diff --git a/windows/client-management/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md index 2927f3eefe..9f3374bb96 100644 --- a/windows/client-management/implement-server-side-mobile-application-management.md +++ b/windows/client-management/implement-server-side-mobile-application-management.md @@ -1,29 +1,29 @@ --- -title: Support for mobile application management on Windows -description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices. +title: Support for Windows Information Protection (WIP) on Windows +description: Learn about implementing the Windows version of Windows Information Protection (WIP), which is a lightweight solution for managing company data access and security on personal devices. ms.topic: article ms.date: 08/10/2023 --- -# Support for mobile application management on Windows +# Support for Windows Information Protection (WIP) on Windows -The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). +Windows Information Protection (WIP) is a lightweight solution for managing company data access and security on personal devices. WIP support is built into Windows. [!INCLUDE [Deprecate Windows Information Protection](../security/information-protection/windows-information-protection/includes/wip-deprecation.md)] ## Integration with Azure AD -MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). +WIP is integrated with Azure Active Directory (Azure AD) identity service. The WIP service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of WIP policies. WIP integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). -MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices are enrolled to MAM or MDM, depending on the user's actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device is enrolled to MAM. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices. +WIP uses Workplace Join (WPJ). WPJ is integrated with adding a work account flow to a personal device. If a user adds their work or school Entra ID account as a secondary account to the machine, their device registered with WPJ. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be registered with WPJ. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices. On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft 365 apps. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**. Regular non administrator users can enroll to MAM. -## Integration with Windows Information Protection +## Understand Windows Information Protection -MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. +WIP takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, WPJ limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. To make applications WIP-aware, app developers need to include the following data in the app resource file. @@ -74,7 +74,7 @@ Since the [Poll](mdm/dmclient-csp.md#deviceproviderprovideridpoll) node isn't pr ## Supported CSPs -MAM on Windows supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list may change later based on customer feedback: +WIP supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list may change later based on customer feedback: - [AppLocker CSP](mdm/applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps. - [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs. diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index b8da7a6027..5d7ac4a474 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -124,16 +124,6 @@ href: deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md - name: In-place upgrade href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md - - name: Subscription Activation - items: - - name: Windows subscription activation - href: windows-10-subscription-activation.md - - name: Windows Enterprise E3 in CSP - href: windows-10-enterprise-e3-overview.md - - name: Configure VDA for subscription activation - href: vda-subscription-activation.md - - name: Deploy Windows Enterprise licenses - href: deploy-enterprise-licenses.md - name: Deploy Windows client updates items: - name: Assign devices to servicing channels @@ -184,6 +174,109 @@ href: update/deployment-service-drivers.md - name: Troubleshoot Windows Update for Business deployment service href: update/deployment-service-troubleshoot.md + - name: Activate + items: + - name: Windows subscription activation + href: windows-10-subscription-activation.md + - name: Windows Enterprise E3 in CSP + href: windows-10-enterprise-e3-overview.md + - name: Configure VDA for subscription activation + href: vda-subscription-activation.md + - name: Deploy Windows Enterprise licenses + href: deploy-enterprise-licenses.md + - name: Volume Activation + items: + - name: Overview + href: volume-activation/volume-activation-windows-10.md + - name: Plan for volume activation + href: volume-activation/plan-for-volume-activation-client.md + - name: Activate using Key Management Service + href: volume-activation/activate-using-key-management-service-vamt.md + - name: Activate using Active Directory-based activation + href: volume-activation/activate-using-active-directory-based-activation-client.md + - name: Activate clients running Windows 10 + href: volume-activation/activate-windows-10-clients-vamt.md + - name: Monitor activation + href: volume-activation/monitor-activation-client.md + - name: Use the Volume Activation Management Tool + href: volume-activation/use-the-volume-activation-management-tool-client.md + href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md + - name: Volume Activation Management Tool (VAMT) + items: + - name: VAMT technical reference + href: volume-activation/volume-activation-management-tool.md + - name: Introduction to VAMT + href: volume-activation/introduction-vamt.md + - name: Active Directory-Based Activation Overview + href: volume-activation/active-directory-based-activation-overview.md + - name: Install and Configure VAMT + items: + - name: Overview + href: volume-activation/install-configure-vamt.md + - name: VAMT Requirements + href: volume-activation/vamt-requirements.md + - name: Install VAMT + href: volume-activation/install-vamt.md + - name: Configure Client Computers + href: volume-activation/configure-client-computers-vamt.md + - name: Add and Manage Products + items: + - