumps can't be debugged in online mode.
+
+- Gather the setup memory dump file (`setupmem.dmp) from the failing system.
+
+ `Setupmem.dmp` is created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
-To debug a setup-related bug check, you must:
-- Specify the **/LogsPath** parameter. You can't debug memory dumps in online mode.
-- Gather the setup memory dump file (setupmem.dmp) from the failing system.
- - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
- Install the [Windows Debugging Tools](/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag.
-In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag:
+In the following example, the `setupmem.dmp` file is copied to the `D:\Dump` directory and the Windows Debugging Tools are installed prior to running SetupDiag:
-```
+```cmd
SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump
```
## Known issues
-1. Some rules can take a long time to process if the log files involved are large.
-
+- Some rules can take a long time to process if the log files involved are large.
## Sample output
The following command is an example where SetupDiag is run in offline mode.
-```
+```cmd
D:\SetupDiag>SetupDiag.exe /output:c:\setupdiag\result.xml /logspath:D:\Tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e /format:xml
-SetupDiag v1.6.0.0
+SetupDiag v1.7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.
Searching for setup logs...
-Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2019 2:44:20 PM to be the correct setup log.
-Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2019 2:45:19 PM to be the correct rollback log.
+Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2023 2:44:20 PM to be the correct setup log.
+Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2023 2:45:19 PM to be the correct rollback log.
Gathering baseline information from setup logs...
@@ -208,241 +264,108 @@ SetupDiag found 1 matching issue.
SetupDiag results were logged to: c:\setupdiag\results.xml
Logs ZipFile created at: c:\setupdiag\Logs_14.zip
-
```
## Rules
-When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file that is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. For more information, see the [release notes](#release-notes) section.
+When SetupDiag searches log files, it uses a set of rules to match known issues. These rules are contained in an xml file. The xml file might be updated with new and updated rules as new versions of SetupDiag are made available.
-Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS.
+Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term **down-level** refers to the first phase of the upgrade process, which runs under the original OS.
-1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D
- - This rule indicates that `setup.exe` was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade.
-2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE
- - This is an upgrade block when the target OS doesn't support BitLocker, yet the host OS has BitLocker enabled.
-3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC
- - This block happens when the host OS is booted to a VHD image. Upgrade isn't supported when the host OS is booted from a VHD image.
-4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280
- - This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade isn't supported in the Windows To-Go environment.
-5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90
- - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade isn't supported from this state.
-6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B
- - This block indicates that the host OS is booted to Safe Mode, where upgrade isn't supported.
-7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1
- - This block is encountered when setup determines the system partition (where the boot loader files are stored) doesn't have enough space to be serviced with the newer boot files required during the upgrade process.
-8. CompatBlockedApplicationAutoUninstall - BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
- - This rule indicates there's an application that needs to be uninstalled before setup can continue.
-9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9
- - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies "/compat ignorewarning". This rule indicates setup was executed in /quiet mode but there's an application dismissible block message that has prevented setup from continuing.
-10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4
- - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue.
-11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B
- - This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version and needs to be removed prior to the upgrade.
-12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45
- - This rule indicates the host OS and the target OS language editions don't match.
-13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8
- - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine.
-14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
- - This failure indicates the system ran out of disk space during the down-level operations of upgrade.
-15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191
- - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade.
-16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6
- - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade.
-17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6
- - This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details.
-18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1
- - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
-19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C
- - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
-20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7
- - This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes.
-21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37
- - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine.
-22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
- - Finds fatal advanced installer operations that cause setup failures.
-23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781
- - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in and the error code it produced for diagnostic purposes.
-24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29
- - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in and the error code it produced for diagnostic purposes.
-25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043
- - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes.
-26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14
- - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes.
-27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549
- - This rule indicates the update failed to mount a WIM file. It will show the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes.
-28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E
- - Determines if the given setup was a success or not based off the logs.
-29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC
- - Gives information about failures surfaced early in the upgrade process by setuphost.exe
-30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55
- - Gives failure information surfaced by SetupPlatform, later in the down-level phase.
-31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD
- - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly.
-32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1
- - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes.
-33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48
- - Gives last operation, failure phase and error information when a rollback occurs.
-34. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71
- - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported.
-35. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10.
- - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code.
-36. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
- - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code.
-37. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317
- - Matches a specific failure where the advanced installer service or components aren't operating or started on the system. Will output the error code.
-38. UserProfileCreationFailureDuringFinalize - C6677BA6-2E53-4A88-B528-336D15ED1A64
- - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code.
-39. WimApplyExtractFailure - 746879E9-C9C5-488C-8D4B-0C811FF3A9A8
- - Matches a WIM apply failure during WIM extraction phases of setup. Will output the extension, path and error code.
-40. UpdateAgentExpanderFailure - 66E496B3-7D19-47FA-B19B-4040B9FD17E2
- - Matches DPX expander failures in the down-level phase of update from Windows Update. Will output the package name, function, expression and error code.
-41. FindFatalPluginFailure - E48E3F1C-26F6-4AFB-859B-BF637DA49636
- - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code.
-42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
- - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
-43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9
- - Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug-in name, plug-in action and error code.
-44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9
- - Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code.
-45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960
- - Detects all compat blocks from Server compliance plug-ins. Outputs the block information and remediation.
-46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71
- - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code.
-47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E
- - Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration
-48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78
- - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. Outputs the package name and error code.
-49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
- - Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code.
-50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317
- - Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS.
-51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4
- - Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider.
-52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD
- - Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code.
-53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980
- - A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code.
-54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960
- - These are for server upgrades only, will output the compliance block and remediation required.
-55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0
- - Captures failures due to having an unrecognized wimmount.sys driver registered on the system.
-56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C
- - Detects failures in the kernel mode file operations.
-57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE
- - Detects failures in WimMount.sys registration on the system.
-58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C
- - Captures failure information when DISM fails to start an image session successfully.
-59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52
- - Detects failures in down-level phase before setup platform is invoked.
-60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852
- - Captures failure information when setup platform encounters a fatal error.
-61. UserProfileSuffixMismatch - B4BBCCCE-F99D-43EB-9090-078213397FD8
- - Detects when a file or other object causes the migration or creation of a user profile to fail during the update.
-
-## Release notes
-
-07/27/2021 - SetupDiag v1.6.2107.27002 is released with 61 rules, as a standalone tool available in the Download Center.
-- This version contains compliance updates and minor bug fixes.
-- With this release and subsequent releases, the version number of the downloadable SetupDiag tool is different from the one included with Windows Setup.
-
-05/06/2021 - SetupDiag v1.6.1.0 is released with 61 rules, as a standalone tool available in the Download Center.
-- This version of SetupDiag is included with Windows 10, version 21H1.
-- A new rule is added: UserProfileSuffixMismatch.
-- All outputs to the command line are now invariant culture for purposes of time/date format
-- Fixed an issue with registry output in which the "no match found" result caused a corrupted REG_SZ value.
-
-08/08/2019 - SetupDiag v1.6.0.42 is released with 60 rules, as a standalone tool available from the Download Center.
- - Log detection performance is improved. Log detection takes around 10 seconds or less where before it could take up to a minute.
- - Added Setup Operation and Setup Phase information to both the results log and the registry information.
- - This is the last Operation and Phase that Setup was in when the failure occurred.
- - Added detailed Setup Operation and Setup Phase information (and timing) to output log when /verbose is specified.
- - Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore won't be available.
- - Added more info to the Registry output.
- - Detailed 'FailureData' info where available. Example: "AppName = MyBlockedApplication" or "DiskSpace = 6603" (in MB)
- - "Key = Value" data specific to the failure found.
- - Added 'UpgradeStartTime', 'UpgradeEndTime' and 'UpgradeElapsedTime'
- - Added 'SetupDiagVersion', 'DateTime' (to indicate when SetupDiag was executed on the system), 'TargetOSVersion', 'HostOSVersion' and more…
-
-
-06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.
-- All date and time outputs are updated to localized format per user request.
-- Added setup Operation and Phase information to /verbose log.
-- Added last Setup Operation and last Setup Phase information to most rules where it makes sense (see new output below).
-- Performance improvement in searching setupact.logs to determine correct log to parse.
-- Added SetupDiag version number to text report (xml and json always had it).
-- Added "no match" reports for xml and json per user request.
-- Formatted Json output for easy readability.
-- Performance improvements when searching for setup logs; this should be much faster now.
-- Added seven new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
-- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
- - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
- - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it's always up to date.
- - This registry key also gets deleted when a new update instance is invoked.
- - For an example, see [Sample registry key](#sample-registry-key).
-
-05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
-- This release dds the ability to find and diagnose reset and recovery failures (Push-Button Reset).
-
-12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
-- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
- - The FindDownlevelFailure rule is up to 10 times faster.
-- New rules have been added to analyze failures upgrading to Windows 10 version 1809.
-- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
-- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
-- Some functional and output improvements were made for several rules.
-
-07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
-- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but doesn't have debugger binaries installed.
-
-07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
-- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
-- New feature: Ability to output logs in JSON and XML format.
- - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
- - If the "/Format:xml" or "/Format:json" parameter is omitted, the log output format will default to text.
-- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
-- Three new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
-
-05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
-- Fixed a bug in device install failure detection in online mode.
-- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
-- Telemetry is refactored to only send the rule name and GUID (or "NoRuleMatched" if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
-
-05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center.
-- A performance enhancement has been added to result in faster rule processing.
-- Rules output now includes links to support articles, if applicable.
-- SetupDiag now provides the path and name of files that it's processing.
-- You can now run SetupDiag by selecting it and then examining the output log file.
-- An output log file is now always created, whether or not a rule was matched.
-
-03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
+| Rule Name | GUID | Description |
+| --- | --- |
+| **CompatScanOnly** | FFDAFD37-DB75-498A-A893-472D49A1311D | This rule indicates that `setup.exe` was called with a specific command line parameter that indicated setup was to do a compatibility scan only, not an upgrade. |
+| **PlugInComplianceBlock** | D912150B-1302-4860-91B5-527907D08960 | Detects all compatibility blocks from Server compliance plug-ins. This rule is for server upgrades only. It outputs the compliance block and remediation required. |
+| **BitLockerHardblock** | C30152E2-938E-44B8-915B-D1181BA635AE | This block is an upgrade block when the target OS doesn't support BitLocker, yet the host OS has BitLocker enabled. |
+| **VHDHardblock** | D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC | This block happens when the host OS is booted to a VHD image. Upgrade isn't supported when the host OS is booted from a VHD image. |
+| **PortableWorkspaceHardblock** | 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 | This block indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade isn't supported in the Windows To-Go environment. |
+| **AuditModeHardblock** | A03BD71B-487B-4ACA-83A0-735B0F3F1A90 | This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade isn't supported from this state. |
+| **SafeModeHardblock** | 404D9523-B7A8-4203-90AF-5FBB05B6579B | This block indicates that the host OS is booted to Safe Mode, where upgrade isn't supported. |
+| **InsufficientSystemPartitionDiskSpaceHardblock** | 3789FBF8-E177-437D-B1E3-D38B4C4269D1 | This block is encountered when setup determines the system partition doesn't have enough space to be serviced with the newer boot files required during the upgrade process. The system partition is where the boot loader files are stored |
+| **CompatBlockedApplicationAutoUninstall** | BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 | This rule indicates there's an application that needs to be uninstalled before setup can continue. |
+| **CompatBlockedApplicationDismissable** | EA52620B-E6A0-4BBC-882E-0686605736D9 | When setup is run in **/quiet** mode, there are dismissible application messages that turn into blocks unless the command line also specifies **/compat ignorewarning**. This rule indicates setup was executed in **/quiet** mode but there's an application dismissible block message that prevented setup from continuing. |
+| **CompatBlockedFODDismissable** | 7B693C42-793E-4E9E-A10B-ED0F33D45E2A | When setup is run in **/quiet** mode, there are dismissible Feature On Demand messages that turn into blocks unless the command line also specifies **/compat ignorewarning**. This rule indicates setup was executed in **/quiet** mode but there's a Feature On Demand dismissible block message that prevented setup from continuing, usually that the target OS image is missing a Feature On Demand that is installed in the current OS. Removal of the Feature On Demand in the current OS should also resolve the issue.
+| **CompatBlockedApplicationManualUninstall** | 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 | This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This block typically requires manual removal of the files associated with this application to continue. |
+| **GenericCompatBlock** | 511B9D95-C945-4F9B-BD63-98F1465E1CF6 | The rule indicates that system doesn't meet a hardware requirement for running Windows. For example, the device is missing a requirement for TPM 2.0. This issue can occur even when an attempt is made to bypass the hardware requirements. |
+| **GatedCompatBlock** | 34A9F145-3842-4A68-987F-4622EE0FC162 | This rule indicates that the upgrade failed due to a temporary block. A temporary block is put in place when an issue is found with a specific piece of software or hardware driver and the issue has a fix pending. The block is lifted once the fix is widely available. |
+| **HardblockDeviceOrDriver** | ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B | This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version. The device driver needs to be removed prior to the upgrade. |
+| **HardblockMismatchedLanguage** | 60BA8449-CF23-4D92-A108-D6FCEFB95B45 | This rule indicates the host OS and the target OS language editions don't match. |
+| **HardblockFlightSigning** | 598F2802-3E7F-4697-BD18-7A6371C8B2F8 | This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This rule blocks the pre-release signed build from booting if installed on the machine. |
+| **DiskSpaceBlockInDownLevel** | 6080AFAC-892E-4903-94EA-7A17E69E549E | This failure indicates the system ran out of disk space during the down-level operations of upgrade. |
+| **DiskSpaceFailure** | 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 | This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. |
+| **PreReleaseWimMountDriverFound** | 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 | Captures failures due to having an unrecognized `wimmount.sys` driver registered on the system. |
+| **DebugSetupMemoryDump** | C7C63D8A-C5F6-4255-8031-74597773C3C6 | This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag debugs the memory dump and provide details. |
+| **DebugSetupCrash** | CEEBA202-6F04-4BC3-84B8-7B99AED924B1 | This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
+| **DebugMemoryDump** | 505ED489-329A-43F5-B467-FCAAF6A1264C | This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
+| **DeviceInstallHang** | 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 | This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. |
+| **DriverPackageMissingFileFailure** | 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 | This rule indicates that a driver package had a missing file during device install. Updating the driver package might help resolve the issue. |
+| **UnsignedDriverBootFailure** | CD270AA4-C044-4A22-886A-F34EF2E79469 | This rule indicates that an unsigned driver caused a boot failure. |
+| **BootFailureDetected** | 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 | This rule indicates a boot failure occurred during a specific phase of the update. The rule indicates the failure code and phase for diagnostic purposes. |
+| **WinSetupBootFilterFailure** | C073BFC8-5810-4E19-B53B-4280B79E096C | Detects failures in the kernel mode file operations. |
+| **FindDebugInfoFromRollbackLog** | 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 | This rule determines and gives details when a bug check occurs during the setup/upgrade process that resulted in a memory dump. However, a debugger package isn't required on the executing machine. |
+| **AdvancedInstallerFailed** | 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC | Finds fatal advanced installer operations that cause setup failures. Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. |
+| **AdvancedInstallerPluginInstallFailed** | 2F784A0E-CEB1-47C5-8072-F1294C7CB4AE | This rule indicates some component that was being installed via an advanced installer (FeatureOnDemand, Language Packs, .NET packages, etc.) failed to install. The rule calls out what was being installed. If the failed component is a FeatureOnDemand, remove the Windows Feature, reboot, and try the upgrade again. If the failed component is a Language Pack, remove the additional language pack, reboot, and try the upgrade again. |
+| **AdvancedInstallerGenericFailure** | 4019550D-4CAA-45B0-A222-349C48E86F71 | A rule to match AdvancedInstaller read/write failures in a generic sense. Triggers on advanced installer failures in a generic sense. It outputs the application called, phase, mode, component and error code. |
+| **FindMigApplyUnitFailure** | A4232E11-4043-4A37-9BF4-5901C46FD781 | Detects a migration unit failure that caused the update to fail. This rule outputs the name of the migration plug-in and the error code it produced for diagnostic purposes. |
+| **FindMigGatherUnitFailure** | D04C064B-CD77-4E64-96D6-D26F30B4EE29 | Detects a migration gather unit failure that caused the update to fail. This rule outputs the name of the gather unit/plug-in and the error code it produced for diagnostic purposes. |
+| **FindMigGatherApplyFailure** | A9964E6C-A2A8-45FF-B6B5-25E0BD71428E | Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration |
+| **OptionalComponentFailedToGetOCsFromPackage** | D012E2A2-99D8-4A8C-BBB2-088B92083D78 | This rule matches a specific Optional Component failure when attempting to enumerate components in a package. Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. It outputs the package name and error code. This rule replaces the OptionalComponentInstallFailure rule present. |
+| **OptionalComponentOpenPackageFailed** | 22952520-EC89-4FBD-94E0-B67DF88347F6 | Matches a specific Optional Component failure when attempting to open an OC package. It outputs the package name and error code. Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. |
+| **OptionalComponentInitCBSSessionFailed** | 63340812-9252-45F3-A0F2-B2A4CA5E9317 | Matches a specific failure where the advanced installer service or components aren't operating or started on the system. Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. |
+| **CriticalSafeOSDUFailure** | 73566DF2-CA26-4073-B34C-C9BC70DBF043 | This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It indicates the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. |
+| **UserProfileCreationFailureDuringOnlineApply** | 678117CE-F6A9-40C5-BC9F-A22575C78B14 | Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It indicates the operation and error code associated with the failure for diagnostic purposes. |
+| **UserProfileCreationFailureDuringFinalize** | C6677BA6-2E53-4A88-B528-336D15ED1A64 | Matches a specific User Profile creation error during the finalize phase of setup. It outputs the failure code. |
+| **UserProfileSuffixMismatch** | B4BBCCCE-F99D-43EB-9090-078213397FD8 | Detects when a file or other object causes the migration or creation of a user profile to fail during the update. |
+| **DuplicateUserProfileFailure** | BD7B3109-80F1-4421-8F0A-B34CD25F4B51 | This rule indicates a fatal error while migrating user profiles, usually with multiple SIDs associated with a single user profile. This error usually occurs when software creates local user accounts that aren't ever used or signed in with. The rule indicates the SID and UserName of the account that is causing the failure. To attempt to resolve the issue, first back up all the user's files for the affected user account. After the user's files are backed up, delete the account in a supported manner. Make sure that the account isn't one that is needed or is currently used to sign into the device. After deleting the account, reboot, and try the upgrade again. |
+| **WimMountFailure** | BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 | This rule indicates the update failed to mount a WIM file. It shows the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes. |
+| **WimMountDriverIssue** | 565B60DD-5403-4797-AE3E-BC5CB972FBAE | Detects failures in `WimMount.sys` registration on the system. |
+| **WimApplyExtractFailure** | 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 | Matches a WIM apply failure during WIM extraction phases of setup. It outputs the extension, path and error code. |
+| **UpdateAgentExpanderFailure** | 66E496B3-7D19-47FA-B19B-4040B9FD17E2 | Matches DPX expander failures in the down-level phase of update from Windows Update. It outputs the package name, function, expression and error code. |
+| **FindFatalPluginFailure** | E48E3F1C-26F6-4AFB-859B-BF637DA49636 | Matches any plug-in failure that setupplatform decides is fatal to setup. It outputs the plugin name, operation and error code. |
+| **MigrationAbortedDueToPluginFailure** | D07A24F6-5B25-474E-B516-A730085940C9 | Indicates a critical failure in a migration plugin that causes setup to abort the migration. Provides the setup operation, plug-in name, plug-in action and error code. |
+| **DISMAddPackageFailed** | 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 | Indicates a critical failure during a DISM add package operation. Specifies the Package Name, DISM error and add package error code. |
+| **DISMImageSessionFailure** | 61B7886B-10CD-4C98-A299-B987CB24A11C | Captures failure information when DISM fails to start an image session successfully. |
+| **DISMproviderFailure** | D76EF86F-B3F8-433F-9EBF-B4411F8141F4 | Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. |
+| **SysPrepLaunchModuleFailure** | 7905655C-F295-45F7-8873-81D6F9149BFD | Indicates a sysPrep plug-in failed in a critical operation. Indicates the plug-in name, operation name and error code. |
+| **UserProvidedDriverInjectionFailure** | 2247C48A-7EE3-4037-AFAB-95B92DE1D980 | A driver provided to setup (via command line input) failed in some way. Outputs the driver install function and error code. |
+| **DriverMigrationFailure** | 9378D9E2-256E-448C-B02F-137F611F5CE3 | This rule indicates a fatal failure when migrating drivers. |
+| **UnknownDriverMigrationFailure** | D7541B80-5071-42CE-AD14-FBE8C0C4F7FD | This rule indicates a bad driver package resides on the system. The driver package causes the upgrade to fail when the driver package is attempted to migrate to the new OS. The rule usually indicates the driver package name that caused the issue. The remediation is to remove the bad driver package, reboot, and try the upgrade again. If an update to this driver is available from the OEM, updating the driver package is recommended. |
+| | |
+| **FindSuccessfulUpgrade** | 8A0824C8-A56D-4C55-95A0-22751AB62F3E | Determines if the given setup was a success or not based off the logs. |
+| **FindSetupHostReportedFailure** | 6253C04F-2E4E-4F7A-B88E-95A69702F7EC | Gives information about failures surfaced early in the upgrade process by `setuphost.exe` |
+| **FindDownlevelFailure** | 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 | Gives failure information surfaced by SetupPlatform, later in the down-level phase. |
+| **FindAbruptDownlevelFailure** | 55882B1A-DA3E-408A-9076-23B22A0472BD | Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. |
+| **FindEarlyDownlevelError** | A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 | Detects failures in down-level phase before setup platform is invoked. |
+| **FindSPFatalError** | A4028172-1B09-48F8-AD3B-86CDD7D55852 | Captures failure information when setup platform encounters a fatal error. |
+| **FindSetupPlatformFailedOperationInfo** | 307A0133-F06B-4B75-AEA8-116C3B53C2D1 | Gives last phase and error information when SetupPlatform indicates a critical failure. This rule indicates the operation and error associated with the failure for diagnostic purposes. |
+| **FindRollbackFailure** | 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 | Gives last operation, failure phase and error information when a rollback occurs. |
## Sample logs
### Text log sample
-```
+```txt
Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
System Information:
- Machine Name = Offline
- Manufacturer = MSI
- Model = MS-7998
- HostOSArchitecture = x64
- FirmwareType = PCAT
- BiosReleaseDate = 20160727000000.000000+000
- BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
- BiosVersion = 1.70
- HostOSVersion = 10.0.15063
- HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
- TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
- HostOSLanguageId = 2057
- HostOSEdition = Core
- RegisteredAV = Windows Defender,
- FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
- UpgradeStartTime = 3/21/2018 9:47:16 PM
- UpgradeEndTime = 3/21/2018 10:02:40 PM
- UpgradeElapsedTime = 00:15:24
- ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
+ Machine Name = Offline
+ Manufacturer = MSI
+ Model = MS-7998
+ HostOSArchitecture = x64
+ FirmwareType = PCAT
+ BiosReleaseDate = 20160727000000.000000+000
+ BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
+ BiosVersion = 1.70
+ HostOSVersion = 10.0.15063
+ HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
+ TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
+ HostOSLanguageId = 2057
+ HostOSEdition = Core
+ RegisteredAV = Windows Defender,
+ FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
+ UpgradeStartTime = 3/21/2023 9:47:16 PM
+ UpgradeEndTime = 3/21/2023 10:02:40 PM
+ UpgradeElapsedTime = 00:15:24
+ ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
@@ -455,7 +378,7 @@ Refer to https://learn.microsoft.com/windows/deployment/upgrade/upgrade-error-co
```xml
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-## In this topic
-
-This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub.
+This article describes how to submit problems with a Windows upgrade to Microsoft using the Windows Feedback Hub.
## About the Feedback Hub
-The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
+The Feedback Hub app allows reporting to Microsoft of any problems encountered while using Windows. It also allows sending suggestions to Microsoft on how to improve the Windows experience. Previously, the Feedback Hub could only be used through the Windows Insider Program. Now anyone can use this tool. The Feedback Hub app can be downloaded from the [Microsoft Store](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
-The Feedback Hub requires Windows 10. If you're having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information. However, you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you're upgrading to Windows 10 from a previous version of Windows 10, the Feedback Hub will collect log files automatically.
+The Feedback Hub requires a currently supported version of Windows. The Feedback Hub can be used to submit information to Microsoft if problems are encountered while upgrading Windows. If upgrading to a currently supported version of Windows from a previous version that's Windows 10 or newer, the Feedback Hub automatically collects log files. For operating systems prior to Windows 10 that don't support the Feedback Hub, the log files must be manually collected. The log files can then be attached to the feedback item using a device that is running a currently supported version of Windows that supports the Feedback Hub.
## Submit feedback
-To submit feedback about a failed Windows 10 upgrade, select the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md)
+To submit feedback about a failed Windows upgrade, open the [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md).
-The Feedback Hub will open.
+In the Feedback Hub, fill out all four sections with as much detail as possible:
-- Under **Tell us about it**, and then under **Summarize your issue**, type **Upgrade failing**.
-- Under **Give us more detail**, provide additional information about the failed upgrade, such as:
- - When did the failure occur?
- - Were there any reboots?
- - How many times did the system reboot?
- - How did the upgrade fail?
- - Were any error codes visible?
- - Did the computer fail to a blue screen?
- - Did the computer automatically rollback or did it hang, requiring you to power cycle it before it rolled back?
-- Additional details
- - What type of security software is installed?
- - Is the computer up to date with latest drivers and firmware?
- - Are there any external devices connected?
-- If you used the link above, the category and subcategory will be automatically selected. If it isn't selected, choose **Install and Update** and **Windows Installation**.
+1. **Enter your feedback**
+1. **Choose a category**
+1. **Find similar feedback**
+1. **Add more details**
-You can attach a screenshot or file if desired. This is optional, but can be helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
+Recommended information that can be included under the **Add more details** section include:
-Select **Submit** to send your feedback.
+- When did the failure occur?
+ - Were there any reboots?
+ - How many times did the system reboot?
+- How did the upgrade fail?
+ - Were any error codes visible?
+ - Did the computer fail to a blue screen?
+ - Did the computer automatically rollback or did it hang, requiring the computer to be power cycled before it rolled back?
+- What type of security software is installed?
+- Is the computer up to date with latest drivers and firmware?
+- Are there any external devices connected?
-See the following example:
+Using the **Attach a screenshot** and **Attach a file** options allows screenshots or files to be included as part of the feedback item. Attachments and screenshots are optional, but can be helpful when diagnosing the upgrade issue. For example, log files can be included as attachments to the feedback item. The location of the Windows upgrade log files is described in the article [Windows Setup log files and event logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
-
+Finally the **Recreate my problem** option can be used to potentially send additional data and logs for Microsoft to evaluate.
-After you select Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue. You can check on your feedback periodically to see what solutions have been provided.
+Once all the feedback items are completed, select the **Submit** button to send the feedback. Microsoft receives the feedback and begins analyzing the issue. The submitted feedback can be checked on periodically to see what solutions are provided.
-## Link to your feedback
+## Link to the feedback
-After your feedback is submitted, you can email or post links to it by opening the Feedback Hub, clicking My feedback at the top, clicking the feedback item you submitted, clicking **Share**, then copying the short link that is displayed.
+After the feedback is submitted, additional information and items can be added to the feedback item. To do so:
-
+1. Open the [Feedback Hub](feedback-hub:).
+1. At the top of the Feedback Hub, select **My feedback**.
+1. Select the feedback item that was submitted.
+1. Select **Share**.
+1. Copy and then use the short link that is displayed.
+
+:::image type="content" alt-text="Share example." source="../images/share.jpg":::
## Related articles
-
-[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 7686e7d15b..482d812e39 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -1,7 +1,7 @@
---
-title: Windows 10 upgrade paths (Windows 10)
+title: Windows 10 upgrade paths
description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
@@ -10,8 +10,8 @@ ms.topic: conceptual
ms.collection:
- highpri
- tier2
-ms.technology: itpro-deploy
-ms.date: 10/02/2023
+ms.subservice: itpro-deploy
+ms.date: 02/13/2024
appliesto:
- ✅ Windows 10
---
@@ -32,7 +32,7 @@ appliesto:
This article provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. Paths include upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported.
-If you're also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths. However, applications and settings aren't maintained when the Windows edition is downgraded.
+If you're also migrating to a different edition of Windows, see [Windows edition upgrade](windows-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths. However, applications and settings aren't maintained when the Windows edition is downgraded.
- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information.
@@ -99,8 +99,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
## Related articles
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
-
-[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
-
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
\ No newline at end of file
+- [Windows 10 deployment scenarios](../windows-deployment-scenarios.md).
+- [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md).
+- [Windows 10 edition upgrade](windows-edition-upgrades.md).
diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md
index 44c3c79c40..f09b8e67cc 100644
--- a/windows/deployment/upgrade/windows-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-edition-upgrades.md
@@ -3,14 +3,14 @@ title: Windows edition upgrade
description: With Windows, you can quickly upgrade from one edition of Windows to another, provided the upgrade path is supported.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: conceptual
ms.collection:
- highpri
- tier2
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/02/2023
appliesto:
- ✅ Windows 10
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index 57c9590028..6bf70a9220 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -3,30 +3,32 @@ title: Windows error reporting - Windows IT Pro
manager: aaroncz
ms.author: frankroj
description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup.
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.localizationpriority: medium
ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.subservice: itpro-deploy
+ms.date: 01/18/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Windows Error Reporting
-**Applies to**
-- Windows 10
-
> [!NOTE]
-> This is a 300 level topic (moderately advanced).
-> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+>
+> This article is a 300 level article (moderately advanced).
+>
+> See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
-
-When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. You can use Event Viewer to review this event, or you can use Windows PowerShell.
+When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. Event Viewer or Windows PowerShell can be used to review this event.
To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
> [!IMPORTANT]
-> The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable.
+>
+> The following Event logs are only available if Windows was updated from a previous version of Windows to a new version of Windows.
```powershell
$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
@@ -34,37 +36,35 @@ $event = [xml]$events[0].ToXml()
$event.Event.EventData.Data
```
-To use Event Viewer:
+To use Event Viewer:
+
1. Open Event Viewer and navigate to **Windows Logs\Application**.
-2. Select **Find**, and then search for **winsetupdiag02**.
-3. Double-click the event that is highlighted.
+1. Select **Find**, and then search for **winsetupdiag02**.
+1. Double-click the event that is highlighted.
> [!NOTE]
-> For legacy operating systems, the Event Name was WinSetupDiag01.
+>
+> For legacy operating systems, the Event Name was WinSetupDiag01.
Ten parameters are listed in the event:
-| Parameters |
-| ------------- |
-|P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
-|P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
-|P3: New OS Architecture (x=default,0=X86,9=AMD64) |
-|P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
-|**P5: Result Error Code** (Ex: 0xc1900101) |
-|**P6: Extend Error Code** (Ex: 0x20017) |
-|P7: Source OS build (Ex: 9600) |
-|P8: Source OS branch (not typically available) |
-|P9: New OS build (Ex: 16299} |
-|P10: New OS branch (Ex: rs3_release} |
+| Parameters |
+| ------------- |
+| P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
+| P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
+| P3: New OS Architecture (x=default,0=X86,9=AMD64) |
+| P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
+| **P5: Result Error Code** (Ex: 0xc1900101) |
+| **P6: Extend Error Code** (Ex: 0x20017) |
+| P7: Source OS build (Ex: 9600) |
+| P8: Source OS branch (not typically available) |
+| P9: New OS build (Ex: 16299) |
+| P10: New OS branch (Ex: rs3_release) |
-The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below.
+The event also contains links to log files that can be used to perform a detailed diagnosis of the error. The following example is an example of this event from a successful upgrade:
:::image type="content" alt-text="Windows Error Reporting." source="../images/event.png" lightbox="../images/event.png":::
## Related articles
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
\ No newline at end of file
+- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors).
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 4a534442ee..90b71af916 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -3,10 +3,10 @@ title: Windows Upgrade and Migration Considerations (Windows 10)
description: Discover the Microsoft tools you can use to move files and settings between installations including special considerations for performing an upgrade or migration.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 08/09/2023
---
diff --git a/windows/deployment/upgrade/windows-upgrade-paths.md b/windows/deployment/upgrade/windows-upgrade-paths.md
index c8ea3f2dda..1033866907 100644
--- a/windows/deployment/upgrade/windows-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-upgrade-paths.md
@@ -1,7 +1,7 @@
---
-title: Windows upgrade paths
+title: Windows upgrade paths
description: Upgrade to current versions of Windows from a previous version of Windows
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
@@ -10,8 +10,8 @@ ms.topic: conceptual
ms.collection:
- highpri
- tier2
-ms.technology: itpro-deploy
-ms.date: 10/02/2023
+ms.subservice: itpro-deploy
+ms.date: 02/13/2024
appliesto:
- ✅ Windows 10
- ✅ Windows 11
@@ -30,13 +30,13 @@ This article provides a summary of available upgrade paths to currently supporte
- **Windows version upgrade**: You can directly upgrade any General Availability Channel version of Windows to a newer, supported General Availability Channel version of Windows, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information.
- **Upgrade from Windows LTSC to Windows General Availability Channel**: Upgrade from Windows LTSC to Windows General Availability Channel is available when upgrading to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise 22H2. Upgrade is supported using the in-place upgrade process using Windows setup. The Product Key switch needs to be used if apps need to be kept. If the switch isn't used, the option **Keep personal files and apps** option is grayed out. The command line to perform the upgrade is:
-
+
```cmd
setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
```
where **xxxxx-xxxxx-xxxxx-xxxxx-xxxxx** is the Windows General Availability Channel product key. For example, if using a KMS, the command line for Windows Enterprise would be:
-
+
```cmd
setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43
```
@@ -66,6 +66,6 @@ This article provides a summary of available upgrade paths to currently supporte
## Related articles
-- [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
-- [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
-- [Windows edition upgrade](windows-edition-upgrades.md)
\ No newline at end of file
+- [Windows 10 deployment scenarios](../windows-deployment-scenarios.md).
+- [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md).
+- [Windows edition upgrade](windows-edition-upgrades.md).
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 2507bb5313..398bf0db0c 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -4,10 +4,10 @@ description: Plan, collect, and prepare the source computer for migration using
ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 01/09/2024
appliesto:
- ✅ Windows 11
diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md
index 939c96ca6e..0c0c0cd136 100644
--- a/windows/deployment/usmt/migrate-application-settings.md
+++ b/windows/deployment/usmt/migrate-application-settings.md
@@ -4,11 +4,11 @@ description: Learn how to author a custom migration .xml file that migrates the
ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 01/09/2024
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md
index 0465a9e2e2..a78ca35e20 100644
--- a/windows/deployment/usmt/migration-store-types-overview.md
+++ b/windows/deployment/usmt/migration-store-types-overview.md
@@ -4,11 +4,11 @@ description: Learn about the migration store types and how to determine which mi
ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 01/09/2024
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md
index 0b291ae30c..37d0ee09aa 100644
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@@ -4,11 +4,11 @@ description: Offline migration enables the ScanState tool to run inside a differ
ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 01/09/2024
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md
index 76447bf7e6..a0a19e6b05 100644
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@@ -4,11 +4,11 @@ description: Learn how to modify the behavior of a basic User State Migration To
ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 01/09/2024
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index b0dd174acb..389249762f 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -4,11 +4,11 @@ description: This article discusses general and security-related best practices
ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 01/09/2024
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
@@ -46,7 +46,7 @@ This article discusses general and security-related best practices when using Us
- **Chkdsk.exe.**
- Microsoft recommends running **Chkdsk.exe** before running the **ScanState** and **LoadState** tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)).
+ Microsoft recommends running **Chkdsk.exe** before running the **ScanState** and **LoadState** tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/windows-server/administration/windows-commands/chkdsk).
- **Migrate in groups.**
@@ -112,7 +112,7 @@ As the authorized administrator, it's the responsibility to protect the privacy
The migration performance can be affected when the **\
[Perform an in-place upgrade to Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager)|
-
-### Dynamic
-
-|Scenario|Description|More information|
-|--- |--- |--- |
-|[Subscription Activation](#windows-10-subscription-activation)|Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.|[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)|
-|[Microsoft Entra ID / MDM](#dynamic-provisioning)|The device is automatically joined to Microsoft Entra ID and configured by MDM.|[Microsoft Entra integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)|
-|[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)|
-
-### Traditional
-
-|Scenario|Description|More information|
-|--- |--- |--- |
-|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy a Windows 10 image using MDT](/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt)
[Deploy Windows 10 using PXE and Configuration Manager](/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)|
-|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows 7 computer with Windows 10](/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10)
[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)|
-|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows 7 computer with a Windows 10 computer](/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer)
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)|
-
-> [!IMPORTANT]
-> The Windows Autopilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.
-> Except for clean install scenarios such as traditional bare metal and Windows Autopilot, all the methods described can optionally migrate apps and settings to the new OS.
-
-## Modern deployment methods
-
-Modern deployment methods embrace both traditional on-premises and cloud services to deliver a simple, streamlined, and cost effective deployment experience.
-
-### Windows Autopilot
-
-Windows Autopilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows Autopilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
-
-For more information about Windows Autopilot, see [Overview of Windows Autopilot](/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows Autopilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
-
-### In-place upgrade
-
-For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 uses the Windows installation program (Setup.exe) is to perform an in-place upgrade. An in-place upgrade:
-
-- Automatically preserves all data, settings, applications, and drivers from the existing operating system version
-- Requires the least IT effort, because there's no need for any complex deployment infrastructure
-
-Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. Control is accomplished by using tools like Microsoft Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
-
-The in-place upgrade process is designed to be reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by using the automatically created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications don't need to be reinstalled as part of the process.
-
-Existing applications are preserved through the process. So, the upgrade process uses the standard Windows installation media image (Install.wim). Custom images aren't needed and can't be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. (For example, Contoso Timecard 1.0 in Windows 7 and Contoso Timecard 3.0 in the Windows 10 image.)
-
-Scenarios that support in-place upgrade with some other procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
-
-- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 doesn't require UEFI, so it will work fine to upgrade a system using legacy BIOS emulation. After the upgrade, if you wish to enable Windows 10 features that require UEFI (such as Secure Boot), you can convert the system disk to a format that supports UEFI boot using the [MBR2GPT](./mbr-to-gpt.md) tool. Note: [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk has been converted, you must also configure the firmware to boot in UEFI mode.
-
-- **Non-Microsoft disk encryption software**: While devices encrypted with BitLocker can easily be upgraded, more work is necessary for non-Microsoft disk encryption tools. Some ISVs will provide instructions on how to integrate their software into the in-place upgrade process. Check with your ISV to see if they have instructions. The following articles provide details on how to provision encryption drivers for use during Windows Setup via the ReflectDrivers setting:
- - [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
- - [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options)
-
-There are some situations where you can't use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
-
-- Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process can't change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
-
-- Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
-
-- Updating existing images. It can be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image. But, it's not supported. Preparing an upgraded OS via `Sysprep.exe` before capturing an image isn't supported and won't work. When `Sysprep.exe` detects the upgraded OS, it will fail.
-
-- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS. If you use dual-boot or multi-boot systems with multiple operating systems (not using virtual machines for the second and subsequent operating systems), then extra care should be taken.
-
-## Dynamic provisioning
-
-For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image. A custom image was used because a custom image was often faster and easier than using the preinstalled version. However, reimaging with a custom image is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it's now possible to avoid using custom images.
-
-The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
-
-### Windows 10 Subscription Activation
-
-Windows 10 Subscription Activation is a dynamic deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation).
-
-
-
-### Microsoft Entra join with automatic mobile device management (MDM) enrollment
-
-In this scenario, the organization member just needs to provide their work or school user ID and password. The device can then be automatically joined to Microsoft Entra ID and enrolled in a mobile device management (MDM) solution with no other user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Microsoft Entra integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
-
-### Provisioning package configuration
-
-When you use the [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through various means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
-
-These scenarios can be used to enable "choose your own device" (CYOD) programs. With these programs, organization users can pick their own PC and aren't restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
-
-While the initial Windows 10 release includes various provisioning settings and deployment mechanisms, provisioning settings and deployment mechanisms will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for more features through the Windows Feedback app or through their Microsoft Support contacts.
-
-## Traditional deployment
-
-New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md), and [Microsoft Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
-With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important, and will continue to be available to organizations that need them.
-
-The traditional deployment scenario can be divided into different sub-scenarios. These sub-scenarios are explained in detail in the following sections, but the following list provides a brief summary:
-
-- **New computer**: A bare-metal deployment of a new machine.
-- **Computer refresh**: A reinstall of the same machine (with user-state migration and an optional full Windows Imaging (WIM) image backup).
-- **Computer replace**: A replacement of the old machine with a new machine (with user-state migration and an optional full WIM image backup).
-
-### New computer
-
-Also called a "bare metal" deployment. This scenario occurs when you have a blank machine you need to deploy, or an existing machine you want to wipe and redeploy without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). You can also generate a full offline media that includes all the files needed for a client deployment, allowing you to deploy without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
-
-The deployment process for the new machine scenario is as follows:
-
-1. Start the setup from boot media (CD, USB, ISO, or PXE).
-
-2. Wipe the hard disk clean and create new volume(s).
-
-3. Install the operating system image.
-
-4. Install other applications (as part of the task sequence).
-
-After you follow these steps, the computer is ready for use.
-
-### Computer refresh
-
-A refresh is sometimes called wipe-and-load. The process is normally initiated in the running operating system. User data and settings are backed up and restored later as part of the deployment process. The target can be the same as for the new computer scenario.
-
-The deployment process for the wipe-and-load scenario is as follows:
-
-1. Start the setup on a running operating system.
-
-2. Save the user state locally.
-
-3. Wipe the hard disk clean (except for the folder containing the backup).
-
-4. Install the operating system image.
-
-5. Install other applications.
-
-6. Restore the user state.
-
-After you follow these steps, the machine is ready for use.
-
-### Computer replace
-
-A computer replace is similar to the refresh scenario. However, since we're replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
-
-The deployment process for the replace scenario is as follows:
-
-1. Save the user state (data and settings) on the server through a backup job on the running operating system.
-
-2. Deploy the new computer as a bare-metal deployment.
-
- > [!NOTE]
- > In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
-
-## Related articles
-
-- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Upgrade to Windows 10 with Microsoft Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
-- [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)
-- [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-- [Windows setup technical reference](/windows-hardware/manufacture/desktop/windows-setup-technical-reference)
-- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
-- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi)
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
deleted file mode 100644
index 93cf409b93..0000000000
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ /dev/null
@@ -1,188 +0,0 @@
----
-title: Windows 10/11 Enterprise E3 in CSP
-description: Describes Windows 10/11 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10/11 Enterprise edition.
-ms.prod: windows-client
-ms.localizationpriority: medium
-ms.date: 11/23/2022
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: article
-ms.technology: itpro-deploy
----
-
-# Windows 10/11 Enterprise E3 in CSP
-
-*Applies to:*
-
-- Windows 10
-- Windows 11
-
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available.
-
-Windows 10/11 Enterprise E3 in CSP delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following prerequisites:
-
-- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
-- Microsoft Entra available for identity management
-
-You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before with no keys and no reboots. After one of your users enters the Microsoft Entra credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise, and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
-
-Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
-
-When you purchase Windows 10/11 Enterprise E3 via a partner, you get the following benefits:
-
-- **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit doesn't include Long Term Service Branch (LTSB).
-- **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program doesn't have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
-- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
-- **Roll back to Windows 10/11 Pro at any time**. When a user's subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
-- **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
-- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
-
-How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
-
-- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
-- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
-
- - **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
- - **Training**. These benefits include training vouchers, online e-learning, and a home use program.
- - **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
- - **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
-
- In addition, in Windows 10/11 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
-
-In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to the Enterprise edition of Windows 10 or Windows 11.
-
-## Compare Windows 10 Pro and Enterprise editions
-
-Windows 10 Enterprise edition has many features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
-
-### Table 1. Windows 10 Enterprise features not found in Windows 10 Pro
-
-|Feature|Description|
-|--- |--- |
-|Credential Guard|Credential Guard uses virtualization-based security to help protect security secrets so that only privileged system software can access them. Examples of security secrets that can be protected include NTLM password hashes and Kerberos Ticket Granting Tickets. This protection helps prevent Pass-the-Hash or Pass-the-Ticket attacks.
Credential Guard has the following features:
For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).
*Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*|
-|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, they'll be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.
Device Guard protects in the following ways:
For more information, see [Introduction to Device Guard](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
-|AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
-|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users' devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.
For more information, see [Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started).|
-|User Experience Virtualization (UE-V)|With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share.
When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
UE-V provides the following features:
For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).|
-|Managed User Experience|This feature helps customize and lock down a Windows device's user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:
For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy). |
-| Unbranded boot | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it can't recover.
For more information on these settings, see [Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot). |
-| Custom logon | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.
For more information on these settings, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon). |
-| Shell launcher | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.
For more information on these settings, see [Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher). |
-| Keyboard filter | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This isn't desirable on devices intended for a dedicated purpose.
For more information on these settings, see [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter). |
-| Unified write filter | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.
For more information on these settings, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter). |
-
-## Related articles
-
-[Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md)
-[Connect domain-joined devices to Microsoft Entra ID for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
-[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index 364c23a213..3ba1d1b034 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -1,14 +1,14 @@
---
title: How to install fonts missing after upgrading to Windows client
description: Some of the fonts are missing from the system after you upgrade to Windows client.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.topic: article
ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# How to install fonts that are missing after upgrading to Windows client
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
deleted file mode 100644
index 61823c8faa..0000000000
--- a/windows/deployment/windows-10-poc-mdt.md
+++ /dev/null
@@ -1,668 +0,0 @@
----
-title: Step by step - Deploy Windows 10 in a test lab using MDT
-description: In this article, you'll learn how to deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT).
-ms.prod: windows-client
-ms.localizationpriority: medium
-ms.date: 11/23/2022
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
-ms.topic: how-to
-ms.technology: itpro-deploy
----
-
-# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
-
-*Applies to:*
-
-- Windows 10
-
-> [!IMPORTANT]
-> This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide:
->
-> [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
->
-> Complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
->
-> [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
-
-The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
-
-- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
-- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
-- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
-
-This guide uses the Hyper-V server role. If you don't complete all steps in a single session, consider using [checkpoints](/virtualization/hyper-v-on-windows/user-guide/checkpoints) to pause, resume, or restart your work.
-
-## In this guide
-
-This guide provides instructions to install and configure the Microsoft Deployment Toolkit (MDT) to deploy a Windows 10 image.
-
-Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
-
-|Topic|Description|Time|
-|--- |--- |--- |
-|[About MDT](#about-mdt)|A high-level overview of the Microsoft Deployment Toolkit (MDT).|Informational|
-|[Install MDT](#install-mdt)|Download and install MDT.|40 minutes|
-|[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)|A reference image is created to serve as the template for deploying new images.|90 minutes|
-|[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)|The reference image is deployed in the PoC environment.|60 minutes|
-|[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)|Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.|60 minutes|
-|[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)|Back up an existing client computer, then restore this backup to a new computer.|60 minutes|
-|[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)|Log locations and troubleshooting hints.|Informational|
-
-## About MDT
-
-MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Installation (ZTI), and User-Driven Installation (UDI) deployment methods.
-
-- LTI is the deployment method used in the current guide, requiring only MDT and performed with a minimum amount of user interaction.
-
-- ZTI is fully automated, requiring no user interaction and is performed using MDT and Microsoft Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
-
-- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and Microsoft Configuration Manager.
-
-## Install MDT
-
-1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
-
- ```powershell
- $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
- Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
- Stop-Process -Name Explorer
- ```
-
-1. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options.
-
-1. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install) on SRV1 using the default installation settings. Installation might require several minutes to acquire all components.
-
-1. If desired, re-enable IE Enhanced Security Configuration:
-
- ```powershell
- Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
- Stop-Process -Name Explorer
- ```
-
-## Create a deployment share and reference image
-
-A reference image serves as the foundation for Windows 10 devices in your organization.
-
-1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and enter the following command:
-
- ```powershell
- Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
- ```
-
-2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
-
-3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, select **Start**, type **deployment**, and then select **Deployment Workbench**.
-
-4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then select **Pin this program to the taskbar**.
-
-5. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-
-6. Use the following settings for the New Deployment Share Wizard:
- - Deployment share path: **C:\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT build lab**
- - Options: Select **Next** to accept the default
- - Summary: Select **Next**
- - Progress: settings will be applied
- - Confirmation: Select **Finish**
-
-7. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
-
-8. Right-click the **Operating Systems** node, and then select **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and select **Finish**.
-
-9. Right-click the **Windows 10** folder created in the previous step, and then select **Import Operating System**.
-
-10. Use the following settings for the Import Operating System Wizard:
- - OS Type: **Full set of source files**
- - Source: **D:\\**
- - Destination: **W10Ent_x64**
- - Summary: Select **Next**
- - Progress: wait for files to be copied
- - Confirmation: Select **Finish**
-
- For purposes of this test lab, we'll only add the prerequisite .NET Framework feature. Commercial applications (ex: Microsoft Office) won't be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md#add-applications) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) article.
-
-11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-
- - Task sequence ID: **REFW10X64-001**
- - Task sequence name: **Windows 10 Enterprise x64 Default Image**
- - Task sequence comments: **Reference Build**
- - Template: **Standard Client Task Sequence**
- - Select OS: Select **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
- - Specify Product Key: **Do not specify a product key at this time**
- - Full Name: **Contoso**
- - Organization: **Contoso**
- - Internet Explorer home page: `http://www.contoso.com`
- - Admin Password: **Do not specify an Administrator password at this time**
- - Summary: Select **Next**
- - Confirmation: Select **Finish**
-
-12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
-
-13. Select the **Task Sequence** tab. Under **State Restore** select **Tattoo** to highlight it, then select **Add** and choose **New Group**.
-
-14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then select **Apply**. Select another location in the window to see the name change.
-
-15. Select the **Custom Tasks (Pre-Windows Update)** group again, select **Add**, point to **Roles**, and then select **Install Roles and Features**.
-
-16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then select **Apply**.
-
-17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
-
- > [!NOTE]
- > Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
-
-18. Select **OK** to complete editing the task sequence.
-
-19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and select **Properties**, and then select the **Rules** tab.
-
-20. Replace the default rules with the following text:
-
- ```ini
- [Settings]
- Priority=Default
-
- [Default]
- _SMSTSORGNAME=Contoso
- UserDataLocation=NONE
- DoCapture=YES
- OSInstall=Y
- AdminPassword=pass@word1
- TimeZoneName=Pacific Standard Time
- OSDComputername=#Left("PC-%SerialNumber%",7)#
- JoinWorkgroup=WORKGROUP
- HideShell=YES
- FinishAction=SHUTDOWN
- DoNotCreateExtraPartition=YES
- ApplyGPOPack=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=YES
- SkipDomainMembership=YES
- SkipUserData=YES
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=YES
- SkipBitLocker=YES
- SkipSummary=YES
- SkipRoles=YES
- SkipCapture=NO
- SkipFinalSummary=NO
- ```
-
-21. Select **Apply** and then select **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
-
- ```ini
- [Settings]
- Priority=Default
-
- [Default]
- DeployRoot=\\SRV1\MDTBuildLab$
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-
-22. Select **OK** to complete the configuration of the deployment share.
-
-23. Right-click **MDT build lab (C:\MDTBuildLab)** and then select **Update Deployment Share**.
-
-24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice. The update process will take 5 to 10 minutes. When it has completed, select **Finish**.
-
-25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. In MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
-
- > [!TIP]
- > To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
-
-26. Open a Windows PowerShell prompt on the Hyper-V host computer and enter the following commands:
-
- ```powershell
- New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
- Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
- Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
- Start-VM REFW10X64-001
- vmconnect localhost REFW10X64-001
- ```
-
- The VM will require a few minutes to prepare devices and boot from the LiteTouchPE_x86.iso file.
-
-27. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then select **Next**.
-
-28. Accept the default values on the Capture Image page, and select **Next**. Operating system installation will complete after 5 to 10 minutes, and then the VM will reboot automatically. Allow the system to boot normally (don't press a key). The process is fully automated.
-
- Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures:
-
- - Install the Windows 10 Enterprise operating system.
- - Install added applications, roles, and features.
- - Update the operating system using Windows Update (or WSUS if optionally specified).
- - Stage Windows PE on the local disk.
- - Run System Preparation (Sysprep) and reboot into Windows PE.
- - Capture the installation to a Windows Imaging (WIM) file.
- - Turn off the virtual machine.
-
- This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
-
-## Deploy a Windows 10 image using MDT
-
-This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT.
-
-1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then select **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
-
- - **Deployment share path**: C:\MDTProd
- - **Share name**: MDTProd$
- - **Deployment share description**: MDT Production
- - **Options**: accept the default
-
-2. Select **Next**, verify the new deployment share was added successfully, then select **Finish**.
-
-3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then select **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
-
-4. Right-click the **Windows 10** folder created in the previous step, and then select **Import Operating System**.
-
-5. On the **OS Type** page, choose **Custom image file** and then select **Next**.
-
-6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, select **Open**, and then select **Next**.
-
-7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**.
-
-8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** select **OK** and then select **Next**.
-
-9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, select **Next** twice, wait for the import process to complete, and then select **Finish**.
-
-10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then select **OK**. See the following example:
-
- 
-
-### Create the deployment task sequence
-
-1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, select **New Folder** and create a folder with the name: **Windows 10**.
-
-2. Right-click the **Windows 10** folder created in the previous step, and then select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-
- - Task sequence ID: W10-X64-001
- - Task sequence name: Windows 10 Enterprise x64 Custom Image
- - Task sequence comments: Production Image
- - Select Template: Standard Client Task Sequence
- - Select OS: Windows 10 Enterprise x64 Custom Image
- - Specify Product Key: Don't specify a product key at this time
- - Full Name: Contoso
- - Organization: Contoso
- - Internet Explorer home page: `http://www.contoso.com`
- - Admin Password: pass@word1
-
-### Configure the MDT production deployment share
-
-1. On SRV1, open an elevated Windows PowerShell prompt and enter the following commands:
-
- ```powershell
- copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
- copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
- ```
-
-2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then select **Properties**.
-
-3. Select the **Rules** tab and replace the rules with the following text (don't select OK yet):
-
- ```ini
- [Settings]
- Priority=Default
-
- [Default]
- _SMSTSORGNAME=Contoso
- OSInstall=YES
- UserDataLocation=AUTO
- TimeZoneName=Pacific Standard Time
- OSDComputername=#Left("PC-%SerialNumber%",7)#
- AdminPassword=pass@word1
- JoinDomain=contoso.com
- DomainAdmin=administrator
- DomainAdminDomain=CONTOSO
- DomainAdminPassword=pass@word1
- ScanStateArgs=/ue:*\* /ui:CONTOSO\*
- USMTMigFiles001=MigApp.xml
- USMTMigFiles002=MigUser.xml
- HideShell=YES
- ApplyGPOPack=NO
- SkipAppsOnUpgrade=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=YES
- SkipDomainMembership=YES
- SkipUserData=YES
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=NO
- SkipBitLocker=YES
- SkipSummary=YES
- SkipCapture=YES
- SkipFinalSummary=NO
- EventService=http://SRV1:9800
- ```
-
- > [!NOTE]
- > The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
-
- In this example, a **MachineObjectOU** entry isn't provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab, clients are added to the default computers OU, which requires that this parameter be unspecified.
-
- If desired, edit the following line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (`ue`) all users except for CONTOSO users specified by the user include option (ui):
-
- ```cmd
- ScanStateArgs=/ue:*\* /ui:CONTOSO\*
- ```
-
- For example, to migrate **all** users on the computer, replace this line with the following line:
-
- ```cmd
- ScanStateArgs=/all
- ```
-
- For more information, see [ScanState Syntax](/windows/deployment/usmt/usmt-scanstate-syntax).
-
-4. Select **Edit Bootstap.ini** and replace text in the file with the following text:
-
- ```ini
- [Settings]
- Priority=Default
-
- [Default]
- DeployRoot=\\SRV1\MDTProd$
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-
-5. Select **OK** when finished.
-
-### Update the deployment share
-
-1. Right-click the **MDT Production** deployment share and then select **Update Deployment Share**.
-
-2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete.
-
-3. Select **Finish** when the update is complete.
-
-### Enable deployment monitoring
-
-1. In the Deployment Workbench console, right-click **MDT Production** and then select **Properties**.
-
-2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then select **OK**.
-
-3. Verify the monitoring service is working as expected by opening the following link on SRV1: `http://localhost:9800/MDTMonitorEvent/`. If you don't see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](/archive/blogs/mniehaus/troubleshooting-mdt-2012-monitoring).
-
-4. Close Internet Explorer.
-
-### Configure Windows Deployment Services
-
-1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```cmd
- WDSUTIL.exe /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall"
- WDSUTIL.exe /Set-Server /AnswerClients:All
- ```
-
-2. Select **Start**, type **Windows Deployment**, and then select **Windows Deployment Services**.
-
-3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then select **Add Boot Image**.
-
-4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, select **Open**, select **Next**, and accept the defaults in the Add Image Wizard. Select **Finish** to complete adding a boot image.
-
-### Deploy the client image
-
-1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This configuration is just an artifact of the lab environment. In a typical deployment environment WDS wouldn't be installed on the default gateway.
-
- > [!NOTE]
- > Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, enter **`Get-NetIPAddress | ft interfacealias, ipaddress** in a PowerShell prompt.
-
- Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and enter the following command:
-
- ```powershell
- Disable-NetAdapter "Ethernet 2" -Confirm:$false
- ```
-
- >Wait until the disable-netadapter command completes before proceeding.
-
-2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, enter the following commands at an elevated Windows PowerShell prompt:
-
- ```powershell
- New-VM -Name "PC2" -NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
- Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
- ```
-
- Dynamic memory is configured on the VM to conserve resources. However, dynamic memory can cause memory allocation to be reduced below what is required to install an operating system. If memory is reduced below what is required, reset the VM and begin the OS installation task sequence immediately. The reset ensures the VM memory allocation isn't decreased too much while it's idle.
-
-3. Start the new VM and connect to it:
-
- ```powershell
- Start-VM PC2
- vmconnect localhost PC2
- ```
-
-4. When prompted, hit ENTER to start the network boot process.
-
-5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then select **Next**.
-
-6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. Re-enabling the external network adapter is needed so the client can use Windows Update after operating system installation is complete. To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and enter the following command:
-
- ```powershell
- Enable-NetAdapter "Ethernet 2"
- ```
-
-7. On SRV1, in the Deployment Workbench console, select on **Monitoring** and view the status of installation. Right-click **Monitoring** and select **Refresh** if no data is displayed.
-
-8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes. When the new client computer is finished updating, select **Finish**. You'll be automatically signed in to the local computer as administrator.
-
- 
-
-This completes the demonstration of how to deploy a reference image to the network. To conserve resources, turn off the PC2 VM before starting the next section.
-
-## Refresh a computer with Windows 10
-
-This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md).
-
-1. If the PC1 VM isn't already running, then start and connect to it:
-
- ```powershell
- Start-VM PC1
- vmconnect localhost PC1
- ```
-
-2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and performing additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```powershell
- Checkpoint-VM -Name PC1 -SnapshotName BeginState
- ```
-
-3. Sign on to PC1 using the CONTOSO\Administrator account.
-
- Specify **contoso\administrator** as the user name to ensure you don't sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
-
-4. Open an elevated command prompt on PC1 and enter the following command:
-
- ```cmd
- cscript.exe \\SRV1\MDTProd$\Scripts\Litetouch.vbs
- ```
-
- > [!NOTE]
- > For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](/configmgr/core/support/tools).
-
-5. Choose the **Windows 10 Enterprise x64 Custom Image** and then select **Next**.
-
-6. Choose **Do not back up the existing computer** and select **Next**.
-
- > [!NOTE]
- > The USMT will still back up the computer.
-
-7. Lite Touch Installation will perform the following actions:
- - Back up user settings and data using USMT.
- - Install the Windows 10 Enterprise X64 operating system.
- - Update the operating system via Windows Update.
- - Restore user settings and data using USMT.
-
- You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings.
-
-8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
-
-9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```powershell
- Checkpoint-VM -Name PC1 -SnapshotName RefreshState
- ```
-
-10. Restore the PC1 VM to its previous state in preparation for the replace procedure. To restore a checkpoint, enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```powershell
- Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
- Start-VM PC1
- vmconnect localhost PC1
- ```
-
-11. Sign in to PC1 using the contoso\administrator account.
-
-## Replace a computer with Windows 10
-
-At a high level, the computer replace process consists of:
-
-- A special replace task sequence that runs the USMT backup and an optional full Windows Imaging (WIM) backup.
-- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored.
-
-### Create a backup-only task sequence
-
-1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, select **Properties**, select the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
-
-2. Select **OK**, right-click **MDT Production**, select **Update Deployment Share** and accept the default options in the wizard to update the share.
-
-3. enter the following commands at an elevated Windows PowerShell prompt on SRV1:
-
- ```powershell
- New-Item -Path C:\MigData -ItemType directory
- New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE
- icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
- ```
-
-4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and select **New Folder**.
-
-5. Name the new folder **Other**, and complete the wizard using default options.
-
-6. Right-click the **Other** folder and then select **New Task Sequence**. Use the following values in the wizard:
-
- - **Task sequence ID**: REPLACE-001
- - **Task sequence name**: Backup Only Task Sequence
- - **Task sequence comments**: Run USMT to back up user data and settings
- - **Template**: Standard Client Replace Task Sequence (note: this template isn't the default template)
-
-7. Accept defaults for the rest of the wizard and then select **Finish**. The replace task sequence will skip OS selection and settings.
-
-8. Open the new task sequence that was created and review it. Note the enter of capture and backup tasks that are present. Select **OK** when you're finished reviewing the task sequence.
-
-### Run the backup-only task sequence
-
-1. If you aren't already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, enter the following command at an elevated command prompt:
-
- ```cmd
- whoami.exe
- ```
-
-2. To ensure a clean environment before running the backup task sequence, enter the following commands at an elevated Windows PowerShell prompt on PC1:
-
- ```powershell
- Remove-Item c:\minint -recurse
- Remove-Item c:\_SMSTaskSequence -recurse
- Restart-Computer
- ```
-
-3. Sign in to PC1 using the contoso\administrator account, and then enter the following command at an elevated command prompt:
-
- ```cmd
- cscript.exe \\SRV1\MDTProd$\Scripts\Litetouch.vbs
- ```
-
-4. Complete the deployment wizard using the following settings:
-
- - **Task Sequence**: Backup Only Task Sequence
- - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
- - **Computer Backup**: Don't back up the existing computer.
-
-5. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and select the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.
-
-6. On PC1, verify that **The user state capture was completed successfully** is displayed, and select **Finish** when the capture is complete.
-
-7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
-
- ```cmd
- dir C:\MigData\PC1\USMT
-
- Directory: C:\MigData\PC1\USMT
-
- Mode LastWriteTime Length Name
- ---- ------------- ------ ----
- -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG
- ```
-
-### Deploy PC3
-
-1. On the Hyper-V host, enter the following commands at an elevated Windows PowerShell prompt:
-
- ```powershell
- New-VM -Name "PC3" -NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
- Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
- ```
-
-2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, enter the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```powershell
- Disable-NetAdapter "Ethernet 2" -Confirm:$false
- ```
-
- As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
-
-3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```powershell
- Start-VM PC3
- vmconnect localhost PC3
- ```
-
-4. When prompted, press ENTER for network boot.
-
-5. On PC3, use the following settings for the Windows Deployment Wizard:
- - **Task Sequence**: Windows 10 Enterprise x64 Custom Image
- - **Move Data and Settings**: Don't move user data and settings
- - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
-
-6. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
-
- ```powershell
- Enable-NetAdapter "Ethernet 2"
- ```
-
-7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
-
-8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, select **Finish**.
-
-9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
-
-10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
-
-## Troubleshooting logs, events, and utilities
-
-Deployment logs are available on the client computer in the following locations:
-
-- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS
-- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS
-- After deployment: %WINDIR%\TEMP\DeploymentLogs
-
-You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then select **Enable Log**.
-
-Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information.
-
-## Related articles
-
-[Microsoft Deployment Toolkit](/mem/configmgr/mdt/)
-
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index d3c1320d86..c481efb0a5 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -1,8 +1,8 @@
---
title: Steps to deploy Windows 10 with Configuration Manager
description: Learn how to deploy Windows 10 in a test lab using Microsoft Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.service: windows-client
+ms.subservice: itpro-deploy
ms.localizationpriority: medium
manager: aaroncz
ms.author: frankroj
@@ -157,7 +157,7 @@ The procedures in this guide are summarized in the following table. An estimate
You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**.
- If the WMI service isn't started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [WMIDiag](https://blogs.technet.microsoft.com/askperf/2015/05/12/wmidiag-2-2-is-here/) for troubleshooting information.
+ If the WMI service isn't started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [winmgmt](/windows/win32/wmisdk/winmgmt) for troubleshooting information.
5. To extend the Active Directory schema, enter the following command at an elevated Windows PowerShell prompt:
@@ -230,15 +230,9 @@ The procedures in this guide are summarized in the following table. An estimate
## Download MDOP and install DaRT
> [!IMPORTANT]
-> This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/).
-
-
-1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
+1. Download the Microsoft Desktop Optimization Pack 2015 to the Hyper-V host from Visual Studio Online or from the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331) site. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
2. Enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1:
@@ -780,7 +774,7 @@ If you've already completed steps in [Deploy Windows 10 in a test lab using Micr
[Settings]
Priority=Default
Properties=OSDMigrateConfigFiles,OSDMigrateMode
-
+
[Default]
DoCapture=NO
ComputerBackupLocation=NONE
@@ -1092,7 +1086,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
- Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example).
- Select **Next** twice and then select **Close** in both windows.
-3. Select **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Don't proceed until this name is displayed.
+3. Select **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Don't proceed until this name is displayed.
### Create a new deployment
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index 11b304e822..91aadc47e7 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -4,8 +4,8 @@ description: Learn about concepts and procedures for deploying Windows 10 in a p
manager: aaroncz
ms.author: frankroj
author: frankroj
-ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.service: windows-client
+ms.subservice: itpro-deploy
ms.localizationpriority: medium
ms.topic: tutorial
ms.date: 11/23/2022
@@ -118,8 +118,6 @@ The two Windows Server VMs can be combined into a single VM to conserve RAM and
### Verify support and install Hyper-V
-Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
-
1. To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
```cmd
@@ -1046,4 +1044,4 @@ Use the following procedures to verify that the PoC environment is configured pr
## Next steps
-[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
+- [Windows 10 deployment scenarios](windows-deployment-scenarios.md).
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
index d2bf8bb55d..82bb386aa3 100644
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ b/windows/deployment/windows-10-pro-in-s-mode.md
@@ -5,10 +5,10 @@ author: frankroj
ms.author: frankroj
manager: aaroncz
ms.localizationpriority: medium
-ms.prod: windows-client
+ms.service: windows-client
ms.topic: article
ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Switch to Windows 10 Pro or Enterprise from S mode
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
deleted file mode 100644
index b5fc8eb923..0000000000
--- a/windows/deployment/windows-10-subscription-activation.md
+++ /dev/null
@@ -1,260 +0,0 @@
----
-title: Windows subscription activation
-description: In this article, you'll learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions.
-ms.prod: windows-client
-ms.technology: itpro-fundamentals
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.collection:
- - highpri
- - tier2
-ms.topic: conceptual
-ms.date: 11/14/2023
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
----
-
-# Windows subscription activation
-
-The subscription activation feature enables you to "step-up" from Windows Pro edition to Enterprise or Education editions. You can use this feature if you're subscribed to Windows Enterprise E3 or E5 licenses. Subscription activation also supports step-up from Windows Pro Education edition to Education edition.
-
-If you have devices that are licensed for earlier versions of Windows Professional, Microsoft 365 Business Premium provides an upgrade to Windows Pro edition, which is the prerequisite for deploying [Windows Business](/microsoft-365/business-premium/microsoft-365-business-faqs#what-is-windows-10-business).
-
-The subscription activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and then rebooting client devices.
-
-This article covers the following information:
-
-- [Subscription activation](#subscription-activation-for-enterprise): An introduction to subscription activation for Windows Enterprise.
-- [Subscription activation for Education](#subscription-activation-for-education): Information about subscription activation for Windows Education.
-- [Inherited activation](#inherited-activation): Allow virtual machines to inherit activation state from their Windows client host.
-- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows subscription activation model.
-- [Benefits](#benefits): Advantages of subscription-based licensing.
-- [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): How to enable Windows subscription activation for VMs in the cloud.
-
-For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
-
-> [!NOTE]
->
-> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude one of the following cloud apps from their Conditional Access policies using **Select Excluded Cloud Apps**:
->
-> - [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
-> - [Windows Store for Business, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
->
-> Although the app ID is the same in both instances, the name of the cloud app will depend on the tenant.
->
-> For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
-
-## Subscription activation for Enterprise
-
-Windows Enterprise E3 and E5 are available as online services via subscription. You can deploy Windows Enterprise in your organization without keys and reboots.
-
-- Devices with a current Windows Pro edition license can be seamlessly upgraded to Windows Enterprise.
-- Product key-based Windows Enterprise software licenses can be transitioned to Windows Enterprise subscriptions.
-
-Organizations that have an enterprise agreement can also benefit from the service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Microsoft Entra ID using [Microsoft Entra Connect Sync](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
-
-> [!NOTE]
-> Subscription activation is available for qualifying devices running Windows 10 or Windows 11. You can't use subscription activation to upgrade from Windows 10 to Windows 11.
-
-## Subscription activation for Education
-
-Subscription activation for Education works the same as the Enterprise edition, but in order to use subscription activation for Education, you must have a device running Windows Pro Education and an active subscription plan with an Enterprise license. For more information, see the [requirements](#windows-education-requirements) section.
-
-## Inherited activation
-
-Inherited activation allows Windows virtual machines to inherit activation state from their Windows client host. When a user with a Windows E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10 or Windows 11 host, the VM inherits the activation state from a host machine. This behavior is independent of whether the user signs on with a local account or uses a Microsoft Entra account on a VM.
-
-To support inherited activation, both the host computer and the VM must be running a supported version of Windows 10 or Windows 11. The hypervisor platform must also be Windows Hyper-V.
-
-## The evolution of deployment
-
-> [!TIP]
-> The original version of this section can be found at [Changing between Windows SKUs](/archive/blogs/mniehaus/changing-between-windows-skus).
-
-The following list illustrates how deploying Windows client has evolved with each release:
-
-- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
-
-- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade. This process was considered a "repair upgrade", because the OS version was the same before and after. This upgrade was a lot easier than wipe-and-load, but it was still time-consuming.
-
-- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU. This process required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
-
-- **Windows 10, version 1607** made a large leap forward. You could just change the product key and the edition instantly changed from Windows 10 Pro to Windows 10 Enterprise. In addition to provisioning packages and MDM, you can inject a key using slmgr.vbs, which injects the key into WMI. It became trivial to do this process using a command line.
-
-- **Windows 10, version 1703** made this "step-up" from Windows 10 Pro to Windows 10 Enterprise automatic for devices that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
-
-- **Windows 10, version 1709** added support for Windows 10 subscription activation, similar to the CSP support but for large enterprises. This feature enabled the use of Microsoft Entra ID for assigning licenses to users. When users sign in to a device that's joined to Active Directory or Microsoft Entra ID, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
-
-- **Windows 10, version 1803** updated Windows 10 subscription activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It was no longer necessary to run a script to activate Windows 10 Pro before activating Enterprise. For virtual machines and hosts running Windows 10, version 1803, [inherited activation](#inherited-activation) was also enabled.
-
-- **Windows 10, version 1903** updated Windows 10 subscription activation to enable step-up from Windows 10 Pro Education to Windows 10 Education for devices with a qualifying Windows 10 or Microsoft 365 subscription.
-
-- **Windows 11, version 21H2** updated subscription activation to work on both Windows 10 and Windows 11 devices.
-
- > [!IMPORTANT]
- > Subscription activation doesn't update a device from Windows 10 to Windows 11. Only the edition is updated.
-
-## Requirements
-
-### Windows Enterprise requirements
-
-> [!NOTE]
-> The following requirements don't apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only. It supports workgroup, hybrid, and Microsoft Entra joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure virtual machines](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems).
-
-> [!IMPORTANT]
-> As of October 1, 2022, subscription activation is available for *commercial* and *GCC* tenants. It's currently not available on GCC High or DoD tenants. For more information, see [Enable subscription activation with an existing EA](deploy-enterprise-licenses.md#enable-subscription-activation-with-an-existing-ea).
-
-For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following requirements:
-
-- A supported version of Windows Pro or Enterprise edition installed on the devices to be upgraded.
-- Microsoft Entra available for identity management.
-- Devices must be Microsoft Entra joined or Microsoft Entra hybrid joined. Workgroup-joined or Microsoft Entra registered devices aren't supported.
-
-For Microsoft customers that don't have EA or MPSA, you can get Windows Enterprise E3/E5 or A3/A5 licenses through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses. For more information about getting Windows Enterprise E3 through your CSP, see [Windows Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
-
-### Windows Education requirements
-
-- A supported version of Windows Pro Education installed on the devices to be upgraded.
-- A device with a Windows Pro Education digital license. You can confirm this information in **Settings > Update & Security > Activation**.
-- The Education tenant must have an active subscription to Microsoft 365 with a Windows Enterprise license, or a Windows Enterprise or Education subscription.
-- Devices must be Microsoft Entra joined or Microsoft Entra hybrid joined. Workgroup-joined or Microsoft Entra registered devices aren't supported.
-
-> [!IMPORTANT]
-> If Windows 10 Pro is converted to Windows 10 Pro Education by [using benefits available in Store for Education](/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition.
-
-## Benefits
-
-With Windows Enterprise or Education editions, your organization can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Education or Enterprise editions to their users. With Windows Enterprise E3/E5 or A3/A5 being available as an online service, it's available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows features.
-
-To compare Windows 10 editions and review pricing, see the following sites:
-
-- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)
-- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing)
-
-You can benefit by moving to Windows as an online service in the following ways:
-
-- Licenses for Windows Enterprise and Education are checked based on Microsoft Entra credentials. You have a systematic way to assign licenses to end users and groups in your organization.
-
-- User sign-in triggers a silent edition upgrade, with no reboot required.
-
-- Support for mobile worker and "bring your own device" (BYOD) activation. This support transitions away from on-premises KMS and MAK keys.
-
-- Compliance support via seat assignment.
-
-- Licenses can be updated to different users dynamically, which allows you to optimize your licensing investment against changing needs.
-
-## How it works
-
-> [!NOTE]
-> The following examples use Windows 10 Pro to Enterprise edition. The examples also apply to Windows 11, and Education editions.
-
-The device is Microsoft Entra joined from **Settings** > **Accounts** > **Access work or school**.
-
-You assign Windows 10 Enterprise to a user:
-
-
-
-When a licensed user signs in to a device that meets requirements using their Microsoft Entra credentials, Windows steps up from Pro edition to Enterprise. Then all of the Enterprise features are unlocked. When a user's subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro edition, once the current subscription validity expires.
-
-> [!NOTE]
-> Devices running a supported version of Windows 10 Pro Education can get Windows 10 Enterprise or Education general availability channel on up to five devices for each user covered by the license. This benefit doesn't include the long term servicing channel.
-
-The following figure summarizes how the subscription activation model works:
-
-
-
-> [!NOTE]
->
-> - A Windows 10 Pro Education device will only step-up to Windows 10 Education edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
->
-> - A Windows 10 Pro device will only step-up to Windows 10 Enterprise edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
-
-### Scenarios
-
-#### Scenario #1
-
-You're using a supported version of Windows 10. You purchased Windows 10 Enterprise E3 or E5 subscriptions, or you've had an E3 or E5 subscription for a while but haven't yet deployed Windows 10 Enterprise.
-
-All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise. When a subscription activation-enabled user signs in, devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to subscription activated Enterprise edition.
-
-#### Scenario #2
-
-You're using Microsoft Entra joined devices or Active Directory-joined devices running a supported version of Windows 10. You configured Microsoft Entra synchronization. You follow the steps in [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md) to get a $0 SKU, and get a new Windows 10 Enterprise E3 or E5 license in Microsoft Entra ID. You then assign that license to all of your Microsoft Entra users, which can be Active Directory-synced accounts. When that user signs in, the device will automatically change from Windows 10 Pro to Windows 10 Enterprise.
-
-#### Earlier versions of Windows
-
-If devices are running Windows 7, more steps are required. A wipe-and-load approach still works, but it can be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise edition. This path is supported, and completes the move in one step. This method also works for devices with Windows 8.1 Pro.
-
-### Licenses
-
-The following policies apply to acquisition and renewal of licenses on devices:
-
-- Devices that have been upgraded will attempt to renew licenses about every 30 days. They must be connected to the internet to successfully acquire or renew a license.
-
-- If a device is disconnected from the internet, until its current subscription expires Windows will revert to Pro or Pro Education. As soon as the device is connected to the internet again, the license will automatically renew.
-
-- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, on the computer to which a user hasn't logged for the longest time, Windows will revert to Pro or Pro Education.
-
-- If a device meets the requirements and a licensed user signs in on that device, it will be upgraded.
-
-Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
-
-When you have the required Microsoft Entra subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Microsoft Entra ID](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal).
-
-### Existing Enterprise deployments
-
-If you're running a supported version of Windows 10 or Windows 11, subscription activation will automatically pull the firmware-embedded Windows activation key and activate the underlying Pro license. The license will then step-up to Enterprise using subscription activation. This behavior automatically migrates your devices from KMS or MAK activated Enterprise to subscription activated Enterprise.
-
-Subscription activation doesn't remove the need to activate the underlying OS. This requirement still exists for running a genuine installation of Windows.
-
-> [!CAUTION]
-> Firmware-embedded Windows activation happens automatically only during Windows Setup out of box experience (OOBE).
-
-If the computer has never been activated with a Pro key, use the following script from an elevated PowerShell console:
-
-```powershell
-$(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;changepk.exe /Productkey $_ } else { Write-Host "No key present" } }
-```
-
-
-
-### Obtaining a Microsoft Entra ID license
-
-If your organization has an Enterprise Agreement (EA) or Software Assurance (SA):
-
-- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Microsoft Entra ID. Ideally, you assign the licenses to groups using the Microsoft Entra ID P1 or P2 feature for group assignment. For more information, see [Enable subscription activation with an existing EA](./deploy-enterprise-licenses.md#enable-subscription-activation-with-an-existing-ea).
-
-- The license administrator can assign seats to Microsoft Entra users with the same process that's used for Microsoft 365 Apps.
-
-- New EA/SA Windows Enterprise customers can acquire both an SA subscription and an associated $0 cloud subscription.
-
-If your organization has a Microsoft Products & Services Agreement (MPSA):
-
-- New customers are automatically emailed the details of the service. Take steps to process the instructions.
-
-- Existing MPSA customers will receive service activation emails that allow their customer administrator to assign users to the service.
-
-- New MPSA customers who purchase the Software Subscription Windows Enterprise E3 and E5 will be enabled for both the traditional key-based and new subscriptions activation method.
-
-### Deploying licenses
-
-For more information, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
-
-## Virtual Desktop Access (VDA)
-
-Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Microsoft Azure or in another qualified multitenant hoster (QMTH).
-
-Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Microsoft Entra joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md).
-
-## Related sites
-
-Connect domain-joined devices to Microsoft Entra ID for Windows experiences. For more information, see [Plan your Microsoft Entra hybrid join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan)
-
-[Compare Windows editions](https://www.microsoft.com/windows/business/compare-windows-11)
-
-[Windows for business](https://www.microsoft.com/windows/business)
diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index f38cf33ebe..2c3b28dac0 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -1,83 +1,78 @@
---
-title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10)
-description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
+title: Windows ADK for Windows scenarios for IT Pros
+description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that IT Pros can use to deploy Windows.
author: frankroj
ms.author: frankroj
manager: aaroncz
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
-ms.date: 11/23/2022
+ms.date: 02/13/2024
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
-# Windows ADK for Windows 10 scenarios for IT Pros
+# Windows ADK for Windows scenarios for IT Pros
-The [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](/windows-hardware/get-started/what-s-new-in-kits-and-tools).
-
-In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](/windows-hardware/manufacture/desktop/).
-
-Here are some key scenarios that will help you find the content on the MSDN Hardware Dev Center.
+The [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) contains tools that IT Pros can use to deploy Windows. For an overview of what's new in the latest version of the Windows ADK, see [What's new in the ADK tools](/windows-hardware/get-started/what-s-new-in-kits-and-tools). For the ADK reference content, see [Desktop manufacturing](/windows-hardware/manufacture/desktop/).
## Create a Windows image using command-line tools
[DISM](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) is used to mount and service Windows images.
-Here are some things you can do with DISM:
+Here are some things that can be done with DISM:
-- [Mount an offline image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism)
-- [Add drivers to an offline image](/windows-hardware/manufacture/desktop/add-and-remove-drivers-to-an-offline-windows-image)
-- [Enable or disable Windows features](/windows-hardware/manufacture/desktop/enable-or-disable-windows-features-using-dism)
-- [Add or remove packages](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism)
-- [Add language packs](/windows-hardware/manufacture/desktop/add-language-packs-to-windows)
-- [Add Universal Windows apps](/windows-hardware/manufacture/desktop/preinstall-apps-using-dism)
-- [Upgrade the Windows edition](/windows-hardware/manufacture/desktop/change-the-windows-image-to-a-higher-edition-using-dism)
+- [Mount an offline image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
+- [Add and Remove Driver packages to an offline Windows Image](/windows-hardware/manufacture/desktop/add-and-remove-drivers-to-an-offline-windows-image).
+- [Enable or Disable Windows Features Using DISM](/windows-hardware/manufacture/desktop/enable-or-disable-windows-features-using-dism).
+- [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism).
+- [Add languages to Windows images](/windows-hardware/manufacture/desktop/add-language-packs-to-windows).
+- [Preinstall Apps Using DISM](/windows-hardware/manufacture/desktop/preinstall-apps-using-dism).
+- [Change the Windows Image to a Higher Edition Using DISM](/windows-hardware/manufacture/desktop/change-the-windows-image-to-a-higher-edition-using-dism).
-[Sysprep](/windows-hardware/manufacture/desktop/sysprep--system-preparation--overview) prepares a Windows installation for imaging and allows you to capture a customized installation.
+[Sysprep](/windows-hardware/manufacture/desktop/sysprep--system-preparation--overview) prepares a Windows installation for imaging and allows capturing a customized Windows installation.
-Here are some things you can do with Sysprep:
+Here are some things that can be done with Sysprep:
-- [Generalize a Windows installation](/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation)
-- [Customize the default user profile](/windows-hardware/manufacture/desktop/customize-the-default-user-profile-by-using-copyprofile)
-- [Use answer files](/windows-hardware/manufacture/desktop/use-answer-files-with-sysprep)
+- [Generalize a Windows installation](/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation#generalize-a-windows-installation).
+- [Customize the default user profile by using CopyProfile](/windows-hardware/manufacture/desktop/customize-the-default-user-profile-by-using-copyprofile).
+- [Use answer files](/windows-hardware/manufacture/desktop/use-answer-files-with-sysprep).
-[Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro) is a small operating system used to boot a computer that doesn't have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system.
+[Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro) is a small operating system used to boot a computer that doesn't have an operating system. Windows PE can be booted into to install a new operating system, recover data, or repair an existing operating system.
-Here are ways you can create a WinPE image:
+A WinPE image can be created using the article [Create bootable Windows PE media](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive). Types of bootable media include:
-- [Create a bootable USB drive](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive)
-- [Create a Boot CD, DVD, ISO, or VHD](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive)
+- [Create a bootable Windows PE USB drive](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive#create-a-bootable-windows-pe-usb-drive).
+- [Create a WinPE ISO, DVD, or CD](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive#create-a-winpe-iso-dvd-or-cd).
+- [Create a Windows PE VHD to use with Hyper-V](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive#create-a-windows-pe-vhd-to-use-with-hyper-v).
[Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is a recovery environment that can repair common operating system problems.
-Here are some things you can do with Windows RE:
+Here are some things that can be done with Windows RE:
-- [Customize Windows RE](/windows-hardware/manufacture/desktop/customize-windows-re)
-- [Push-button reset](/windows-hardware/manufacture/desktop/push-button-reset-overview)
+- [Customize Windows RE](/windows-hardware/manufacture/desktop/customize-windows-re).
+- [Push-button reset](/windows-hardware/manufacture/desktop/push-button-reset-overview).
-[Windows System Image Manager (Windows SIM)](/windows-hardware/customize/desktop/wsim/windows-system-image-manager-technical-reference) helps you create answer files that change Windows settings and run scripts during installation.
+[Windows System Image Manager (WSIM)](/windows-hardware/customize/desktop/wsim/windows-system-image-manager-technical-reference) helps create answer files that change Windows settings and run scripts during Windows installation.
-Here are some things you can do with Windows SIM:
+Here are some things that can be done with WSIM:
-- [Create answer file](/windows-hardware/customize/desktop/wsim/create-or-open-an-answer-file)
-- [Add a driver path to an answer file](/windows-hardware/customize/desktop/wsim/add-a-device-driver-path-to-an-answer-file)
-- [Add a package to an answer file](/windows-hardware/customize/desktop/wsim/add-a-package-to-an-answer-file)
-- [Add a custom command to an answer file](/windows-hardware/customize/desktop/wsim/add-a-custom-command-to-an-answer-file)
+- [Create or Open an Answer File](/windows-hardware/customize/desktop/wsim/create-or-open-an-answer-file).
+- [Add a Device Driver Path to an Answer File](/windows-hardware/customize/desktop/wsim/add-a-device-driver-path-to-an-answer-file).
+- [Add a Package to an Answer File](/windows-hardware/customize/desktop/wsim/add-a-package-to-an-answer-file).
+- [Add a Custom Command to an Answer File](/windows-hardware/customize/desktop/wsim/add-a-custom-command-to-an-answer-file).
-For a list of settings you can change, see [Unattended Windows Setup Reference](/windows-hardware/customize/desktop/unattend/) on the MSDN Hardware Dev Center.
+For a list of settings that can be changed, see [Unattended Windows Setup Reference](/windows-hardware/customize/desktop/unattend/).
### Create a provisioning package using Windows ICD
-Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) or Windows 10 IoT Core (IoT Core) image.
-
-Here are some things you can do with Windows ICD:
-
-- [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
-- [Export a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
+[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows for desktop editions (Home, Pro, Enterprise, and Education) or a Windows IoT Core (IoT Core) image. Creating, applying, and exporting provisioning packages with the Windows ICD is covered in the article [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package).
### IT Pro Windows deployment tools
-There are also a few tools included in the Windows ADK that are specific to IT Pros and this documentation is available on TechNet:
+There are also a few tools included in the Windows ADK that are specific to IT Pros:
- [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)
- [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
index 3e70bd954a..690fe5613b 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
@@ -2,13 +2,13 @@
title: Add and verify admin contacts
description: This article explains how to add and verify admin contacts
ms.date: 09/15/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- tier2
@@ -41,6 +41,6 @@ Your admin contacts will receive notifications about support request updates and
1. Under **Tenant administration** in the **Windows Autopatch** section, select **Admin contacts**.
1. Select **+Add**.
1. Enter the contact details including name, email, phone number and preferred language. For a support ticket, the ticket's primary contact's preferred language will determine the language used for email communications.
-1. Select an [Area of focus](#area-of-focus) and enter details of the contact's knowledge and authority in the specified area of focus.
+1. Select an [Area of focus](#area-of-focus) and enter details of the contact's knowledge and authority in the specified area of focus.
1. Select **Save** to add the contact.
1. Repeat for each area of focus.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index f9ce34d2ae..dd113afcfc 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -1,14 +1,14 @@
---
title: Device registration overview
-description: This article provides an overview on how to register devices in Autopatch
-ms.date: 07/25/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+description: This article provides an overview on how to register devices in Autopatch.
+ms.date: 02/15/2024
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: andredm7
ms.collection:
- highpri
@@ -19,13 +19,13 @@ ms.collection:
Windows Autopatch must [register your existing devices](windows-autopatch-register-devices.md) into its service to manage update deployments on your behalf.
-The Windows Autopatch device registration process is transparent for end-users because it doesn’t require devices to be reset.
+The Windows Autopatch device registration process is transparent for end-users because it doesn't require devices to be reset.
The overall device registration process is as follows:
:::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
-1. IT admin reviews [Windows Autopatch device registration prerequisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) prior to register devices with Windows Autopatch.
+1. IT admin reviews [Windows Autopatch device registration prerequisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) before registering devices with Windows Autopatch.
2. IT admin identifies devices to be managed by Windows Autopatch through either adding device-based Microsoft Entra groups as part of the [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md) or the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md).
3. Windows Autopatch then:
1. Performs device readiness prior registration (prerequisite checks).
@@ -47,12 +47,12 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
| ----- | ----- |
| **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group
|
-| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:
|
-| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:
|
-| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to two deployment ring sets, the first one being the service-based deployment ring set represented by the following Microsoft Entra groups:
|
+| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:
|
+| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:
|
+| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to two deployment ring sets, the first one being the service-based deployment ring set represented by the following Microsoft Entra groups:
|
| **Step 7: Assign devices to a Microsoft Entra group** | Windows Autopatch also assigns devices to the following Microsoft Entra groups when certain conditions apply:
|
-| **Step 8: Post-device registration** | In post-device registration, three actions occur:
|
+| **Step 8: Post-device registration** | In post-device registration, three actions occur:
|
| **Step 9: Review device registration status** | IT admins review the device registration status in both the **Registered** and **Not registered** tabs.
|
| **Step 10: End of registration workflow** | This is the end of the Windows Autopatch device registration workflow. |
@@ -67,7 +67,7 @@ As described in **step #4** in the previous [Detailed device registration workfl
During the tenant enrollment process, Windows Autopatch creates two different deployment ring sets:
- [Service-based deployment ring set](../deploy/windows-autopatch-groups-overview.md#service-based-deployment-rings)
-- [Software update-based deployment ring set](../deploy/windows-autopatch-groups-overview.md#software-based-deployment-rings)
+- [Software update-based deployment ring set](../deploy/windows-autopatch-groups-overview.md#software-based-deployment-rings)
The following four Microsoft Entra ID assigned groups are used to organize devices for the service-based deployment ring set:
@@ -86,7 +86,7 @@ The five Microsoft Entra ID assigned groups that are used to organize devices fo
| Windows Autopatch - Ring1 | First production deployment ring for early adopters. |
| Windows Autopatch - Ring2 | Fast deployment ring for quick rollout and adoption. |
| Windows Autopatch - Ring3 | Final deployment ring for broad rollout into the organization. |
-| Windows Autopatch - Last | Optional deployment ring for specialized devices or VIP/executives that must receive software update deployments after it’s well tested with early and general populations in an organization. |
+| Windows Autopatch - Last | Optional deployment ring for specialized devices or VIP/executives that must receive software update deployments after it's well tested with early and general populations in an organization. |
In the software-based deployment ring set, each deployment ring has a different set of update deployment policies to control the updates rollout.
@@ -94,7 +94,7 @@ In the software-based deployment ring set, each deployment ring has a different
> Adding or importing devices directly into any of these groups isn't supported. Doing so might affect the Windows Autopatch service. To move devices between these groups, see [Moving devices in between deployment rings](#moving-devices-in-between-deployment-rings).
> [!IMPORTANT]
-> Windows Autopatch device registration doesn't assign devices to the Test deployment rings of either the service-based (**Modern Workplace Devices-Windows Autopatch-Test**), or software updates-based (**Windows Autopatch – Test and Windows Autopatch – Last**) in the Default Autopatch group. This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments.
+> Windows Autopatch device registration doesn't assign devices to the Test deployment rings of either the service-based (**Modern Workplace Devices-Windows Autopatch-Test**), or software updates-based (**Windows Autopatch - Test and Windows Autopatch - Last**) in the Default Autopatch group. This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments.
During the device registration process, Windows Autopatch assigns each device to a [service-based and software-update based deployment ring](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings) so that the service has the proper representation of device diversity across your organization.
@@ -107,15 +107,15 @@ The deployment ring distribution is designed to release software update deployme
The Windows Autopatch deployment ring calculation occurs during the device registration process and it applies to both the [service-based and the software update-based deployment ring sets](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings):
-- If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is First **(5%)**, Fast **(15%)**, remaining devices go to the Broad ring **(80%)**.
-- If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**.
+- If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is First **(5%)**, Fast **(15%)**, remaining devices go to the Broad ring **(80%)**.
+- If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**.
> [!NOTE]
> You can customize the deployment ring calculation logic by editing the Default Autopatch group.
| Service-based deployment ring | Default Autopatch group deployment ring | Default device balancing percentage | Description |
| ----- | ----- | ----- | ----- |
-| Test | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:
Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
+| Test | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:
Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
| First | Ring 1 | **1%** | The First ring is the first group of production users to receive a change.
|
|
-The status of each post-device registration readiness check is shown in the Windows Autopatch’s Devices blade under the **Not ready** tab. You can take appropriate action(s) on devices that aren't ready to be fully managed by the Windows Autopatch service.
+The status of each post-device registration readiness check is shown in the Windows Autopatch's Devices blade under the **Not ready** tab. You can take appropriate action(s) on devices that aren't ready to be fully managed by the Windows Autopatch service.
## About the three tabs in the Devices blade
@@ -57,8 +57,8 @@ Windows Autopatch has three tabs within its Devices blade. Each tab is designed
| Tab | Description |
| ----- | ----- |
| Ready | This tab only lists devices with the **Active** status. Devices with the **Active** status successfully:
This tab also lists devices that have passed all postdevice registration readiness checks. |
-| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.
|
-| Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn’t pass one or more prerequisite checks during the device registration process. |
+| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.
|
+| Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn't pass one or more prerequisite checks during the device registration process. |
## Details about the post-device registration readiness checks
@@ -76,12 +76,12 @@ The following list of post-device registration readiness checks is performed in
| ----- | ----- |
| **Windows OS build, architecture, and edition** | Checks to see if devices support Windows 1809+ build (10.0.17763), 64-bit architecture and either Pro or Enterprise SKUs. |
| **Windows update policies managed via Microsoft Intune** | Checks to see if devices have Windows Updates policies managed via Microsoft Intune (MDM). |
-| **Windows update policies managed via Group Policy Object (GPO)** | Checks to see if devices have Windows update policies managed via GPO. Windows Autopatch doesn’t support Windows update policies managed via GPOs. Windows update must be managed via Microsoft Intune. |
-| **Microsoft Office update policy managed via Group Policy Object (GPO)** | Checks to see if devices have Microsoft Office updates policies managed via GPO. Windows Autopatch doesn’t support Microsoft Office update policies managed via GPOs. Office updates must be managed via Microsoft Intune or another Microsoft Office policy management method where Office update bits are downloaded directly from the Office Content Delivery Network (CDN). |
+| **Windows update policies managed via Group Policy Object (GPO)** | Checks to see if devices have Windows update policies managed via GPO. Windows Autopatch doesn't support Windows update policies managed via GPOs. Windows update must be managed via Microsoft Intune. |
+| **Microsoft Office update policy managed via Group Policy Object (GPO)** | Checks to see if devices have Microsoft Office updates policies managed via GPO. Windows Autopatch doesn't support Microsoft Office update policies managed via GPOs. Office updates must be managed via Microsoft Intune or another Microsoft Office policy management method where Office update bits are downloaded directly from the Office Content Delivery Network (CDN). |
| **Windows Autopatch network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service. |
| **Microsoft Teams network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Teams must be able to reach for software updates management. |
| **Microsoft Edge network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Edge must be able to reach for software updates management. |
-| **Internet connectivity** | Checks to see if a device has internet connectivity to communicate with Microsoft cloud services. Windows Autopatch uses the PingReply class. Windows Autopatch tries to ping at least three different Microsoft’s public URLs two times each, to confirm that ping results aren't coming from the device’s cache. |
+| **Internet connectivity** | Checks to see if a device has internet connectivity to communicate with Microsoft cloud services. Windows Autopatch uses the PingReply class. Windows Autopatch tries to ping at least three different Microsoft's public URLs two times each, to confirm that ping results aren't coming from the device's cache. |
## Post-device registration readiness checks workflow
@@ -93,8 +93,8 @@ See the following diagram for the post-device registration readiness checks work
| ----- | ----- |
| **Steps 1-7** | For more information, see the [Device registration overview diagram](windows-autopatch-device-registration-overview.md).|
| **Step 8: Perform readiness checks** |
|
-| **Step 9: Check readiness status** |
|
-| **Step 10: Add devices to the Not ready** | When devices don’t pass one or more readiness checks, even if they’re registered with Windows Autopatch, they’re added to the **Not ready** tab so IT admins can remediate devices based on Windows Autopatch recommendations. |
+| **Step 9: Check readiness status** |
|
+| **Step 10: Add devices to the Not ready** | When devices don't pass one or more readiness checks, even if they're registered with Windows Autopatch, they're added to the **Not ready** tab so IT admins can remediate devices based on Windows Autopatch recommendations. |
| **Step 11: IT admin understands what the issue is and remediates** | The IT admin checks and remediates issues in the Devices blade (**Not ready** tab). It can take up to 24 hours for devices to show back up into the **Ready** tab. |
## FAQ
@@ -102,7 +102,7 @@ See the following diagram for the post-device registration readiness checks work
| Question | Answer |
| ----- | ----- |
| **How frequent are the post-device registration readiness checks performed?** |
|
-| **What to expect when one or more checks fail?** | Devices are automatically sent to the **Ready** tab once they're successfully registered with Windows Autopatch. When devices don’t meet one or more post-device registration readiness checks, the devices are moved to the **Not ready** tab. IT admins can learn about these devices and take appropriate actions to remediate them. Windows Autopatch will provide information about the failure and how to potentially remediate devices.
+> When you create a custom Windows feature update release, new Windows feature update policies are:
## Common ways to manage releases
@@ -159,7 +159,7 @@ The following table details the default Windows Update rings policy values that
| Scenario | Solution |
| ----- | ----- |
-| You’re working as the IT admin at Contoso Ltd., and you need to gradually rollout of Windows 11’s latest version to several business units across your organization. | Custom Windows feature update releases deliver OS upgrades horizontally, through phases, to one or more Autopatch groups.
Phases:
See the following visual for a representation of Phases with custom releases. |
+| You're working as the IT admin at Contoso Ltd., and you need to gradually rollout of Windows 11's latest version to several business units across your organization. | Custom Windows feature update releases deliver OS upgrades horizontally, through phases, to one or more Autopatch groups.
Phases:
See the following visual for a representation of Phases with custom releases. |
:::image type="content" source="../media/autopatch-groups-manage-feature-release-case-1.png" alt-text="Manage Windows feature update release use case one" lightbox="../media/autopatch-groups-manage-feature-release-case-1.png":::
@@ -167,6 +167,6 @@ The following table details the default Windows Update rings policy values that
| Scenario | Solution |
| ----- | ----- |
-| You’re working as the IT admin at Contoso Ltd. and your organization isn’t ready to upgrade its devices to either Windows 11 or the newest Windows 10 OS versions due to conflicting project priorities within your organization.
If you don't have co-management, see [How to use co-management in Configuration Manager](/mem/configmgr/comanage/how-to-enable) |
| **2** | Use required co-management workloads | Using Windows Autopatch requires that your managed devices use the following three co-management workloads:
If you have these workloads configured, you meet the key requirements to use Windows Autopatch. If you don't have these workloads configured, review [How to switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads) |
| **3** | Prepare your policies | You should consider any existing policy configurations in your Configuration Manager (or on-premises) environment that could impact your deployment of Windows Autopatch. For more information, review [General considerations](#general-considerations) |
-| **4** | Ensure Configuration Manager collections or Microsoft Entra device groups readiness | To move devices to Windows Autopatch, you must register devices with the Windows Autopatch service. To do so, use either Microsoft Entra device groups, or Configuration Manager collections. Ensure you have either Microsoft Entra device groups or Configuration Manager collections that allow you to evaluate, pilot and then migrate to the Windows Autopatch service. For more information, see [Register your devices](../deploy/windows-autopatch-register-devices.md#before-you-begin). |
+| **4** | Ensure Configuration Manager collections or Microsoft Entra device groups readiness | To move devices to Windows Autopatch, you must register devices with the Windows Autopatch service. To do so, use either Microsoft Entra device groups, or Configuration Manager collections. Ensure you have either Microsoft Entra device groups or Configuration Manager collections that allow you to evaluate, pilot and then migrate to the Windows Autopatch service. For more information, see [Register your devices](../deploy/windows-autopatch-register-devices.md#before-you-begin). |
### Optimized deployment path: Configuration Manager to Windows Autopatch
@@ -195,7 +196,7 @@ Once you have assessed your readiness state to ensure you're aligned to Windows
## General considerations
-As part of your planning process, you should consider any existing enterprise configurations in your environment that could affect your deployment of Windows Autopatch.
+As part of your planning process, you should consider any existing enterprise configurations in your environment that could affect your deployment of Windows Autopatch.
Many organizations have existing policies and device management infrastructure, for example:
@@ -258,7 +259,7 @@ For example, Configuration Manager Software Update Policy settings exclude Autop
| Enable management of the Office 365 Client Agent | No |
> [!NOTE]
-> There is no requirement to create a Configuration Manager Software Update Policy if the policies aren’t in use.
+> There is no requirement to create a Configuration Manager Software Update Policy if the policies aren't in use.
#### Existing Mobile Device Management (MDM) policies
@@ -270,7 +271,7 @@ For example, Configuration Manager Software Update Policy settings exclude Autop
#### Servicing profiles for Microsoft 365 Apps for enterprise
-You can use automation to deliver monthly updates to Microsoft 365 Apps for enterprise directly from the Office Content Delivery Network (CDN) using [Servicing profiles](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#compatibility-with-servicing-profiles). A servicing profile takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#device-eligibility) regardless of existing management tools in your environment.
+You can use automation to deliver monthly updates to Microsoft 365 Apps for enterprise directly from the Office Content Delivery Network (CDN) using [Servicing profiles](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#compatibility-with-servicing-profiles). A servicing profile takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#device-eligibility) regardless of existing management tools in your environment.
You can consider retargeting servicing profiles to non-Windows Autopatch devices or if you plan to continue using them, you can [block Windows Autopatch delivered Microsoft 365 App updates](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#allow-or-block-microsoft-365-app-updates) for Windows Autopatch-enrolled devices.
@@ -285,14 +286,14 @@ Part of your planning might require articulating the business benefits of moving
## Stakeholder communications
-Change management relies on clear and helpful communication about upcoming changes. The best way to have a smooth deployment is to make sure end users and stakeholders are aware of all changes and disruptions. Your rollout communication plan should include all pertinent information, how to notify users, and when to communicate.
+Change management relies on clear and helpful communication about upcoming changes. The best way to have a smooth deployment is to make sure end users and stakeholders are aware of all changes and disruptions. Your rollout communication plan should include all pertinent information, how to notify users, and when to communicate.
- Identify groups impacted by the Autopatch deployment
- Identify key stakeholders in the impacted groups
- Determine the types of communications needed
- Develop your messaging based on the [Recommended deployment steps](#recommended-deployment-steps)
- Create your stakeholder and communication plan schedule based on the [Recommended deployment steps](#recommended-deployment-steps)
-- Have communications drafted and reviewed, and consider your delivery channels such as:
+- Have communications drafted and reviewed, and consider your delivery channels such as:
- Social media posts
- Internal messaging app (for example, Microsoft Teams)
- Internal team site
@@ -318,7 +319,7 @@ If you need assistance with your Windows Autopatch deployment journey, you have
- [Tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md)
- [General support request](../operate/windows-autopatch-support-request.md)
-First contact your Microsoft Account team who can work with you to establish any guidance or support you might need. If you don't have a Microsoft Account Team contact or wish to explore other routes, Microsoft FastTrack offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. Finally, you can also log a support request with the Windows Autopatch Service Engineering Team.
+First contact your Microsoft Account team who can work with you to establish any guidance or support you might need. If you don't have a Microsoft Account Team contact or wish to explore other routes, Microsoft FastTrack offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. Finally, you can also log a support request with the Windows Autopatch Service Engineering Team.
### Windows Autopatch Private Community (APC)
@@ -332,6 +333,6 @@ Once you're underway with your deployment, consider joining the [Windows Autopat
- Teams discussions
- Previews
-### Windows Autopatch Technology Adoption Program (TAP)
+### Windows Autopatch Technology Adoption Program (TAP)
If you have at least 500 devices enrolled in the service, and will test and give Microsoft feedback at least once a year, consider signing up to the [Windows Autopatch Technology Adoption Program (TAP)](https://aka.ms/JoinWindowsAutopatchTAP) to try out new and upcoming Windows Autopatch features.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index 3f0e20c935..365c39fc3b 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -2,16 +2,16 @@
metadata:
title: Windows Autopatch - Frequently Asked Questions (FAQ)
description: Answers to frequently asked questions about Windows Autopatch.
- ms.prod: windows-client
+ ms.service: windows-client
ms.topic: faq
ms.date: 12/04/2023
audience: itpro
ms.localizationpriority: medium
- manager: dougeby
+ manager: aaroncz
author: tiaraquan
ms.author: tiaraquan
ms.reviwer: hathind
- ms.technology: itpro-updates
+ ms.subservice: itpro-updates
title: Frequently Asked Questions about Windows Autopatch
summary: This article answers frequently asked questions about Windows Autopatch.
sections:
@@ -28,9 +28,9 @@ sections:
Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.
- question: Does Windows Autopatch support Windows Education (A3/A5) or Windows Front Line Worker (F3) licensing?
answer: |
- Autopatch isn't available for 'A'. Windows Autopatch supports some 'F' series licensing. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
+ Autopatch isn't available for 'A'. Windows Autopatch supports some 'F' series licensing. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
- question: Will Windows Autopatch support local domain join Windows 10?
- answer: |
+ answer: |
Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Microsoft Entra join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
- question: Will Windows Autopatch be available for state and local government customers?
answer: |
@@ -46,8 +46,8 @@ sections:
- [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
- [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
- [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
-
- Additional prerequisites for devices managed by Configuration Manager:
+
+ Additional prerequisites for devices managed by Configuration Manager:
- [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements)
- [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions)
@@ -77,11 +77,11 @@ sections:
- question: Can you change the policies and configurations created by Windows Autopatch?
answer: |
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
- - question: How can I represent our organizational structure with our own deployment cadence?
+ - question: How can I represent our organizational structure with our own deployment cadence?
answer: |
[Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).
- name: Update management
- questions:
+ questions:
- question: What systems does Windows Autopatch update?
answer: |
- Windows 10/11 quality updates: Windows Autopatch manages all aspects of deployment rings.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
index 62ac288ad4..6e49a4703c 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
@@ -2,16 +2,17 @@
title: What is Windows Autopatch?
description: Details what the service is and shortcuts to articles.
ms.date: 08/08/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.collection:
- highpri
- tier1
+ - essentials-overview
ms.reviewer: hathind
---
@@ -26,8 +27,8 @@ Rather than maintaining complex digital infrastructure, businesses want to focus
- **Close the security gap**: Windows Autopatch keeps software current, there are fewer vulnerabilities and threats to your devices.
- **Close the productivity gap**: Windows Autopatch adopts features as they're made available. End users get the latest tools to amplify their collaboration and work.
- **Optimize your IT admin resources**: Windows Autopatch automates routine endpoint updates. IT pros have more time to create value.
-- **On-premises infrastructure**: Transitioning to the world of software as a service (SaaS) allows you to minimize your investment in on-premises hardware since updates are delivered from the cloud.
-- **Onboard new services**: Windows Autopatch makes it easy to enroll and minimizes the time required from your IT Admins to get started.
+- **On-premises infrastructure**: Transitioning to the world of software as a service (SaaS) allows you to minimize your investment in on-premises hardware since updates are delivered from the cloud.
+- **Onboard new services**: Windows Autopatch makes it easy to enroll and minimizes the time required from your IT Admins to get started.
- **Minimize end user disruption**: Windows Autopatch releases updates in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.
Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
index 0e481d7a66..4ef883d665 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
@@ -2,17 +2,18 @@
title: Privacy
description: This article provides details about the data platform and privacy compliance for Autopatch
ms.date: 09/13/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
+ - essentials-privacy
---
# Privacy
@@ -83,7 +84,7 @@ Windows Autopatch creates and uses guest accounts using just-in-time access func
| Account name | Usage | Mitigating controls |
| ----- | ----- | -----|
| MsAdmin@tenantDomain.onmicrosoft.com |
| Audited sign-ins |
-| MsAdminInt@tenantDomain.onmicrosoft.com |
|
|
+| MsAdminInt@tenantDomain.onmicrosoft.com |
|
|
| MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
## Microsoft Windows Update for Business
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
index 5ac998067b..f2217c4b0c 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
@@ -2,13 +2,13 @@
title: Roles and responsibilities
description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do
ms.date: 08/31/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
@@ -99,4 +99,4 @@ For more information and assistance with preparing for your Windows Autopatch de
| Review and respond to Windows Autopatch management alerts
| :heavy_check_mark: | :x: |
| [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |
| [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: |
-| Review the [What’s new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
+| Review the [What's new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
index c7695ea433..2633222ae7 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
@@ -2,13 +2,13 @@
title: Configure your network
description: This article details the network configurations needed for Windows Autopatch
ms.date: 09/15/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- tier2
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
index 95f0ed85fc..b24d784042 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
@@ -2,13 +2,13 @@
title: Enroll your tenant
description: This article details how to enroll your tenant
ms.date: 09/15/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
@@ -22,7 +22,7 @@ Before you enroll in Windows Autopatch, there are settings, and other parameters
> [!IMPORTANT]
> You must be a Global Administrator to enroll your tenant.
-The Readiness assessment tool, accessed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.
+The Readiness assessment tool, accessed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.
## Step 1: Review all prerequisites
@@ -69,7 +69,7 @@ The following are the Microsoft Entra settings:
### Check results
-For each check, the tool reports one of four possible results:
+For each check, the tool reports one of four possible results:
| Result | Meaning |
| ----- | ----- |
@@ -80,7 +80,7 @@ For each check, the tool reports one of four possible results:
## Step 3: Fix issues with your tenant
-If the Readiness assessment tool is displaying issues with your tenant, see [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) for more information on how to remediate.
+If the Readiness assessment tool is displaying issues with your tenant, see [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) for more information on how to remediate.
## Step 4: Enroll your tenant
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
index bc26753af7..c349ad620f 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
@@ -2,13 +2,13 @@
title: Submit a tenant enrollment support request
description: This article details how to submit a tenant enrollment support request
ms.date: 09/13/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- tier2
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
index f7a2045294..b2371addb0 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
@@ -2,13 +2,13 @@
title: Fix issues found by the Readiness assessment tool
description: This article details how to fix issues found by the Readiness assessment tool.
ms.date: 09/12/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index 94b4b293fd..c9728ea4ad 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -2,13 +2,13 @@
title: Prerequisites
description: This article details the prerequisites needed for Windows Autopatch
ms.date: 01/11/2024
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index be2b2ce1b9..13ccf4e8ec 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -2,13 +2,13 @@
title: Changes made at tenant enrollment
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
ms.date: 12/13/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
index 865f6c15c9..677faf730d 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
@@ -2,13 +2,13 @@
title: Conflicting configurations
description: This article explains how to remediate conflicting configurations affecting the Windows Autopatch service.
ms.date: 09/05/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: adnich
ms.collection:
- highpri
@@ -20,16 +20,16 @@ ms.collection:
> [!IMPORTANT]
> This feature is in **public preview**. The feature is being actively developed and might not be complete.
-During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state.
+During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state.
-Windows Autopatch monitors conflicting configurations. You’re notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it’s possible that other services write back the registry keys. It’s recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates.
+Windows Autopatch monitors conflicting configurations. You're notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it's possible that other services write back the registry keys. It's recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates.
The most common sources of conflicting configurations include:
- Active Directory Group Policy (GPO)
- Configuration Manager Device client settings
- Windows Update for Business (WUfB) policies
-- Manual registry updates
+- Manual registry updates
- Local Group Policy settings applied during imaging (LGPO)
## Registry keys inspected by Autopatch
@@ -47,22 +47,22 @@ Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed clients.
> [!IMPORTANT]
-> **It’s recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren’t managed by Windows Autopatch, be sure to target accordingly.
+> **It's recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren't managed by Windows Autopatch, be sure to target accordingly.
### Intune Remediation
-Navigate to Intune Remediations and create a remediation using the following examples. It’s recommended to create a single remediation per value to understand if the value persists after removal.
+Navigate to Intune Remediations and create a remediation using the following examples. It's recommended to create a single remediation per value to understand if the value persists after removal.
If you use either [**Detect**](#detect) and/or [**Remediate**](#remediate) actions, ensure to update the appropriate **Path** and **Value** called out in the Alert. For more information, see [Remediations](/mem/intune/fundamentals/remediations).
#### Detect
```powershell
-if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {
- Exit 1
-} else {
- exit 0
-}
+if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {
+ Exit 1
+} else {
+ exit 0
+}
```
| Alert details | Description |
@@ -73,9 +73,9 @@ if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PS
#### Remediate
```powershell
-if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {
- Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations"
-}
+if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {
+ Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations"
+}
```
| Alert details | Description |
@@ -97,7 +97,7 @@ Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpda
### Batch file
-Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. For more information, see [Using batch files: Scripting; Management Services](/previous-versions/windows/it-pro/windows-server-2003/cc758944(v=ws.10)?redirectedfrom=MSDN).
+Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service.
```cmd
@echo off
@@ -121,22 +121,22 @@ Windows Registry Editor Version 5.00
"DoNotConnectToWindowsUpdateInternetLocations"=-
"DisableWindowsUpdateAccess"=-
"WUServer"=-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=-
"NoAutoUpdate"=-
```
## Common sources of conflicting configurations
-The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn’t an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly.
+The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn't an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly.
### Group Policy management
-Group Policy management is the most popular client configuration tool in most organizations. For this reason, it’s most often the source of conflicting configurations. Use Result Set of Policy (RSOP) on an affected client can quickly identify if configured policies conflict with Windows Autopatch. For more information, see Use Resultant Set of Policy to Manage Group Policy.
+Group Policy management is the most popular client configuration tool in most organizations. For this reason, it's most often the source of conflicting configurations. Use Result Set of Policy (RSOP) on an affected client can quickly identify if configured policies conflict with Windows Autopatch. For more information, see Use Resultant Set of Policy to Manage Group Policy.
1. Launch an Elevated Command Prompt and enter `RSOP`.
1. Navigate to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**
-1. If a Policy **doesn’t exist** in Windows Update, then it appears to not be Group Policy.
+1. If a Policy **doesn't exist** in Windows Update, then it appears to not be Group Policy.
1. If a Policy **exists** in Windows Update is present, modify or limit the target of the conflicting policy to resolve the Alert.
1. If the **Policy name** is labeled **Local Group Policy**, these settings could have been applied during imaging or by Configuration Manager.
@@ -145,8 +145,8 @@ Group Policy management is the most popular client configuration tool in most or
Configuration Manager is a common enterprise management tool that, among many things, can help manage Windows Updates. For this reason, we see many environments misconfigured when moving to either a 100% cloud or co-managed workloads even when the workloads are configured correctly. The client settings are often missed. For more information, see [About client settings and software updates](/mem/configmgr/core/clients/deploy/about-client-settings#software-updates).
1. Go the **Microsoft Endpoint Configuration Manager Console**.
-1. Navigate to **Administration** > **Overview** > **Client Settings**.
-1. Ensure **Software Updates** isn’t configured. If configured, it’s recommended to remove these settings to prevent conflicts with Windows Autopatch.
+1. Navigate to **Administration** > **Overview** > **Client Settings**.
+1. Ensure **Software Updates** isn't configured. If configured, it's recommended to remove these settings to prevent conflicts with Windows Autopatch.
## Third-party solutions
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
index 21d90312fd..9edb3f3748 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
@@ -1,14 +1,14 @@
---
title: Driver and firmware updates for Windows Autopatch Public Preview Addendum
description: This article explains how driver and firmware updates are managed in Autopatch
-ms.date: 06/26/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.date: 06/26/2023
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
msreviewer: hathind
---
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
index 2534e971d5..c08d4cf821 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
@@ -2,13 +2,13 @@
title: Microsoft 365 Apps for enterprise update policies
description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
ms.date: 06/23/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- tier2
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
index e72d9e8042..5cbc58d63a 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
@@ -2,13 +2,13 @@
title: Windows update policies
description: This article explains Windows update policies in Windows Autopatch
ms.date: 09/02/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: adnich
ms.collection:
- tier2
@@ -20,7 +20,7 @@ ms.collection:
The following policies contain settings that apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
-**Modern Workplace Update Policy [ring name] – [Windows Autopatch]**
+**Modern Workplace Update Policy [ring name] - [Windows Autopatch]**
### Windows 10 and later update settings
@@ -52,12 +52,12 @@ The following policies contain settings that apply to both Windows quality and f
| Setting name | Test | First | Fast | Broad |
| ----- | ----- | ----- | ----- | ----- |
-| Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad |
+| Included groups | Modern Workplace Devices-Windows Autopatch-Test | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad |
| Excluded groups | None | None | None | None |
## Windows feature update policies
-The service deploys policies using Microsoft Intune to control how Windows feature updates are deployed to devices.
+The service deploys policies using Microsoft Intune to control how Windows feature updates are deployed to devices.
### Windows feature updates for Windows 10 and later
@@ -76,8 +76,8 @@ These policies control the minimum target version of Windows that a device is me
| Setting name | Test | First | Fast | Broad |
| ----- | ----- | ----- | ----- | ----- |
-| Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad |
-| Excluded groups | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices |
+| Included groups | Modern Workplace Devices-Windows Autopatch-Test | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad |
+| Excluded groups | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices |
#### Windows 11 testing
@@ -94,7 +94,7 @@ To allow customers to test Windows 11 in their environment, there's a separate D
| Setting name | Test |
| ----- | ----- |
-| Included groups | Modern Workplace – Windows 11 Pre-Release Test Devices |
+| Included groups | Modern Workplace - Windows 11 Pre-Release Test Devices |
| Excluded groups | None |
## Conflicting and unsupported policies
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index dc5d2ccde2..7bda20114c 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -2,13 +2,13 @@
title: What's new 2022
description: This article lists the 2022 feature releases and any corresponding Message center post numbers.
ms.date: 12/09/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: whats-new
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
---
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
index c47bb6418b..6c2340a5cb 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
@@ -1,14 +1,14 @@
---
title: What's new 2023
description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 12/14/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.date: 12/14/2023
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: whats-new
ms.localizationpriority: medium
-author: tiaraquan
+author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
@@ -34,7 +34,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| Message center post number | Description |
| ----- | ----- |
| [MC697414](https://admin.microsoft.com/adminportal/home#/MessageCenter) | New Feature: Alerts for Windows Autopatch policy conflicts Public Preview announcement |
-| [MC695483](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned Maintenance: Windows Autopatch configuration update – December 2023 |
+| [MC695483](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned Maintenance: Windows Autopatch configuration update - December 2023 |
## November service release
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
index 7e43e6554b..e450ef2a41 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
@@ -1,14 +1,14 @@
---
title: What's new 2024
description: This article lists the 2024 feature releases and any corresponding Message center post numbers.
-ms.date: 01/18/2024
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.date: 02/07/2024
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: whats-new
ms.localizationpriority: medium
-author: tiaraquan
+author: tiaraquan
ms.author: tiaraquan
-manager: dougeby
+manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
@@ -21,12 +21,22 @@ This article lists new and updated feature releases, and service releases, with
Minor corrections such as typos, style, or formatting issues aren't listed.
+## February 2024
+
+## February service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC713365](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned Maintenance: Service Improvements |
+
## January 2024
### January feature releases or updates
| Article | Description |
| ----- | ----- |
+| [Windows quality updates overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | Added [Import Update rings for Windows 10 and later](../operate/windows-autopatch-groups-windows-quality-update-overview.md#import-update-rings-for-windows-10-and-later-public-preview) |
+| [Windows quality updates overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective) | Updated the Service level objective, added the Service level objective calculation. |
| [Prerequisites](../prepare/windows-autopatch-prerequisites.md#more-about-licenses) | Added more E3 and E5 licenses to the [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses) section. |
## January service releases
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index b6ac225f0e..89a7b65ab6 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -4,10 +4,10 @@ description: Learn about the tools you can use to deploy Windows 10 and related
manager: aaroncz
ms.author: frankroj
author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.topic: article
ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Windows 10 deployment scenarios and tools
diff --git a/windows/deployment/windows-deployment-scenarios.md b/windows/deployment/windows-deployment-scenarios.md
new file mode 100644
index 0000000000..7666f71041
--- /dev/null
+++ b/windows/deployment/windows-deployment-scenarios.md
@@ -0,0 +1,205 @@
+---
+title: Windows deployment scenarios
+description: Understand the different ways Windows operating system can be deployed in an organization. Explore several Windows deployment scenarios.
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
+ms.service: windows-client
+ms.localizationpriority: medium
+ms.topic: article
+ms.date: 02/13/2024
+ms.subservice: itpro-deploy
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
+---
+
+# Windows deployment scenarios
+
+To successfully deploy the Windows operating system in an organization, it's important to understand the different ways that it can be deployed. Key tasks include choosing among these scenarios and understanding the capabilities and limitations of each.
+
+## Deployment categories
+
+The following tables summarize various Windows deployment scenarios. The scenarios are each assigned to one of three categories.
+
+- Modern deployment methods are recommended unless a specific need requires use of a different procedure. These methods are supported with existing tools such as Microsoft Configuration Manager.
+
+ > [!NOTE]
+ >
+ > Once Windows is deployed in an organization, it's important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows feature updates.
+
+- Dynamic deployment methods enable configuration of applications and settings for specific use cases.
+
+- Traditional deployment methods use existing tools to deploy operating system images.
+
+### Modern
+
+|Scenario|Description|More information|
+|--- |--- |--- |
+|[Windows Autopilot](#windows-autopilot)|Customize the out-of-box-experience (OOBE) for an organization, and deploy a new system with apps and settings already configured|[Overview of Windows Autopilot](/autopilot/windows-autopilot)|
+|[In-place upgrade](#in-place-upgrade)|Use Windows Setup to update the Windows version and migrate apps and settings. Rollback data is saved in Windows.old.|[Perform an in-place upgrade to Windows using Configuration Manager](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager)|
+
+### Dynamic
+
+|Scenario|Description|More information|
+|--- |--- |--- |
+|[Subscription Activation](#windows-subscription-activation)|Switch from Windows Pro to Enterprise when a subscribed user signs in.|[Windows Subscription Activation](windows-subscription-activation.md)|
+|[Microsoft Entra ID / MDM](#dynamic-provisioning)|The device is automatically joined to Microsoft Entra ID and configured by MDM.|[Microsoft Entra integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)|
+|[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)|
+
+### Traditional
+
+|Scenario|Description|More information|
+|--- |--- |--- |
+|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy Windows using PXE and Configuration Manager](/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)|
+|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows client with a currently supported version of Windows using Configuration Manager](/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)|
+|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows client with a currently supported version of Windows using Configuration Manager](/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)|
+
+> [!IMPORTANT]
+>
+> The Windows Autopilot and Subscription Activation scenarios require that the beginning OS is a currently supported version of Windows.
+>
+> Except for clean install scenarios such as traditional bare metal and Windows Autopilot, all the methods described can optionally migrate apps and settings to the new OS.
+
+## Modern deployment methods
+
+Modern deployment methods embrace both traditional on-premises and cloud services to deliver a streamlined and cost effective deployment experience.
+
+### Windows Autopilot
+
+Windows Autopilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows PCs. Windows Autopilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows PCs and provide end users with a fully configured new Windows device. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
+
+For more information about Windows Autopilot, see [Overview of Windows Autopilot](/autopilot/windows-autopilot) and [Modernizing Windows deployment with Windows Autopilot](https://techcommunity.microsoft.com/t5/windows-blog-archive/modernizing-windows-deployment-with-windows-autopilot/ba-p/167042).
+
+### In-place upgrade
+
+For existing computers running out of support versions of Windows, the recommended path for organizations deploying Windows is to perform an in-place upgrade. An in-place upgrade uses the Windows installation program (`Setup.exe`) to:
+
+- Automatically preserves all data, settings, applications, and drivers from the existing operating system version
+- Requires the least IT effort, because there's no need for any complex deployment infrastructure
+
+Although consumer PCs are upgraded using Windows Update, organizations want more control over the process. Control is accomplished by using tools like Microsoft Configuration Manager to completely automate the upgrade process through simple task sequences.
+
+The in-place upgrade process is designed to be reliable. An in-place upgrade has the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by using the automatically created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications don't need to be reinstalled as part of the process.
+
+Existing applications are preserved through the process. The upgrade process uses the standard Windows installation media image (Install.wim). Custom images not only aren't needed, but they also can't be used. Custom images can't be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. For example, Contoso Timecard 1.0 in Windows 10 and Contoso Timecard 3.0 in the Windows 11 image.
+
+Scenarios that support in-place upgrade with some other procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
+
+- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 doesn't require UEFI, so it works fine to upgrade a system using legacy BIOS emulation. After the upgrade, the system disk can be converted to a format that supports UEFI boot using the [MBR2GPT](./mbr-to-gpt.md) tool. [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk is converted, the firmware of the device must also be configured to boot in UEFI mode. Enabling UEFI also UEFI features such as Secure Boot to be enabled.
+
+> [!IMPORTANT]
+>
+> Performing an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS is only possible with Windows 10. Windows versions newer than Windows 10 only support UEFI-capable systems and don't support legacy BIOS or MBR.
+
+- **Non-Microsoft disk encryption software**: While devices encrypted with BitLocker can easily be upgraded, more work is necessary for non-Microsoft disk encryption tools. Some ISVs might provide instructions on how to integrate their software into the in-place upgrade process. Check with the ISV to see if they have instructions. The following articles provide details on how to provision encryption drivers for use during Windows Setup via the ReflectDrivers setting:
+
+ - [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
+ - [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options)
+
+There are some situations where an in-place upgrade can't be used. In these situations, use traditional deployment methods instead. Examples of these situations include:
+
+- Changing from an x86 version of Windows 10 to an x64 version of Windows. Versions of Windows newer than Windows 10 are only x64 and don't have an x86 version. The upgrade process can't change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
+
+- Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
+
+- Updating existing images. It can be tempting to try to upgrade existing Windows images to a newer version of Windows by installing the old image, upgrading it, and then recapturing the new Windows image. However, this scenario isn't supported. Preparing an upgraded OS via `Sysprep.exe` before capturing an image isn't supported and doesn't work. When `Sysprep.exe` detects the upgraded OS, it fails.
+
+- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS. If using dual-boot or multi-boot systems with multiple operating systems, then extra care should be taken. Dual-boot and multi-boot systems doesn't include using virtual machines for the second and subsequent operating systems.
+
+## Dynamic provisioning
+
+For new PCs, organizations historically replaced the version of Windows included on the device with their own custom Windows image. A custom image was used because a custom image was often faster and easier than using the preinstalled version. However, reimaging with a custom image is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows, it's now possible to avoid using custom images.
+
+The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
+
+### Windows Subscription Activation
+
+Windows Subscription Activation is a dynamic deployment method that enables changing the edition of Windows from Pro to Enterprise. Windows Subscription Activation requires no keys and no reboots. For more information about Subscription Activation, see [Windows Subscription Activation](windows-subscription-activation.md).
+
+### Microsoft Entra join with automatic mobile device management (MDM) enrollment
+
+In this scenario, the organization member just needs to provide their work or school user ID and password. The device can then be automatically joined to Microsoft Entra ID and enrolled in a mobile device management (MDM) solution with no other user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Microsoft Entra integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
+
+### Provisioning package configuration
+
+With the [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device. These packages can then be deployed to new PCs through various means, typically by IT professionals. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
+
+These scenarios can be used to enable "Bring Your Own Device" (BYOD) or "Choose Your Own Device" (CYOD) programs. With these programs, an organization's users can pick their own PC. They aren't restricted to a small list of approved or certified models. These programs are difficult to implement using traditional deployment scenarios.
+
+While Windows includes various provisioning settings and deployment mechanisms, provisioning settings and deployment mechanisms continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for more features through the Windows Feedback app or through their Microsoft Support contacts.
+
+## Traditional deployment
+
+In the past, organizations typically deployed Windows using an image-based process built on top of tools provided in:
+
+- [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md).
+- [Microsoft Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
+- Windows Deployment Services (WDS).
+- Microsoft Deployment Toolkit.
+
+Scenarios such as in-place upgrade and dynamic provisioning might reduce the need for traditional deployment capabilities in some organizations. However, traditional methods might still need to be used under certain circumstances.
+
+The traditional deployment scenario can be divided into different sub-scenarios. These sub-scenarios are explained in detail in the following sections, but the following list provides a brief summary:
+
+- **New computer**: A bare-metal deployment of a new device.
+- **Computer refresh**: A reinstall of the same device (with user-state migration and an optional full Windows Imaging (WIM) image backup).
+- **Computer replace**: A replacement of the old device with a new device (with user-state migration and an optional full WIM image backup).
+
+### New computer
+
+Also called a "bare metal" deployment. This scenario occurs when there's a device with no OS installed on it that needs to be deployed. This scenario can also be an existing device that needs to be wiped and redeployed without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). A full offline media that includes all the files needed for a client deployment can also be generated, allowing deployment without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
+
+The deployment process for the new device scenario is as follows:
+
+1. Start the setup from boot media (CD, USB, ISO, or PXE).
+
+1. Wipe the hard disk clean and create new volume(s).
+
+1. Install the operating system image.
+
+1. Install other applications (as part of the task sequence).
+
+After following these steps, the computer is ready for use.
+
+### Computer refresh
+
+A refresh is sometimes called wipe-and-load. The process is normally initiated in the running operating system. User data and settings are backed up and restored later as part of the deployment process. The target can be the same as for the new computer scenario.
+
+The deployment process for the wipe-and-load scenario is as follows:
+
+1. Start the setup on a running operating system.
+
+1. Save the user state locally.
+
+1. Wipe the hard disk clean (except for the folder containing the backup).
+
+1. Install the operating system image.
+
+1. Install other applications.
+
+1. Restore the user state.
+
+After following these steps, the device is ready for use.
+
+### Computer replace
+
+A computer replace is similar to the refresh scenario. However, since we're replacing the device, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
+
+The deployment process for the replace scenario is as follows:
+
+1. Save the user state (data and settings) on the server through a backup job on the running operating system.
+
+1. Deploy the new computer as a bare-metal deployment.
+
+ > [!NOTE]
+ >
+ > In some situations, the replace scenario can be used even if the target is the same device. For example, replace can be used if disk layout needs to be changed from master boot record (MBR) to GUID partition table (GPT). This conversion allows taking advantage of Unified Extensible Firmware Interface (UEFI) functionality.
+
+## Related articles
+
+- [Upgrade to Windows with Microsoft Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md).
+- [Deploy Windows using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md).
+- [Windows setup technical reference](/windows-hardware/manufacture/desktop/windows-setup-technical-reference).
+- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
+- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi).
diff --git a/windows/deployment/windows-enterprise-e3-overview.md b/windows/deployment/windows-enterprise-e3-overview.md
new file mode 100644
index 0000000000..9fea4d9fc8
--- /dev/null
+++ b/windows/deployment/windows-enterprise-e3-overview.md
@@ -0,0 +1,193 @@
+---
+title: Windows Enterprise E3 in CSP
+description: Describes Windows Enterprise E3, an offering that delivers, by subscription, the features of Windows Enterprise edition.
+ms.service: windows-client
+ms.localizationpriority: medium
+ms.date: 02/13/2024
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
+ms.topic: article
+ms.subservice: itpro-deploy
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
+---
+
+# Windows Enterprise E3 in CSP
+
+Windows Enterprise E3 in CSP delivers, by subscription, exclusive features reserved for Windows Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows Enterprise E3 in CSP provides a flexible, per-user subscription for small and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, the following prerequisites must be met:
+
+- A currently supported version of Windows, installed and activated, on the devices to be upgraded.
+- Microsoft Entra available for identity management.
+
+Moving from Windows Pro to Windows Enterprise is more easy than ever before with no keys and no reboots. After a user enters the Microsoft Entra credentials associated with a Windows Enterprise E3 license, the operating system turns from Windows Pro to Windows Enterprise, and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows Pro.
+
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows Enterprise to their users. Now, with Windows Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
+
+When Windows Enterprise E3 is purchased via a partner, the following benefits are included:
+
+- **Windows Enterprise edition**. Devices currently running Windows Pro can get Windows Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit doesn't include Long Term Service Branch (LTSB).
+- **Support from one to hundreds of users**. Although the Windows Enterprise E3 in CSP program doesn't have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+- **Deploy on up to five devices**. For each user covered by the license, Windows Enterprise edition can be deployed on up to five devices.
+- **Roll back to Windows Pro at any time**. When a user's subscription expires or is transferred to another user, the Windows Enterprise device reverts seamlessly to Windows Pro edition (after a grace period of up to 90 days).
+- **Monthly, per-user pricing model**. This model makes Windows Enterprise E3 affordable for organizations.
+- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing optimization of the licensing investment against changing needs.
+
+How does the Windows Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+
+- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
+- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
+
+ - **Deployment and management**. These benefits include planning services:
+ - Microsoft Desktop Optimization (MDOP).
+ - Windows Virtual Desktop Access Rights.
+ - Windows Roaming Use Rights.
+ - Other benefits.
+ - **Training**. These benefits include training vouchers, online e-learning, and a home use program.
+ - **Support**. These benefits include:
+ - 24x7 problem resolution support.
+ - Backup capabilities for disaster recovery.
+ - System Center Global Service Monitor.
+ - A passive secondary instance of SQL Server.
+ - **Specialized**. These benefits include step-up licensing availability, which enables migration of software from an earlier edition to a higher-level edition. It also spreads license and Software Assurance payments across three equal, annual sums.
+
+ In addition, in Windows Enterprise E3 in CSP, a partner can manage the licenses for an organization. With Software Assurance, the organization has to manager their own licenses.
+
+In summary, the Windows Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows Enterprise edition. Microsoft Volume Licensing programs and Software Assurance on the other hand are broader in scope and provide benefits beyond access to the Enterprise edition of Windows.
+
+## Compare Windows Pro and Enterprise editions
+
+Windows Enterprise edition has many features that are unavailable in Windows Pro. Table 1 lists some of the Windows Enterprise features not found in Windows Pro. Many of these features are security-related, whereas others enable finer-grained device management.
+
+### Table 1. Windows Enterprise features not found in Windows Pro
+
+|Feature|Description|
+|--- |--- |
+|Credential Guard|Credential Guard uses virtualization-based security to help protect security secrets so that only privileged system software can access them. Examples of security secrets that can be protected include NTLM password hashes and Kerberos Ticket Granting Tickets. This protection helps prevent Pass-the-Hash or Pass-the-Ticket attacks.
Credential Guard has the following features:
For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).
*Credential Guard requires
|
+|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, they're much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.
Device Guard protects in the following ways:
For more information, see [Introduction to Device Guard](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
+|AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
+|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users' devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.
For more information, see [Getting started with App-V for Windows client](/windows/application-management/app-v/appv-getting-started).|
+|User Experience Virtualization (UE-V)|With this feature, user-customized Windows and application settings can be captured and stored on a centrally managed network file share.
When users sign in, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they sign into.
UE-V provides the following features:
For more information, see [User Experience Virtualization (UE-V) overview](/windows/configuration/ue-v/uev-for-windows).|
+|Managed User Experience|This feature helps customize and lock down a Windows device's user interface to restrict it to a specific task. For example, a device can be configured for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. Access to services such as the Windows Store can also be restricted. For Windows 10, Start layout options can also be managed, such as:
For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy). |
+| Unbranded boot | Windows elements that appear when Windows starts or resumes can be suppressed. The crash screen when Windows encounters an error from which it can't recover can also be suppressed.
For more information on these settings, see [Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot). |
+| Custom Logon | The Custom Logon feature can be used to suppress Windows UI elements that relate to the Welcome screen and shutdown screen. For example, all elements of the Welcome screen UI can be suppressed and a custom logon UI can be provided. The Blocked Shutdown Resolver (BSDR) screen can also be suppressed and applications can be automatically ended while the OS waits for applications to close before a shutdown.
For more information on these settings, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon). |
+| Shell launcher | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.
For more information on these settings, see [Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher). |
+| Keyboard filter | Keyboard Filter can be used to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. These keyboard actions aren't desirable on devices intended for a dedicated purpose.
For more information on these settings, see [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter). |
+| Unified write filter | The Unified Write Filter (UWF) can be used on a device to help protect physical storage media, including most standard writable storage types supported by Windows, such as:
For more information on these settings, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter). |
+
+## Related articles
+
+- [Windows Enterprise Subscription Activation](windows-subscription-activation.md).
+- [Plan your Microsoft Entra hybrid join implementation](/entra/identity/devices/hybrid-join-plan).
+- [Compare Windows editions](https://www.microsoft.com/windows/business/windows-10-pro-vs-windows-11-pro).
+- [Windows for business](https://www.microsoft.com/windows/business).
diff --git a/windows/deployment/windows-subscription-activation.md b/windows/deployment/windows-subscription-activation.md
new file mode 100644
index 0000000000..539f012a42
--- /dev/null
+++ b/windows/deployment/windows-subscription-activation.md
@@ -0,0 +1,248 @@
+---
+title: Windows subscription activation
+description: Learn how to step up from Windows Pro to a Windows Enterprise subscription or from Windows Eduction Pro to a Windows Education subscription.
+ms.service: windows-client
+ms.subservice: itpro-fundamentals
+ms.localizationpriority: medium
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
+ms.collection:
+ - highpri
+ - tier2
+ms.topic: concept-article
+zone_pivot_groups: windows-versions-11-10
+ms.date: 03/04/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
+---
+
+# Windows subscription activation
+
+The subscription activation feature enables a "step-up" from Windows Pro edition to Enterprise edition or from Windows Pro Education edition to Education edition. This feature can be used with a subscription to Windows Enterprise E3 or E5 licenses.
+
+> [!TIP]
+>
+> Windows Pro Education is analogous to Windows Pro, while Windows Education is analogous to Windows Enterprise. In other words, Windows Education is a step-up from Windows Pro Education, similar to how Windows Enterprise is a step-up from Windows Pro.
+
+The subscription activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later:
+
+- Standing up on-premises key management services such as KMS or MAK based activation.
+- Entering Generic Volume License Keys (GVLKs).
+- Rebooting client devices.
+
+For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
+
+## Subscription activation for Enterprise
+
+Windows Enterprise E3 and E5 are available as online services via subscription. Windows Enterprise can be deployed in an organization without keys and reboots.
+
+- Devices with a current Windows Pro edition license can be seamlessly upgraded to Windows Enterprise.
+- Product key-based Windows Enterprise software licenses can be transitioned to Windows Enterprise subscriptions.
+
+Organizations that have an enterprise agreement can also benefit from the service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Microsoft Entra ID using [Microsoft Entra Connect Sync](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
+
+> [!NOTE]
+>
+> Subscription activation is available for qualifying devices running currently supported versions of Windows. Subscription activation can't be used to upgrade to a newer version of Windows.
+
+### Adding Conditional Access policy
+
+Organizations that use the Subscription Activation feature to enable users to "step-up" from one version of Windows to another and use Conditional Access policies to control access need to exclude one of the following cloud apps from their Conditional Access policies using **Select Excluded Cloud Apps**:
+
+- [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
+
+- [Windows Store for Business, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications).
+
+Although the app ID is the same in both instances, the name of the cloud app depends on the tenant.
+
+For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
+
+
+
+When a device has been offline for an extended period of time, the device might not reactivate automatically if this Conditional Access exclusion isn't in place. Setting this Conditional Access exclusion ensures that Subscription Activation continues to work seamlessly.
+
+Starting with Windows 11, version 23H2 with [KB5034848](https://support.microsoft.com/help/5034848) or later, users are prompted for authentication with a toast notification when Subscription Activation needs to reactivate. The toast notification will show the following message:
+
+> **Your account requires authentication**
+>
+> **Please sign in to your work or school account to verify your information.**
+
+Additionally, in the [**Activation**](ms-settings:activation) pane, the following message might appear:
+
+> **Please sign in to your work or school account to verify your information.**
+
+The prompt for authentication usually occurs when a device has been offline for an extended period of time. This change eliminates the need for an exclusion in the Conditional Access policy for Windows 11, version 23H2 with [KB5034848](https://support.microsoft.com/help/5034848) or later. A Conditional Access policy can still be used with Windows 11, version 23H2 with [KB5034848](https://support.microsoft.com/help/5034848) or later if the prompt for user authentication via a toast notification isn't desired.
+
+## Subscription activation for Education
+
+Subscription activation for Education works the same as the Enterprise edition. However, in order to use subscription activation for Education, the device must have Windows Pro Education and an active subscription plan with an Enterprise license. For more information, see the [requirements](#windows-education-requirements) section.
+
+## Inherited activation
+
+Inherited activation allows Windows virtual machines to inherit activation state from their Windows client host. When a user with a Windows E3/E5 or A3/A5 license assigned creates a new Windows virtual machine (VM) using a Windows host, the VM inherits the activation state from a host machine. This behavior is independent of whether the user signs on with a local account or uses a Microsoft Entra account on a VM.
+
+To support inherited activation, both the host computer and the VM must be running a currently supported version of Windows. The hypervisor platform must also be Windows Hyper-V.
+
+## Requirements
+
+### Windows Enterprise requirements
+
+For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), the following requirements must be met:
+
+- A supported version of Windows Pro or Enterprise edition installed on the devices to be upgraded.
+- Microsoft Entra available for identity management.
+- Devices must be Microsoft Entra joined or Microsoft Entra hybrid joined. Workgroup-joined or Microsoft Entra registered devices aren't supported.
+
+For Microsoft customers that don't have EA or MPSA, Windows Enterprise E3/E5 or A3/A5 licenses can be obtained through a cloud solution provider (CSP). Identity management and device requirements are the same when using CSP to manage licenses. For more information about getting Windows Enterprise E3 through a CSP, see [Windows Enterprise E3 in CSP](windows-enterprise-e3-overview.md).
+
+> [!NOTE]
+>
+> These requirements don't apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only. Azure KMS supports workgroup, hybrid, and Microsoft Entra joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure virtual machines](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
+
+> [!IMPORTANT]
+>
+> As of October 1, 2022, subscription activation is available for *commercial* and *GCC* tenants. It's currently not available on GCC High or DoD tenants. For more information, see [Enable subscription activation with an existing EA](deploy-enterprise-licenses.md#enable-subscription-activation-with-an-existing-ea).
+
+### Windows Education requirements
+
+- A supported version of Windows Pro Education installed on the devices to be upgraded.
+
+::: zone pivot="windows-11"
+
+- A device with a Windows Pro Education digital license. This information can be confirmed in the [**Activation**](ms-settings:activation)pane of the **Settings** app under **Settings > System > Activation**.
+
+::: zone-end
+
+::: zone pivot="windows-10"
+
+- A device with a Windows Pro Education digital license. This information can be confirmed in the [**Activation**](ms-settings:activation)pane of the **Settings** app under **Settings > Update & Security > Activation**.
+
+::: zone-end
+
+- The Education tenant must have an active subscription to Microsoft 365 with a Windows Enterprise license, or a Windows Enterprise or Education subscription.
+
+- Devices must be Microsoft Entra joined or Microsoft Entra hybrid joined. Workgroup-joined or Microsoft Entra registered devices aren't supported.
+
+> [!IMPORTANT]
+>
+> If Windows Pro is converted to Windows Pro Education, then subscription activation doesn't work. The device needs to be reimaged to Windows Pro Education for subscription activation to work. Alternatively, reimage the device directly to Windows Education.
+
+## Benefits
+
+With Windows Enterprise or Education editions, an organization can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Education or Enterprise editions to their users. With Windows Enterprise E3/E5 or A3/A5 being available as an online service, it's available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows features.
+
+To compare Windows editions and review pricing, see the following sites:
+
+- [Compare Windows editions](https://www.microsoft.com/en-us/windows/business/windows-10-pro-vs-windows-11-pro)
+
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp#devicetenantid
+[CSP-2]: /windows/client-management/mdm/passportforwork-csp
+[ENTRA-2]: /entra/fundamentals/how-to-find-tenant
+[MEM-1]: /mem/intune/configuration/settings-catalog
+[MEM-2]: /mem/intune/protect/security-baselines
+[MEM-3]: /mem/intune/configuration/custom-settings-configure
+[MEM-4]: /windows/client-management/mdm/passportforwork-csp
+[MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy
+[MEM-6]: /mem/intune/protect/identity-protection-configure
diff --git a/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md b/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md
new file mode 100644
index 0000000000..475b2dc597
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md
@@ -0,0 +1,117 @@
+---
+title: Windows Hello for Business cloud-only deployment guide
+description: Learn how to deploy Windows Hello for Business in a cloud-only deployment scenario.
+ms.date: 01/03/2024
+ms.topic: how-to
+---
+
+# Cloud-only deployment guide
+
+[!INCLUDE [apply-to-cloud](includes/apply-to-cloud.md)]
+
+[!INCLUDE [requirements](includes/requirements.md)]
+
+> [!div class="checklist"]
+>
+> - [Authentication](index.md#authentication-to-microsoft-entra-id)
+> - [Device configuration](index.md#device-configuration-options)
+> - [Licensing for cloud services](index.md#licensing-for-cloud-services-requirements)
+> - [Prepare users to use Windows Hello](prepare-users.md)
+
+## Deployment steps
+
+> [!div class="checklist"]
+> Once the prerequisites are met, deploying Windows Hello for Business consists of the following steps:
+>
+> - [Configure Windows Hello for Business policy settings](#configure-windows-hello-for-business-policy-settings)
+> - [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business)
+
+## Configure Windows Hello for Business policy settings
+
+When you Microsoft Entra join a device, the system attempts to automatically enroll you in Windows Hello for Business. If you want to use Windows Hello for Business in a cloud-only environment with its default settings, there's no extra configuration needed.
+
+Cloud-only deployments use Microsoft Entra multifactor authentication (MFA) during Windows Hello for Business enrollment, and there's no other MFA configuration needed. If you aren't already registered in MFA, you're guided through the MFA registration as part of the Windows Hello for Business enrollment process.
+
+Policy settings can be configured to control the behavior of Windows Hello for Business, via configuration service provider (CSP) or group policy (GPO). In cloud-only deployments, devices are
+typically configured via an MDM solution like Microsoft Intune, using the [PassportForWork CSP][WIN-1].
+
+> [!NOTE]
+> Review the article [Configure Windows Hello for Business using Microsoft Intune](../configure.md#configure-windows-hello-for-business-using-microsoft-intune) to learn about the different options offered by Microsoft Intune to configure Windows Hello for Business.
+
+If the Intune tenant-wide policy is configured to *disable Windows Hello for Business*, or if devices are deployed with Windows Hello disabled, you must configure one policy setting to enable Windows Hello for Business:
+
+- [Use Windows Hello for Business](../policy-settings.md#use-windows-hello-for-business)
+
+Another optional, but recommended, policy setting is:
+
+- [Use a hardware security device](../policy-settings.md#use-a-hardware-security-device)
+
+Follow the instructions below to configure your devices using either Microsoft Intune or group policy (GPO).
+
+# [:::image type="icon" source="images/intune.svg"::: **Intune/CSP**](#tab/intune)
+
+[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| **Windows Hello for Business** | Use Passport For Work | true |
+| **Windows Hello for Business** | Require Security Device | true |
+
+[!INCLUDE [intune-settings-catalog-2](../../../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][MEM-1] with the [PassportForWork CSP][CSP-1].
+
+| Setting |
+|--------|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UsePassportForWork`
- **Data type:** `bool`
- **Value:** `True`|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/RequireSecurityDevice`
- **Data type:** `bool`
- **Value:** `True`|
+
+# [:::image type="icon" source="images/group-policy.svg"::: **GPO**](#tab/gpo)
+
+To configure a device with group policy, use the [Local Group Policy Editor](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731745(v=ws.10)).
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**
or
**User Configuration\Administrative Templates\Windows Components\Windows Hello for Business**|Use Windows Hello for Business| **Enabled**|
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business** |Use a hardware security device| **Enabled**|
+
+---
+
+> [!TIP]
+> If you're using Microsoft Intune, and you're not using the [tenant-wide policy](../configure.md#verify-the-tenant-wide-policy), enable the Enrollment Status Page (ESP) to ensure that the devices receive the Windows Hello for Business policy settings before users can access their desktop. For more information about ESP, see [Set up the Enrollment Status Page][MEM-1].
+
+More policy settings can be configured to control the behavior of Windows Hello for Business. For more information, see [Windows Hello for Business policy settings](../policy-settings.md).
+
+## Enroll in Windows Hello for Business
+
+The Windows Hello for Business provisioning process begins immediately after a user signs in, if certain prerequisite checks are passed.
+
+### User experience
+
+[!INCLUDE [user-experience](includes/user-experience.md)]
+
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=36dc8679-0fcc-4abf-868d-97ec8b749da7 alt-text="Video showing the Windows Hello for Business enrollment steps after signing in with a password."]
+
+### Sequence diagrams
+
+To better understand the provisioning flows, review the following sequence diagrams based on the authentication type:
+
+- [Provisioning for Microsoft Entra joined devices with managed authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-managed-authentication)
+- [Provisioning for Microsoft Entra joined devices with federated authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-federated-authentication)
+
+To better understand the authentication flows, review the following sequence diagram:
+
+- [Microsoft Entra join authentication to Microsoft Entra ID](../how-it-works-authentication.md#microsoft-entra-join-authentication-to-microsoft-entra-id)
+
+## Disable automatic enrollment
+
+If you want to disable the automatic Windows Hello for Business enrollment, you can configure your devices with a policy setting or registry key. For more information, see [Disable Windows Hello for Business enrollment](../configure.md#disable-windows-hello-for-business-enrollment).
+
+> [!NOTE]
+> During the out-of-box experience (OOBE) flow of a Microsoft Entra join, you are guided to enroll in Windows Hello for Business when you don't have Intune. You can cancel the PIN screen and access the desktop without enrolling in Windows Hello for Business.
+
+
+
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp
+[MEM-1]: /mem/intune/enrollment/windows-enrollment-status
+[WIN-1]: /windows/client-management/mdm/passportforwork-csp
diff --git a/windows/security/identity-protection/hello-for-business/deploy/cloud.md b/windows/security/identity-protection/hello-for-business/deploy/cloud.md
deleted file mode 100644
index ca409fc0b7..0000000000
--- a/windows/security/identity-protection/hello-for-business/deploy/cloud.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-title: Windows Hello for Business cloud-only deployment
-description: Learn how to configure Windows Hello for Business in a cloud-only deployment scenario.
-ms.date: 10/03/2023
-ms.topic: how-to
----
-# Cloud-only deployment
-
-[!INCLUDE [apply-to-cloud](includes/apply-to-cloud.md)]
-
-## Introduction
-
-When you Microsoft Entra join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in a cloud-only environment, there's no additional configuration needed.
-
-You may wish to disable the automatic Windows Hello for Business enrollment prompts if you aren't ready to use it in your environment. This article describes how to disable Windows Hello for Business enrollment in a cloud only environment.
-
-> [!NOTE]
-> During the out-of-box experience (OOBE) flow of a Microsoft Entra join, you will see a provisioning PIN when you don't have Intune. You can always cancel the PIN screen and set this cancellation with registry keys to prevent future prompts.
-
-## Prerequisites
-
-Cloud only deployments will use Microsoft Entra multifactor authentication (MFA) during Windows Hello for Business enrollment, and there's no additional MFA configuration needed. If you aren't already registered in MFA, you'll be guided through the MFA registration as part of the Windows Hello for Business enrollment process.
-
-The necessary Windows Hello for Business prerequisites are located at [Cloud Only Deployment](requirements.md#azure-ad-cloud-only-deployment).
-
-It's possible for federated domains to configure the *FederatedIdpMfaBehavior* flag. The flag instructs Microsoft Entra ID to accept, enforce, or reject the MFA challenge from the federated IdP. For more information, see [federatedIdpMfaBehavior values](/graph/api/resources/internaldomainfederation#federatedidpmfabehavior-values). To check this setting, use the following PowerShell command:
-
-```powershell
-Connect-MgGraph
-$DomainId = "
or
**User Configuration\Administrative Templates\Windows Components\Windows Hello for Business** |Use Windows Hello for Business| **Enabled**|
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**
or
**User Configuration\Administrative Templates\Windows Components\Windows Hello for Business**|Use certificate for on-premises authentication| **Enabled**|
+| **Computer Configuration\Windows Settings\Security Settings\Public Key Policies**
or
**User Configuration\Windows Settings\Security Settings\Public Key Policies** |Certificate Services Client - Auto-Enrollment| - Select **Enabled** from the **Configuration Model**
- Select the **Renew expired certificates, update pending certificates, and remove revoked certificates**
- Select **Update certificates that use certificate templates**|
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business** |Use a hardware security device| **Enabled**|
> [!NOTE]
-> Windows Hello for Business can be configured using different policies. These policies are optional to configure, but it's recommended to enable *Use a hardware security device*.
->
-> For more information about these policies, see [Group Policy settings for Windows Hello for Business](../hello-manage-in-organization.md#group-policy-settings-for-windows-hello-for-business).
+> The enablement of the *Use a hardware security device* policy setting is optional, but recommended.
-### Configure security for GPO
+[!INCLUDE [gpo-settings-2](../../../../../includes/configure/gpo-settings-2.md)]
-The best way to deploy the Windows Hello for Business GPO is to use security group filtering. Only members of the targeted security group will provision Windows Hello for Business, enabling a phased rollout.
+> [!TIP]
+> The best way to deploy the Windows Hello for Business GPO is to use security group filtering. Only members of the targeted security group will provision Windows Hello for Business, enabling a phased rollout. This solution allows linking the GPO to the domain, ensuring the GPO is scoped to all security principals. The security group filtering ensures that only the members of the global group receive and apply the GPO, which results in the provisioning of Windows Hello for Business.
-1. Start the **Group Policy Management Console** (gpmc.msc)
-1. Expand the domain and select the **Group Policy Object** node in the navigation pane
-1. Open the **Enable Windows Hello for Business** GPO
-1. In the **Security Filtering** section of the content pane, select **Add**. Type the name of the security group you previously created (for example, *Windows Hello for Business Users*) and select **OK**
-1. Select the **Delegation** tab. Select **Authenticated Users > Advanced**
-1. In the **Group or User names** list, select **Authenticated Users**. In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Select **OK**
-
-### Deploy the Windows Hello for Business Group Policy object
-
-The application of Group Policy object uses security group filtering. This solution allows linking the GPO to the domain, ensuring the GPO is scoped to all users. The security group filtering ensures that only the members of the *Windows Hello for Business Users* global group receive and apply the GPO, which results in the provisioning of Windows Hello for Business.
-
-1. Start the **Group Policy Management Console** (gpmc.msc)
-1. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO**
-1. In the **Select GPO** dialog box, select *Enable Windows Hello for Business* or the name of the Windows Hello for Business Group Policy object you previously created and select **OK**
-
-### Add members to the targeted group
-
-Users (or devices) must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business. You can provide users with these settings and permissions by adding members to the *Windows Hello for Business Users* group. Users and groups who aren't members of this group won't attempt to enroll for Windows Hello for Business.
-
-# [:::image type="icon" source="images/intune.svg"::: **Intune**](#tab/intune)
-
-## Configure Windows Hello for Business using Microsoft Intune
+# [:::image type="icon" source="images/intune.svg"::: **Intune/CSP**](#tab/intune)
> [!IMPORTANT]
> The information in this section applies to Microsoft Entra joined devices managed by Intune. Before proceeding, ensure that you completed the steps described in:
@@ -106,99 +64,77 @@ Users (or devices) must receive the Windows Hello for Business group policy sett
> - [Configure single sign-on for Microsoft Entra joined devices](../hello-hybrid-aadj-sso.md)
> - [Using Certificates for AADJ On-premises Single-sign On](../hello-hybrid-aadj-sso-cert.md)
-For Microsoft Entra joined devices enrolled in Intune, you can use Intune policies to manage Windows Hello for Business.
+> [!NOTE]
+> Review the article [Configure Windows Hello for Business using Microsoft Intune](../configure.md#configure-windows-hello-for-business-using-microsoft-intune) to learn about the different options offered by Microsoft Intune to configure Windows Hello for Business.
-There are different ways to enable and configure Windows Hello for Business in Intune:
+If the Intune tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business).
-- Using a policy applied at the tenant level. The tenant policy:
- - Is only applied at enrollment time, and any changes to its configuration won't apply to devices already enrolled in Intune
- - It applies to *all devices* getting enrolled in Intune. For this reason, the policy is usually disabled and Windows Hello for Business is enabled using a policy targeted to a security group
-- A device configuration policy that is applied *after* device enrollment. Any changes to the policy will be applied to the devices during regular policy refresh intervals. Choose from the following policy types:
- - [Settings catalog][MEM-1]
- - [Security baselines][MEM-2]
- - [Custom policy][MEM-3], via the [PassportForWork CSP][MEM-4]
- - [Account protection policy][MEM-5]
- - [Identity protection policy template][MEM-6]
+[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
-### Verify the tenant-wide policy
+| Category | Setting name | Value |
+|--|--|--|
+| **Windows Hello for Business** | Use Passport For Work | true |
+| **Windows Hello for Business** | Use Certificate For On Prem Auth | Enabled |
+| **Windows Hello for Business** | Require Security Device | true |
-To check the Windows Hello for Business policy applied at enrollment time:
+[!INCLUDE [intune-settings-catalog-2](../../../../../includes/configure/intune-settings-catalog-2.md)]
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** > **Windows** > **Windows Enrollment**
-1. Select **Windows Hello for Business**
-1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured
+Alternatively, you can configure devices using a [custom policy][MEM-1] with the [PassportForWork CSP][CSP-1].
-:::image type="content" source="images/whfb-intune-disable.png" alt-text="Screenshot that shows disablement of Windows Hello for Business from Microsoft Intune admin center." lightbox="images/whfb-intune-disable.png":::
+| Setting |
+|--------|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UsePassportForWork`
- **Data type:** `bool`
- **Value:** `True`|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UseCertificateForOnPremAuth`
- **Data type:** `bool`
- **Value:** `True`|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/RequireSecurityDevice`
- **Data type:** `bool`
- **Value:** `True`|
-If the tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
-
-### Enable and configure Windows Hello for Business
-
-To configure Windows Hello for Business using an *account protection* policy:
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Endpoint security** > **Account protection**
-1. Select **+ Create Policy**
-1. For *Platform**, select **Windows 10 and later** and for *Profile* select **Account protection**
-1. Select **Create**
-1. Specify a **Name** and, optionally, a **Description** > **Next**
-1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available
- - These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes**
- - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business)
-1. Under *Enable to certificate for on-premises resources*, select **YES**
-1. Select **Next**
-1. Optionally, add *scope tags* > **Next**
-1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
-1. Review the policy configuration and select **Create**
-
-:::image type="content" source="images/whfb-intune-account-protection-cert-enable.png" alt-text="Screenshot that shows enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-cert-enable.png":::
+For more information about the certificate trust policy, see [Windows Hello for Business policy settings](../policy-settings.md#use-certificate-for-on-premises-authentication).
---
+If you deploy Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings take precedence, and Intune settings are ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources)
+
+More policy settings can be configured to control the behavior of Windows Hello for Business. For more information, see [Windows Hello for Business policy settings](../policy-settings.md).
+
## Enroll in Windows Hello for Business
The Windows Hello for Business provisioning process begins immediately after the user profile is loaded and before the user receives their desktop. For the provisioning process to begin, all prerequisite checks must pass.
You can determine the status of the prerequisite checks by viewing the **User Device Registration** admin log under **Applications and Services Logs > Microsoft > Windows**.\
-This information is also available using the `dsregcmd /status` command from a console. For more information, see [dsregcmd][AZ-4].
+This information is also available using the `dsregcmd.exe /status` command from a console. For more information, see [dsregcmd][AZ-4].
-### PIN Setup
+### User experience
-This is the process that occurs after a user signs in, to enroll in Windows Hello for Business:
+[!INCLUDE [user-experience](includes/user-experience.md)]
-1. The user is prompted with a full screen page to use Windows Hello with the organization account. The user selects **OK**
-1. The provisioning flow proceeds to the multi-factor authentication portion of the enrollment. Provisioning informs the user that it's actively attempting to contact the user through their configured form of MFA. The provisioning process doesn't proceed until authentication succeeds, fails or times out. A failed or timeout MFA results in an error and asks the user to retry
-1. After a successful MFA, the provisioning flow asks the user to create and validate a PIN. This PIN must observe any PIN complexity policies configured on the device
-1. The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Microsoft Entra ID to register the public key. When key registration completes, Windows Hello for Business provisioning informs the user they can use their PIN to sign-in. The user may close the provisioning application and see their desktop. While the user has completed provisioning, Microsoft Entra Connect synchronizes the user's key to Active Directory
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=36dc8679-0fcc-4abf-868d-97ec8b749da7 alt-text="Video showing the Windows Hello for Business enrollment steps after signing in with a password."]
-:::image type="content" source="images/haadj-whfb-pin-provisioning.gif" alt-text="Screenshot that shows animation showing a user logging on to an HAADJ device with a password, and being prompted to enroll in Windows Hello for Business.":::
-
-> [!IMPORTANT]
-> The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).
->
-> The minimum time needed to synchronize the user's public key from Microsoft Entra ID to the on-premises Active Directory is 30 minutes. The Microsoft Entra Connect scheduler controls the synchronization interval.
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
-> Read [Microsoft Entra Connect Sync: Scheduler](/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
->
-> [!NOTE]
-> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Microsoft Entra Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completing the provisioning. The update needs to be installed on the federation servers.
-
-After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate. Windows send the certificate request to the AD FS server for certificate enrollment.
+After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate. Windows sends the certificate request to the AD FS server for certificate enrollment.
The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
> [!NOTE]
-> In order for AD FS to verify the key used in the certificate request, it needs to be able to access the ```https://enterpriseregistration.windows.net``` endpoint.
+> In order for AD FS to verify the key used in the certificate request, it needs to be able to access the `https://enterpriseregistration.windows.net` endpoint.
-The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user's certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center.
+The CA validates that the certificate is signed by the registration authority. On successful validation, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user's certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Action Center.
+
+> [!NOTE]
+> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users don't need to wait for Microsoft Entra Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completing the provisioning. The update needs to be installed on the federation servers.
+
+### Sequence diagrams
+
+To better understand the provisioning flows, review the following sequence diagrams based on the device join and authentication type:
+
+- [Provisioning for Microsoft Entra joined devices with managed authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-managed-authentication)
+- [Provisioning for Microsoft Entra joined devices with federated authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-federated-authentication)
+- [Provisioning in a hybrid certificate trust deployment model with federated authentication](../how-it-works-provisioning.md#provisioning-in-a-hybrid-certificate-trust-deployment-model-with-federated-authentication)
+
+To better understand the authentication flows, review the following sequence diagram:
+
+- [Microsoft Entra join authentication to Active Directory using a certificate](../how-it-works-authentication.md#microsoft-entra-join-authentication-to-active-directory-using-a-certificate)
+- [Microsoft Entra hybrid join authentication using a certificate](../how-it-works-authentication.md#microsoft-entra-hybrid-join-authentication-using-a-certificate)
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
-[MEM-1]: /mem/intune/configuration/settings-catalog
-[MEM-2]: /mem/intune/protect/security-baselines
-[MEM-3]: /mem/intune/configuration/custom-settings-configure
-[MEM-4]: /windows/client-management/mdm/passportforwork-csp
-[MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy
-[MEM-6]: /mem/intune/protect/identity-protection-configure
+[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp
+[MEM-1]: /mem/intune/configuration/custom-settings-configure
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
index 7ff5c70e48..85dd13860f 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
@@ -1,20 +1,15 @@
---
title: Configure and validate the PKI in an hybrid certificate trust model
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
-ms.date: 12/15/2023
-appliesto:
-- ✅ Windows 11
-- ✅ Windows 10
-- ✅ Windows Server 2022
-- ✅ Windows Server 2019
-- ✅ Windows Server 2016
+ms.date: 01/03/2024
ms.topic: tutorial
---
+
# Configure and validate the PKI in a hybrid certificate trust model
[!INCLUDE [apply-to-hybrid-cert-trust](includes/apply-to-hybrid-cert-trust.md)]
-Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
+Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *certificate trust* models. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
Hybrid certificate trust deployments issue users a sign-in certificate, enabling them to authenticate to Active Directory using Windows Hello for Business credentials. Additionally, hybrid certificate trust deployments issue certificates to registration authorities to provide defense-in-depth security when issuing user authentication certificates.
@@ -22,22 +17,15 @@ Hybrid certificate trust deployments issue users a sign-in certificate, enabling
## Configure the enterprise PKI
-[!INCLUDE [dc-certificate-template](includes/dc-certificate-template.md)]
+[!INCLUDE [dc-certificate-template](includes/certificate-template-dc.md)]
-> [!NOTE]
-> Inclusion of the *KDC Authentication* OID in domain controller certificate is not required for Microsoft Entra hybrid joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Microsoft Entra joined devices.
-
-> [!IMPORTANT]
-> For Microsoft Entra joined devices to authenticate to on-premises resources, ensure to:
->
-> - Install the root CA certificate in the device's trusted root certificate store. See [how to deploy a trusted certificate profile](/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) via Intune
-> - Publish your certificate revocation list to a location that is available to Microsoft Entra joined devices, such as a web-based URL
+[!INCLUDE [dc-certificate-template-dc-hybrid-notes](includes/certificate-template-dc-hybrid-notes.md)]
[!INCLUDE [dc-certificate-template-supersede](includes/dc-certificate-supersede.md)]
-[!INCLUDE [enrollment-agent-certificate-template](includes/enrollment-agent-certificate-template.md)]
+[!INCLUDE [enrollment-agent-certificate-template](includes/certificate-template-enrollment-agent.md)]
-[!INCLUDE [auth-certificate-template](includes/auth-certificate-template.md)]
+[!INCLUDE [auth-certificate-template](includes/certificate-template-auth.md)]
[!INCLUDE [unpublish-superseded-templates](includes/unpublish-superseded-templates.md)]
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
index a9d49ebfec..3fcb86b928 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
@@ -1,74 +1,51 @@
---
-title: Windows Hello for Business hybrid certificate trust deployment
+title: Windows Hello for Business hybrid certificate trust deployment guide
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
-ms.date: 12/15/2023
-appliesto:
-- ✅ Windows 11
-- ✅ Windows 10
-- ✅ Windows Server 2022
-- ✅ Windows Server 2019
-- ✅ Windows Server 2016
+ms.date: 01/03/2024
ms.topic: tutorial
---
-# Hybrid certificate trust deployment
+# Hybrid certificate trust deployment guide
[!INCLUDE [apply-to-hybrid-cert-trust](includes/apply-to-hybrid-cert-trust.md)]
-Hybrid environments are distributed systems that enable organizations to use on-premises and Microsoft Entra protected resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication and single sign-on to modern resources.
-
-This deployment guide describes how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
-
> [!IMPORTANT]
> Windows Hello for Business *cloud Kerberos trust* is the recommended deployment model when compared to the *key trust model*. It is also the recommended deployment model if you don't need to deploy certificates to the end users. For more information, see [cloud Kerberos trust deployment](hybrid-cloud-kerberos-trust.md).
-It's recommended that you review the [Windows Hello for Business planning guide](../hello-planning-guide.md) prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions.
-
-## Prerequisites
+[!INCLUDE [requirements](includes/requirements.md)]
> [!div class="checklist"]
-> The following prerequisites must be met for a hybrid certificate trust deployment:
>
-> - Directories and directory synchronization
-> - Federated authentication to Microsoft Entra ID
-> - Device registration
-> - Public Key Infrastructure
-> - Multifactor authentication
-> - Device management
+> - [Public Key Infrastructure](index.md#pki-requirements)
+> - [Authentication](index.md#authentication-to-microsoft-entra-id)
+> - [Device configuration](index.md#device-configuration-options)
+> - [Licensing for cloud services](index.md#licensing-for-cloud-services-requirements)
+> - [Prepare users to use Windows Hello](prepare-users.md)
-### Directories and directory synchronization
+## Deployment steps
-Hybrid Windows Hello for Business needs two directories:
+> [!div class="checklist"]
+> Once the prerequisites are met, deploying Windows Hello for Business consists of the following steps:
+>
+> - [Configure and validate the Public Key Infrastructure](hybrid-cert-trust-pki.md)
+> - [Configure Active Directory Federation Services](hybrid-cert-trust-adfs.md)
+> - [Configure and enroll in Windows Hello for Business](hybrid-cert-trust-enroll.md)
+> - (optional) [Configure single sign-on for Microsoft Entra joined devices](../hello-hybrid-aadj-sso.md)
-- An on-premises Active Directory
-- A Microsoft Entra tenant with a Microsoft Entra ID P1 or P2 subscription
+## Federated authentication to Microsoft Entra ID
-The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Microsoft Entra ID.
-The hybrid-certificate trust deployment needs a *Microsoft Entra ID P1 or P2* subscription because it uses the device write-back synchronization feature.
-
-> [!NOTE]
-> Windows Hello for Business hybrid certificate trust is not supported if the users' on-premises UPN suffix cannot be added as a verified domain in Microsoft Entra ID.
-
-> [!IMPORTANT]
-> Windows Hello for Business is tied between a user and a device. Both the user and device object must be synchronized between Microsoft Entra ID and Active Directory.
-
-### Federated authentication to Microsoft Entra ID
-
-Windows Hello for Business hybrid certificate trust doesn't support Microsoft Entra ID *Pass-through Authentication* (PTA) or *password hash sync* (PHS).\
-Windows Hello for Business hybrid certificate trust requires Active Directory to be federated with Microsoft Entra ID using AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
+Windows Hello for Business hybrid certificate trust requires Active Directory to be federated with Microsoft Entra ID using AD FS. You must also configure the AD FS farm to support Azure registered devices.
If you're new to AD FS and federation services:
- Review [key AD FS concepts][SER-3] prior to deploying the AD FS farm
- Review the [AD FS design guide][SER-4] to design and plan your federation service
-Once you have your AD FS design ready:
-
-- Review [deploying a federation server farm][SER-2] to configure AD FS in your environment
+Once you have your AD FS design ready, review [deploying a federation server farm][SER-2] to configure AD FS in your environment
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).
-### Device registration and device write-back
+## Device registration and device write-back
Windows devices must be registered in Microsoft Entra ID. Devices can be registered in Microsoft Entra ID using either *Microsoft Entra join* or *Microsoft Entra hybrid join*.\
For Microsoft Entra hybrid joined devices, review the guidance on the [plan your Microsoft Entra hybrid join implementation][AZ-8] page.
@@ -79,9 +56,9 @@ For a **manual configuration** of your AD FS farm to support device registration
Hybrid certificate trust deployments require the *device write-back* feature. Authentication to AD FS needs both the user and the device to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the device and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device write-back.
> [!NOTE]
-> Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Microsoft Entra ID and Active Directory. Device write-back is used to update the *msDS-KeyCredentialLink* attribute on the computer object.
+> Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Microsoft Entra ID and Active Directory. Device write-back is used to update the `msDS-KeyCredentialLink` attribute on the computer object.
-If you manually configured AD FS, or if you ran Microsoft Entra Connect Sync using *Custom Settings*, you must ensure that you have configured **device write-back** and **device authentication** in your AD FS farm. For more information, see [Configure Device Write Back and Device Authentication][SER-5].
+If you manually configured AD FS, or if you ran Microsoft Entra Connect Sync using *Custom Settings*, you must ensure to configure **device write-back** and **device authentication** in your AD FS farm. For more information, see [Configure Device Write Back and Device Authentication][SER-5].
### Public Key Infrastructure
@@ -90,21 +67,6 @@ The enterprise PKI and a certificate registration authority (CRA) are required t
During Windows Hello for Business provisioning, users receive a sign-in certificate through the CRA.
-### Multifactor authentication
-
-The Windows Hello for Business provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but requires a second factor of authentication.\
-Hybrid deployments can use:
-
-- [Microsoft Entra multifactor authentication][AZ-2]
-- A multifactor authentication provided by AD FS, which includes an adapter model that enables third parties to integrate their MFA into AD FS
-
-For more information how to configure Microsoft Entra multifactor authentication, see [Configure Microsoft Entra multifactor authentication settings][AZ-3].\
-For more information how to configure AD FS to provide multifactor authentication, see [Configure Azure MFA as authentication provider with AD FS][SER-1].
-
-### Device management
-
-To configure Windows Hello for Business, devices can be configured through a mobile device management (MDM) solution like Intune, or via group policy.
-
## Next steps
> [!div class="checklist"]
@@ -120,14 +82,10 @@ To configure Windows Hello for Business, devices can be configured through a mob
> [Next: configure and validate the Public Key Infrastructure >](hybrid-cert-trust-pki.md)
-[AZ-1]: /azure/active-directory/hybrid/how-to-connect-sync-whatis
-[AZ-2]: /azure/multi-factor-authentication/multi-factor-authentication
-[AZ-3]: /azure/multi-factor-authentication/multi-factor-authentication-whats-next
[AZ-8]: /azure/active-directory/devices/hybrid-azuread-join-plan
[AZ-10]: /azure/active-directory/devices/howto-hybrid-azure-ad-join#federated-domains
[AZ-11]: /azure/active-directory/devices/hybrid-azuread-join-manual
-[SER-1]: /windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa
[SER-2]: /windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm
[SER-3]: /windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts
[SER-4]: /windows-server/identity/ad-fs/design/ad-fs-design-guide-in-windows-server-2012-r2
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md
deleted file mode 100644
index da843f036d..0000000000
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md
+++ /dev/null
@@ -1,218 +0,0 @@
----
-title: Windows Hello for Business cloud Kerberos trust clients configuration and enrollment
-description: Learn how to configure devices and enroll them in Windows Hello for Business in a cloud Kerberos trust scenario.
-ms.date: 02/24/2023
-appliesto:
-- ✅ Windows 10, version 21H2 and later
-ms.topic: tutorial
----
-# Configure and provision Windows Hello for Business - cloud Kerberos trust
-
-[!INCLUDE [apply-to-hybrid-cloud-kerberos-trust](includes/apply-to-hybrid-cloud-kerberos-trust.md)]
-
-## Deployment steps
-
-Deploying Windows Hello for Business cloud Kerberos trust consists of two steps:
-
-1. Set up Microsoft Entra Kerberos.
-1. Configure a Windows Hello for Business policy and deploy it to the devices.
-
-
-
-### Deploy Microsoft Entra Kerberos
-
-If you've already deployed on-premises SSO for passwordless security key sign-in, then you've already deployed Microsoft Entra Kerberos in your hybrid environment. You don't need to redeploy or change your existing Microsoft Entra Kerberos deployment to support Windows Hello for Business and you can skip this section.
-
-If you haven't deployed Microsoft Entra Kerberos, follow the instructions in the [Enable passwordless security key sign-in to on-premises resources by using Microsoft Entra ID][AZ-2] documentation. This page includes information on how to install and use the Microsoft Entra Kerberos PowerShell module. Use the module to create a Microsoft Entra Kerberos server object for the domains where you want to use Windows Hello for Business cloud Kerberos trust.
-
-### Configure Windows Hello for Business policy
-
-After setting up the Microsoft Entra Kerberos object, Windows Hello for business cloud Kerberos trust must be enabled on your Windows devices. Follow the instructions below to configure your devices using either Microsoft Intune or group policy (GPO).
-
-#### [:::image type="icon" source="images/intune.svg"::: **Intune**](#tab/intune)
-
-For devices managed by Intune, you can use Intune policies to configure Windows Hello for Business.
-
-There are different ways to enable and configure Windows Hello for Business in Intune:
-
-- When the device is enrolled in Intune, a tenant-wide policy is applied to the device. This policy is applied at enrollment time only, and any changes to its configuration won't apply to devices already enrolled in Intune. For this reason, this policy is usually disabled, and Windows Hello for Business can be enabled using a policy targeted to a security group.
-- After the device is enrolled in Intune, you can apply a device configuration policy. Any changes to the policy will be applied to the devices during regular policy refresh intervals. There are different policy types to choose from:
- - [Settings catalog][MEM-7]
- - [Security baselines][MEM-2]
- - [Custom policy][MEM-3], via the [PassportForWork CSP][MEM-4]
- - [Account protection policy][MEM-5]
- - [Identity protection policy template][MEM-6]
-
-### Verify the tenant-wide policy
-
-To check the Windows Hello for Business policy applied at enrollment time:
-
-1. Sign in to the Microsoft Intune admin center.
-1. Select **Devices** > **Windows** > **Windows Enrollment**.
-1. Select **Windows Hello for Business**.
-1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured.
-
-:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Intune admin center." border="true" lightbox="images/whfb-intune-disable.png":::
-
-If the tenant-wide policy is enabled and configured to your needs, you can skip to [Configure cloud Kerberos trust policy](#configure-the-cloud-kerberos-trust-policy). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
-
-### Enable Windows Hello for Business
-
-To configure Windows Hello for Business using an account protection policy:
-
-1. Sign in to the Microsoft Intune admin center.
-1. Select **Endpoint security** > **Account protection**.
-1. Select **+ Create Policy**.
-1. For **Platform**, select **Windows 10 and later** and for **Profile** select **Account protection**.
-1. Select **Create**.
-1. Specify a **Name** and, optionally, a **Description** > **Next**.
-1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available.
- - These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**.
- - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business).
-1. Under **Enable to certificate for on-premises resources**, select **Not configured**
-1. Select **Next**.
-1. Optionally, add **scope tags** and select **Next**.
-1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**.
-1. Review the policy configuration and select **Create**.
-
-> [!TIP]
-> If you want to enforce the use of digits for your Windows Hello for Business PIN, use the settings catalog and choose **Digits** or **Digits (User)** instead of using the Account protection template.
-
-:::image type="content" source="images/whfb-intune-account-protection-enable.png" alt-text="This image shows the enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-enable.png":::
-
-Assign the policy to a security group that contains as members the devices or users that you want to configure.
-
-### Configure the cloud Kerberos trust policy
-
-The cloud Kerberos trust policy can be configured using a custom template, and it's configured separately from enabling Windows Hello for Business.
-
-To configure the cloud Kerberos trust policy:
-
-1. Sign in to the Microsoft Intune admin center.
-1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
-1. For Profile Type, select **Templates** and select the **Custom** Template.
-1. Name the profile with a familiar name, for example, "Windows Hello for Business cloud Kerberos trust".
-1. In Configuration Settings, add a new configuration with the following settings:
-
- - Name: **Windows Hello for Business cloud Kerberos trust** or another familiar name
- - Description (optional): *Enable Windows Hello for Business cloud Kerberos trust for sign-in and on-premises SSO*
- - OMA-URI: **`./Device/Vendor/MSFT/PassportForWork/`*\
- **Data type:** `bool`
- **Value:** `True`|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UseCloudTrustForOnPremAuth`
- **Data type:** `bool`
- **Value:** `True`|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/RequireSecurityDevice`
- **Data type:** `bool`
- **Value:** `True`|
+
+# [:::image type="icon" source="images/group-policy.svg"::: **GPO**](#tab/gpo)
+
+[!INCLUDE [gpo-enable-whfb](includes/gpo-enable-whfb.md)]
+
+> [!NOTE]
+> Cloud Kerberos trust requires setting a dedicated policy for it to be enabled. This policy setting is only available as a computer configuration.
+>
+>You may need to update your Group Policy definitions to be able to configure the cloud Kerberos trust policy. You can copy the ADMX and ADML files from a Windows client that supports cloud Kerberos trust to their respective language folder on your Group Policy management server. Windows Hello for Business settings are in the *Passport.admx* and *Passport.adml* files.
+>
+>You can also create a Group Policy Central Store and copy them their respective language folder. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows][TS-1].
+
+[!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**
or
**User Configuration\Administrative Templates\Windows Components\Windows Hello for Business**|Use Windows Hello for Business| **Enabled**|
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business** |Use cloud Kerberos trust for on-premises authentication| **Enabled**|
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business** |Use a hardware security device| **Enabled**|
+
+[!INCLUDE [gpo-settings-2](../../../../../includes/configure/gpo-settings-2.md)]
+
+> [!TIP]
+> The best way to deploy the Windows Hello for Business GPO is to use security group filtering. Only members of the targeted security group will provision Windows Hello for Business, enabling a phased rollout. This solution allows linking the GPO to the domain, ensuring the GPO is scoped to all security principals. The security group filtering ensures that only the members of the global group receive and apply the GPO, which results in the provisioning of Windows Hello for Business.
+
+---
+
+If you deploy Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings take precedence, and Intune settings are ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources).
+
+More policy settings can be configured to control the behavior of Windows Hello for Business. For more information, see [Windows Hello for Business policy settings](../policy-settings.md).
+
+## Enroll in Windows Hello for Business
+
+The Windows Hello for Business provisioning process begins immediately after a user signs in, if the prerequisite checks pass. Windows Hello for Business *cloud Kerberos trust* adds a prerequisite check for Microsoft Entra hybrid joined devices when cloud Kerberos trust is enabled by policy.
+
+You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs** > **Microsoft** > **Windows**.\
+This information is also available using the `dsregcmd.exe /status` command from a console. For more information, see [dsregcmd][AZ-4].
+
+The cloud Kerberos trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Microsoft Entra Kerberos is set up for the user's domain and tenant. If Microsoft Entra Kerberos is set up, the user receives a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud Kerberos trust isn't enforced by policy or if the device is Microsoft Entra joined.
+
+> [!NOTE]
+> The cloud Kerberos trust prerequisite check isn't done on Microsoft Entra joined devices. If Microsoft Entra Kerberos isn't provisioned, a user on a Microsoft Entra joined device will still be able to sign in, but won't have SSO to on-premises resources secured by Active Directory.
+
+### User experience
+
+[!INCLUDE [user-experience](includes/user-experience.md)]
+
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=36dc8679-0fcc-4abf-868d-97ec8b749da7 alt-text="Video showing the Windows Hello for Business enrollment steps after signing in with a password."]
+
+Once a user completes enrollment with cloud Kerberos trust, the Windows Hello gesture can be used **immediately** for sign-in. On a Microsoft Entra hybrid joined device, the first use of the PIN requires line of sight to a DC. Once the user signs in or unlocks with the DC, cached sign-in can be used for subsequent unlocks without line of sight or network connectivity.
+
+After enrollment, Microsoft Entra Connect synchronizes the user's key from Microsoft Entra ID to Active Directory.
+
+### Sequence diagrams
+
+To better understand the provisioning flows, review the following sequence diagrams based on the device join and authentication type:
+
+- [Provisioning for Microsoft Entra joined devices with managed authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-managed-authentication)
+- [Provisioning for Microsoft Entra joined devices with federated authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-federated-authentication)
+- [Provisioning in a cloud Kerberos trust deployment model with managed authentication](../how-it-works-provisioning.md#provisioning-in-a-cloud-kerberos-trust-deployment-model-with-managed-authentication)
+
+To better understand the authentication flows, review the following sequence diagram:
+
+- [Microsoft Entra join authentication to Active Directory using cloud Kerberos trust](../how-it-works-authentication.md#microsoft-entra-join-authentication-to-active-directory-using-cloud-kerberos-trust)
+
+## Migrate from key trust deployment model to cloud Kerberos trust
+
+If you deployed Windows Hello for Business using the key trust model, and want to migrate to the cloud Kerberos trust model, follow these steps:
+
+1. [Set up Microsoft Entra Kerberos in your hybrid environment](#deploy-microsoft-entra-kerberos)
+1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy-settings)
+1. For Microsoft Entra joined devices, sign out and sign in to the device using Windows Hello for Business
+
+> [!NOTE]
+> For Microsoft Entra hybrid joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.
+
+## Migrate from certificate trust deployment model to cloud Kerberos trust
+
+> [!IMPORTANT]
+> There is no *direct* migration path from a certificate trust deployment to a cloud Kerberos trust deployment. The Windows Hello container must be deleted before you can migrate to cloud Kerberos trust.
+
+If you deployed Windows Hello for Business using the certificate trust model, and want to use the cloud Kerberos trust model, you must redeploy Windows Hello for Business by following these steps:
+
+1. Disable the certificate trust policy
+1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy-settings)
+1. Remove the certificate trust credential using the command `certutil.exe -deletehellocontainer` from the user context
+1. Sign out and sign back in
+1. Provision Windows Hello for Business using a method of your choice
+
+> [!NOTE]
+> For Microsoft Entra hybrid joined devices, users must perform the first sign-in with new credentials while having line of sight to a DC.
+
+## Frequently Asked Questions
+
+For a list of frequently asked questions about Windows Hello for Business cloud Kerberos trust, see [Windows Hello for Business Frequently Asked Questions](../hello-faq.yml#cloud-kerberos-trust).
+
+## Unsupported scenarios
+
+The following scenarios aren't supported using Windows Hello for Business cloud Kerberos trust:
+
+- RDP/VDI scenarios using supplied credentials (RDP/VDI can be used with Remote Credential Guard or if a certificate is enrolled into the Windows Hello for Business container)
+- Using cloud Kerberos trust for *Run as*
+- Signing in with cloud Kerberos trust on a Microsoft Entra hybrid joined device without previously signing in with DC connectivity
-[AZ-1]: /azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises
-
+[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp
+[ENTRA-1]: /entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azureadhybridauthenticationmanagement-module
+[MEM-1]: /mem/intune/configuration/custom-settings-configure
[SERV-1]: /windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services
-
-[SUP-1]: https://support.microsoft.com/topic/january-23-2020-kb4534307-os-build-14393-3474-b181594e-2c6a-14ea-e75b-678efea9d27e
-[SUP-2]: https://support.microsoft.com/topic/january-23-2020-kb4534321-os-build-17763-1012-023e84c3-f9aa-3b55-8aff-d512911c459f
+[TS-1]: /troubleshoot/windows-client/group-policy/create-and-manage-central-store
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
index 10b8e56a94..a1686099b6 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
@@ -1,165 +1,114 @@
---
-title: Windows Hello for Business hybrid key trust clients configuration and enrollment
+title: Configure and enroll in Windows Hello for Business in a hybrid key trust model
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
-ms.date: 01/03/2023
+ms.date: 12/29/2023
ms.topic: tutorial
---
-# Configure and enroll in Windows Hello for Business - hybrid key trust
+# Configure and enroll in Windows Hello for Business in a hybrid key trust model
[!INCLUDE [apply-to-hybrid-key-trust](includes/apply-to-hybrid-key-trust.md)]
-After the prerequisites are met and the PKI configuration is validated, Windows Hello for business must be enabled on the Windows devices. Follow the instructions below to configure your devices using either Microsoft Intune or group policy (GPO).
-
-#### [:::image type="icon" source="images/intune.svg"::: **Intune**](#tab/intune)
-
-## Configure Windows Hello for Business using Microsoft Intune
-
-For Microsoft Entra joined devices and Microsoft Entra hybrid joined devices enrolled in Intune, you can use Intune policies to manage Windows Hello for Business.
-
-There are different ways to enable and configure Windows Hello for Business in Intune:
-
-- Using a policy applied at the tenant level. The tenant policy:
- - Is only applied at enrollment time, and any changes to its configuration won't apply to devices already enrolled in Intune
- - It applies to *all devices* getting enrolled in Intune. For this reason, the policy is usually disabled and Windows Hello for Business is enabled using a policy targeted to a security group
-- A device configuration policy that is applied *after* device enrollment. Any changes to the policy will be applied to the devices during regular policy refresh intervals. There are different policy types to choose from:
- - [Settings catalog][MEM-1]
- - [Security baselines][MEM-2]
- - [Custom policy][MEM-3], via the [PassportForWork CSP][MEM-4]
- - [Account protection policy][MEM-5]
- - [Identity protection policy template][MEM-6]
-
-### Verify the tenant-wide policy
-
-To check the Windows Hello for Business policy applied at enrollment time:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** > **Windows** > **Windows Enrollment**
-1. Select **Windows Hello for Business**
-1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured
-
-:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Intune admin center." lightbox="images/whfb-intune-disable.png":::
-
-If the tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
-
-### Enable and configure Windows Hello for Business
-
-To configure Windows Hello for Business using an *account protection* policy:
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Endpoint security** > **Account protection**
-1. Select **+ Create Policy**
-1. For *Platform**, select **Windows 10 and later** and for *Profile* select **Account protection**
-1. Select **Create**
-1. Specify a **Name** and, optionally, a **Description** > **Next**
-1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available
- - These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes**
- - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business)
-1. Select **Next**
-1. Optionally, add *scope tags* > **Next**
-1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
-1. Review the policy configuration and select **Create**
-
-:::image type="content" source="images/whfb-intune-account-protection-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-enable.png":::
-
-#### [:::image type="icon" source="images/group-policy.svg"::: **GPO**](#tab/gpo)
-
-## Configure Windows Hello for Business using group policies
-
-For Microsoft Entra hybrid joined devices, you can use group policies to configure Windows Hello for Business.
-It's suggested to create a security group (for example, *Windows Hello for Business Users*) to make it easy to deploy Windows Hello for Business in phases. You assign **Group Policy permissions** to this group to simplify the deployment by adding the users to the group.
-
-The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
-
-> [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
-
-### Enable Windows Hello for Business group policy setting
-
-The *Enable Windows Hello for Business* group policy setting is the configuration needed for Windows to determine if a user should attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to **enabled**.\
-You can configure the *Enable Windows Hello for Business* setting for computer or users:
-
-- Deploying this policy setting to computers (or group of computers) results in all users that sign-in that computer to attempt a Windows Hello for Business enrollment
-- Deploying this policy setting to a user (or group of users), results in only that user attempting a Windows Hello for Business enrollment
-
-If both user and computer policy settings are deployed, the user policy setting has precedence.
-
-### Enable and configure Windows Hello for Business
-
-Sign-in a domain controller or management workstations with *Domain Admin* equivalent credentials.
-
-1. Start the **Group Policy Management Console** (gpmc.msc)
-1. Expand the domain and select the **Group Policy Object** node in the navigation pane
-1. Right-click **Group Policy object** and select **New**
-1. Type *Enable Windows Hello for Business* in the name box and select **OK**
-1. In the content pane, right-click the **Enable Windows Hello for Business** group policy object and select **Edit**
-1. In the navigation pane, expand **Policies** under **User Configuration**
-1. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**
-1. In the content pane, open **Use Windows Hello for Business**. Select **Enable > OK**
-1. Close the **Group Policy Management Editor**
-
-> [!NOTE]
-> Windows Hello for Business can be configured using different policies. These policies are optional to configure, but it's recommended to enable *Use a hardware security device*.
+> [!div class="checklist"]
+> Once the prerequisites are met and the PKI configuration is validated, deploying Windows Hello for Business consists of the following steps:
>
-> For more information about these policies, see [Group Policy settings for Windows Hello for Business](../hello-manage-in-organization.md#group-policy-settings-for-windows-hello-for-business).
+> - [Configure Windows Hello for Business policy settings](#configure-windows-hello-for-business-policy-settings)
+> - [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business)
-### Configure security for GPO
+## Configure Windows Hello for Business policy settings
-The best way to deploy the Windows Hello for Business GPO is to use security group filtering. Only members of the targeted security group will provision Windows Hello for Business, enabling a phased rollout.
+There's one policy setting required to enable Windows Hello for Business in a key trust model:
-1. Start the **Group Policy Management Console** (gpmc.msc)
-1. Expand the domain and select the **Group Policy Object** node in the navigation pane
-1. Open the **Enable Windows Hello for Business** GPO
-1. In the **Security Filtering** section of the content pane, select **Add**. Type the name of the security group you previously created (for example, *Windows Hello for Business Users*) and select **OK**
-1. Select the **Delegation** tab. Select **Authenticated Users > Advanced**
-1. In the **Group or User names** list, select **Authenticated Users**. In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Select **OK**
+- [Use Windows Hello for Business](../policy-settings.md#use-windows-hello-for-business)
-### Deploy the Windows Hello for Business Group Policy object
+Another optional, but recommended, policy setting is:
-The application of Group Policy object uses security group filtering. This solution allows linking the GPO to the domain, ensuring the GPO is scoped to all users. The security group filtering ensures that only the members of the *Windows Hello for Business Users* global group receive and apply the GPO, which results in the provisioning of Windows Hello for Business.
+- [Use a hardware security device](../policy-settings.md#use-a-hardware-security-device)
-1. Start the **Group Policy Management Console** (gpmc.msc)
-1. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO**
-1. In the **Select GPO** dialog box, select *Enable Windows Hello for Business* or the name of the Windows Hello for Business Group Policy object you previously created and select **OK**
+The following instructions describe how to configure your devices using either Microsoft Intune or group policy (GPO).
-### Add members to the targeted group
+# [:::image type="icon" source="images/intune.svg"::: **Intune/CSP**](#tab/intune)
-Users (or devices) must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business. You can provide users with these settings and permissions by adding members to the *Windows Hello for Business Users* group. Users and groups who aren't members of this group won't attempt to enroll for Windows Hello for Business.
+> [!NOTE]
+> Review the article [Configure Windows Hello for Business using Microsoft Intune](../configure.md#configure-windows-hello-for-business-using-microsoft-intune) to learn about the different options offered by Microsoft Intune to configure Windows Hello for Business.
+
+If the Intune tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business).
+
+[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| **Windows Hello for Business** | Use Passport For Work | true |
+| **Windows Hello for Business** | Require Security Device | true |
+
+[!INCLUDE [intune-settings-catalog-2](../../../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][MEM-1] with the [PassportForWork CSP][CSP-1].
+
+| Setting |
+|--------|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/UsePassportForWork`
- **Data type:** `bool`
- **Value:** `True`|
+| - **OMA-URI:** `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/RequireSecurityDevice`
- **Data type:** `bool`
- **Value:** `True`|
+
+# [:::image type="icon" source="images/group-policy.svg"::: **GPO**](#tab/gpo)
+
+[!INCLUDE [gpo-enable-whfb](includes/gpo-enable-whfb.md)]
+
+[!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**
or
**User Configuration\Administrative Templates\Windows Components\Windows Hello for Business**|Use Windows Hello for Business| **Enabled**|
+| **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business** |Use a hardware security device| **Enabled**|
+
+[!INCLUDE [gpo-settings-2](../../../../../includes/configure/gpo-settings-2.md)]
+
+> [!TIP]
+> The best way to deploy the Windows Hello for Business GPO is to use security group filtering. Only members of the targeted security group will provision Windows Hello for Business, enabling a phased rollout. This solution allows linking the GPO to the domain, ensuring the GPO is scoped to all security principals. The security group filtering ensures that only the members of the global group receive and apply the GPO, which results in the provisioning of Windows Hello for Business.
---
+If you deploy Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings take precedence, and Intune settings are ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources)
+
+Other policy settings can be configured to control the behavior of Windows Hello for Business. For more information, see [Windows Hello for Business policy settings](../policy-settings.md).
+
## Enroll in Windows Hello for Business
The Windows Hello for Business provisioning process begins immediately after the user profile is loaded and before the user receives their desktop. For the provisioning process to begin, all prerequisite checks must pass.
You can determine the status of the prerequisite checks by viewing the **User Device Registration** admin log under **Applications and Services Logs > Microsoft > Windows**.\
-This information is also available using the `dsregcmd /status` command from a console. For more information, see [dsregcmd][AZ-4].
+This information is also available using the `dsregcmd.exe /status` command from a console. For more information, see [dsregcmd][AZ-4].
:::image type="content" source="images/Event358.png" alt-text="Details about event ID 358 showing that the device is ready to enroll in Windows Hello for Business." border="false" lightbox="images/Event358.png":::
-### PIN Setup
+### User experience
-The following process occurs after a user signs in, to enroll in Windows Hello for Business:
+[!INCLUDE [user-experience](includes/user-experience.md)]
-1. The user is prompted with a full screen page to use Windows Hello with the organization account. The user selects **OK**
-1. The enrollment flow proceeds to the multi-factor authentication phase. The process informs the user that there's an MFA contact attempt, using the configured form of MFA. The provisioning process doesn't proceed until authentication succeeds, fails or times out. A failed or timeout MFA results in an error and asks the user to retry
-1. After a successful MFA, the provisioning flow asks the user to create and validate a PIN. This PIN must observe any PIN complexity policies configured on the device
-1. The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Microsoft Entra ID to register the public key. When key registration completes, Windows Hello for Business provisioning informs the user they can use their PIN to sign-in. The user may close the provisioning application and see their desktop. While the user has completed provisioning, Microsoft Entra Connect synchronizes the user's key to Active Directory
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=36dc8679-0fcc-4abf-868d-97ec8b749da7 alt-text="Video showing the Windows Hello for Business enrollment steps after signing in with a password."]
-:::image type="content" source="images/haadj-whfb-pin-provisioning.gif" alt-text="Animation showing a user logging on to an HAADJ device with a password, and being prompted to enroll in Windows Hello for Business.":::
+After enrollment, Microsoft Entra Connect synchronizes the user's key from Microsoft Entra ID to Active Directory.
> [!IMPORTANT]
> The minimum time needed to synchronize the user's public key from Microsoft Entra ID to the on-premises Active Directory is 30 minutes. The Microsoft Entra Connect scheduler controls the synchronization interval.
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and access on-premises resources.
> Read [Microsoft Entra Connect Sync: Scheduler][AZ-5] to view and adjust the **synchronization cycle** for your organization.
+### Sequence diagrams
+
+To better understand the provisioning flows, review the following sequence diagrams based on the device join and authentication type:
+
+- [Provisioning for Microsoft Entra joined devices with managed authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-managed-authentication)
+- [Provisioning for Microsoft Entra joined devices with federated authentication](../how-it-works-provisioning.md#provisioning-for-microsoft-entra-joined-devices-with-federated-authentication)
+- [Provisioning in a hybrid key trust deployment model with managed authentication](../how-it-works-provisioning.md#provisioning-in-a-hybrid-key-trust-deployment-model-with-managed-authentication)
+
+To better understand the authentication flows, review the following sequence diagram:
+
+- [Microsoft Entra hybrid join authentication using a key](../how-it-works-authentication.md#microsoft-entra-hybrid-join-authentication-using-a-key)
+- [Microsoft Entra join authentication to Active Directory using a key](../how-it-works-authentication.md#microsoft-entra-join-authentication-to-active-directory-using-a-key)
+
[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
[AZ-5]: /azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler
-
-[MEM-1]: /mem/intune/configuration/settings-catalog
-[MEM-2]: /mem/intune/protect/security-baselines
-[MEM-3]: /mem/intune/configuration/custom-settings-configure
-[MEM-4]: /windows/client-management/mdm/passportforwork-csp
-[MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy
-[MEM-6]: /mem/intune/protect/identity-protection-configure
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp
+[MEM-1]: /mem/intune/configuration/custom-settings-configure
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md
deleted file mode 100644
index 2fa08c15c9..0000000000
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md
+++ /dev/null
@@ -1,107 +0,0 @@
----
-title: Configure and validate the Public Key Infrastructure in a hybrid key trust model
-description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid key trust model.
-ms.date: 01/03/2023
-appliesto:
-- ✅ Windows 11
-- ✅ Windows 10
-- ✅ Windows Server 2022
-- ✅ Windows Server 2019
-- ✅ Windows Server 2016
-ms.topic: tutorial
----
-# Configure and validate the Public Key Infrastructure - hybrid key trust
-
-[!INCLUDE [apply-to-hybrid-key-trust](includes/apply-to-hybrid-key-trust.md)]
-
-Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* model. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
-
-Key trust deployments do not need client-issued certificates for on-premises authentication. Active Directory user accounts are configured for public key mapping by *Microsoft Entra Connect Sync*, which synchronizes the public key of the Windows Hello for Business credential to an attribute on the user's Active Directory object (`msDS-KeyCredentialLink`).
-
-A Windows Server-based PKI or a third-party Enterprise certification authority can be used. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA][SERV-1].
-
-## Deploy an enterprise certification authority
-
-This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on an enterprise PKI running the Windows Server *Active Directory Certificate Services* role.\
-If you don't have an existing PKI, review [Certification Authority Guidance][PREV-1] to properly design your infrastructure. Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy][PREV-2] for instructions on how to configure your PKI using the information from your design session.
-
-### Lab-based PKI
-
-The following instructions may be used to deploy simple public key infrastructure that is suitable **for a lab environment**.
-
-Sign in using *Enterprise Administrator* equivalent credentials on a Windows Server where you want the certification authority (CA) installed.
-
->[!NOTE]
->Never install a certification authority on a domain controller in a production environment.
-
-1. Open an elevated Windows PowerShell prompt
-1. Use the following command to install the Active Directory Certificate Services role.
- ```PowerShell
- Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
- ```
-1. Use the following command to configure the CA using a basic certification authority configuration
- ```PowerShell
- Install-AdcsCertificationAuthority
- ```
-
-## Configure the enterprise PKI
-
-[!INCLUDE [dc-certificate-template](includes/dc-certificate-template.md)]
-
-> [!NOTE]
-> Inclusion of the *KDC Authentication* OID in domain controller certificate is not required for Microsoft Entra hybrid joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Microsoft Entra joined devices.
-
-> [!IMPORTANT]
-> For Microsoft Entra joined devices to authenticate to on-premises resources, ensure to:
->
-> - Install the root CA certificate in the device's trusted root certificate store. See [how to deploy a trusted certificate profile](/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) via Intune
-> - Publish your certificate revocation list to a location that is available to Microsoft Entra joined devices, such as a web-based URL
-
-[!INCLUDE [dc-certificate-template-supersede](includes/dc-certificate-supersede.md)]
-
-[!INCLUDE [unpublish-superseded-templates](includes/unpublish-superseded-templates.md)]
-
-### Publish the certificate template to the CA
-
-A certification authority can only issue certificates for certificate templates that are published to it. If you have more than one CA, and you want more CAs to issue certificates based on the certificate template, then you must publish the certificate template to them.
-
-Sign in to the CA or management workstations with **Enterprise Admin** equivalent credentials.
-
-1. Open the **Certification Authority** management console
-1. Expand the parent node from the navigation pane
-1. Select **Certificate Templates** in the navigation pane
-1. Right-click the **Certificate Templates** node. Select **New > Certificate Template to issue**
-1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)* template you created in the previous steps > select **OK**
-1. Close the console
-
-> [!IMPORTANT]
-> If you plan to deploy **Microsoft Entra joined** devices, and require single sign-on (SSO) to on-premises resources when signing in with Windows Hello for Business, follow the procedures to [update your CA to include an http-based CRL distribution point](../hello-hybrid-aadj-sso.md).
-
-## Configure and deploy certificates to domain controllers
-
-[!INCLUDE [dc-certificate-deployment](includes/dc-certificate-deployment.md)]
-
-## Validate the configuration
-
-[!INCLUDE [dc-certificate-validate](includes/dc-certificate-validate.md)]
-
-## Section review and next steps
-
-Before moving to the next section, ensure the following steps are complete:
-
-> [!div class="checklist"]
->
-> - Configure domain controller certificates
-> - Supersede existing domain controller certificates
-> - Unpublish superseded certificate templates
-> - Publish the certificate template to the CA
-> - Deploy certificates to the domain controllers
-> - Validate the domain controllers configuration
-
-> [!div class="nextstepaction"]
-> [Next: configure and provision Windows Hello for Business >](hybrid-key-trust-enroll.md)
-
-
-[SERV-1]: /troubleshoot/windows-server/windows-security/requirements-domain-controller
-[PREV-1]: /previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831574(v=ws.11)
-[PREV-2]: /previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
index 2b0ec7021d..e5a08f2117 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
@@ -1,109 +1,93 @@
---
-title: Windows Hello for Business hybrid key trust deployment
+title: Windows Hello for Business hybrid key trust deployment guide
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
-ms.date: 12/28/2022
-appliesto:
-- ✅ Windows 11
-- ✅ Windows 10
-- ✅ Windows Server 2022
-- ✅ Windows Server 2019
-- ✅ Windows Server 2016
-ms.topic: how-to
+ms.date: 01/03/2024
+ms.topic: tutorial
---
-# Hybrid key trust deployment
+
+# Hybrid key trust deployment guide
[!INCLUDE [apply-to-hybrid-key-trust](includes/apply-to-hybrid-key-trust.md)]
-Hybrid environments are distributed systems that enable organizations to use on-premises and Microsoft Entra protected resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication and single sign-on to modern resources.
-
-This deployment guide describes how to deploy Windows Hello for Business in a hybrid key trust scenario.
-
> [!IMPORTANT]
> Windows Hello for Business *cloud Kerberos trust* is the recommended deployment model when compared to the *key trust model*. For more information, see [cloud Kerberos trust deployment](hybrid-cloud-kerberos-trust.md).
-It is recommended that you review the [Windows Hello for Business planning guide](../hello-planning-guide.md) prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions.
-
-## Prerequisites
-
-The following prerequisites must be met for a hybrid key trust deployment:
+[!INCLUDE [requirements](includes/requirements.md)]
> [!div class="checklist"]
-> * Directories and directory synchronization
-> * Authentication to Microsoft Entra ID
-> * Device registration
-> * Public Key Infrastructure
-> * Multifactor authentication
-> * Device management
+>
+> - [Public Key Infrastructure](index.md#pki-requirements)
+> - [Authentication](index.md#authentication-to-microsoft-entra-id)
+> - [Device configuration](index.md#device-configuration-options)
+> - [Prepare users to use Windows Hello](prepare-users.md)
-### Directories and directory synchronization
-
-Hybrid Windows Hello for Business needs two directories:
-
-- An on-premises Active Directory
-- A Microsoft Entra tenant
-
-The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Microsoft Entra ID.\
-During the Window Hello for Business provisioning process, users register the public portion of their Windows Hello for Business credential with Microsoft Entra ID. *Microsoft Entra Connect Sync* synchronizes the Windows Hello for Business public key to Active Directory.
-
-> [!NOTE]
-> Windows Hello for Business hybrid key trust is not supported if the users' on-premises UPN suffix cannot be added as a verified domain in Microsoft Entra ID.
-
-
-
-### Authentication to Microsoft Entra ID
-
-Authentication to Microsoft Entra ID can be configured with or without federation:
-
-- [Password hash synchronization][AZ-6] or [Microsoft Entra pass-through authentication][AZ-7] is required for non-federated environments
-- Active Directory Federation Services (AD FS) or a third-party federation service is required for federated environments
-
-### Device registration
-
-The Windows devices must be registered in Microsoft Entra ID. Devices can be registered in Microsoft Entra ID using either *Microsoft Entra join* or *Microsoft Entra hybrid join*.\
-For *Microsoft Entra hybrid joined* devices, review the guidance on the [Plan your Microsoft Entra hybrid join implementation][AZ-8] page.
-
-### Public Key Infrastructure
-
-An enterprise PKI is required as *trust anchor* for authentication. Domain controllers require a certificate for Windows clients to trust them.
-
-
-
-### Multifactor authentication
-
-The Windows Hello for Business provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but requires a second factor of authentication.\
-Hybrid deployments can use:
-
-- [Microsoft Entra multifactor authentication][AZ-2]
-- A multifactor authentication provided by AD FS, which includes an adapter model that enables third parties to integrate their MFA into AD FS
-
-For more information how to configure Microsoft Entra multifactor authentication, see [Configure Microsoft Entra multifactor authentication settings][AZ-3].\
-For more information how to configure AD FS to provide multifactor authentication, see [Configure Azure MFA as authentication provider with AD FS][SER-1].
-
-### Device management
-
-To configure Windows Hello for Business, devices can be configured through a mobile device management (MDM) solution like Intune, or via group policy.
-
-## Next steps
-
-Once the prerequisites are met, deploying Windows Hello for Business with a hybrid key trust model consists of the following steps:
+## Deployment steps
> [!div class="checklist"]
-> * Configure and validate the PKI
-> * Configure Windows Hello for Business settings
-> * Provision Windows Hello for Business on Windows clients
-> * Configure single sign-on (SSO) for Microsoft Entra joined devices
+> Once the prerequisites are met, deploying Windows Hello for Business consists of the following steps:
+>
+> - [Configure and validate the Public Key Infrastructure](#configure-and-validate-the-public-key-infrastructure)
+> - [Configure and enroll in Windows Hello for Business](hybrid-key-trust-enroll.md)
+> - (optional) [Configure single sign-on for Microsoft Entra joined devices](../hello-hybrid-aadj-sso.md)
+
+## Configure and validate the Public Key Infrastructure
+
+Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* model. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
+
+Key trust deployments don't need client-issued certificates for on-premises authentication. *Microsoft Entra Connect Sync* configures Active Directory user accounts for public key mapping, by synchronizing the public key of the Windows Hello for Business credential to an attribute on the user's Active Directory object (`msDS-KeyCredentialLink` attribute).
+
+A Windows Server-based PKI or a third-party Enterprise certification authority can be used. For more information, see [Requirements for domain controller certificates from a third-party CA][SERV-1].
+
+[!INCLUDE [lab-based-pki-deploy](includes/lab-based-pki-deploy.md)]
+
+## Configure the enterprise PKI
+
+[!INCLUDE [dc-certificate-template](includes/certificate-template-dc.md)]
+
+[!INCLUDE [dc-certificate-template-dc-hybrid-notes](includes/certificate-template-dc-hybrid-notes.md)]
+
+[!INCLUDE [dc-certificate-template-supersede](includes/dc-certificate-supersede.md)]
+
+[!INCLUDE [unpublish-superseded-templates](includes/unpublish-superseded-templates.md)]
+
+### Publish the certificate template to the CA
+
+A certification authority can only issue certificates for certificate templates that are published to it. If you have more than one CA, and you want more CAs to issue certificates based on the certificate template, then you must publish the certificate template to them.
+
+Sign in to the CA or management workstations with **Enterprise Admin** equivalent credentials.
+
+1. Open the **Certification Authority** management console
+1. Expand the parent node from the navigation pane
+1. Select **Certificate Templates** in the navigation pane
+1. Right-click the **Certificate Templates** node. Select **New > Certificate Template to issue**
+1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)* template you created in the previous steps > select **OK**
+1. Close the console
+
+> [!IMPORTANT]
+> If you plan to deploy **Microsoft Entra joined** devices, and require single sign-on (SSO) to on-premises resources when signing in with Windows Hello for Business, follow the procedures to [update your CA to include an http-based CRL distribution point](../hello-hybrid-aadj-sso.md).
+
+## Configure and deploy certificates to domain controllers
+
+[!INCLUDE [dc-certificate-deployment](includes/dc-certificate-deployment.md)]
+
+## Validate the configuration
+
+[!INCLUDE [dc-certificate-validate](includes/dc-certificate-validate.md)]
+
+## Section review and next steps
+
+> [!div class="checklist"]
+> Before moving to the next section, ensure the following steps are complete:
+>
+> - Configure domain controller certificate template
+> - Supersede existing domain controller certificates
+> - Unpublish superseded certificate templates
+> - Publish the certificate template to the CA
+> - Deploy certificates to the domain controllers
+> - Validate the domain controllers configuration
> [!div class="nextstepaction"]
-> [Next: configure and validate the Public Key Infrastructure >](hybrid-key-trust-pki.md)
+> [Next: configure and enroll in Windows Hello for Business >](hybrid-key-trust-enroll.md)
-[AZ-1]: /azure/active-directory/hybrid/how-to-connect-sync-whatis
-[AZ-2]: /azure/multi-factor-authentication/multi-factor-authentication
-[AZ-3]: /azure/multi-factor-authentication/multi-factor-authentication-whats-next
-[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
-[AZ-5]: /azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler
-[AZ-6]: /azure/active-directory/hybrid/whatis-phs
-[AZ-7]: /azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication
-[AZ-8]: /azure/active-directory/devices/hybrid-azuread-join-plan
-
-[SER-1]: /windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa
+[SERV-1]: /troubleshoot/windows-server/windows-security/requirements-domain-controller
diff --git a/windows/security/identity-protection/hello-for-business/deploy/images/cloud-trust-prereq-check.png b/windows/security/identity-protection/hello-for-business/deploy/images/cloud-trust-prereq-check.png
deleted file mode 100644
index f327f79f32..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/deploy/images/cloud-trust-prereq-check.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/deploy/images/group-policy.svg b/windows/security/identity-protection/hello-for-business/deploy/images/group-policy.svg
index ace95add6b..c9cb511415 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/images/group-policy.svg
+++ b/windows/security/identity-protection/hello-for-business/deploy/images/group-policy.svg
@@ -1,3 +1,9 @@
-
\ No newline at end of file
+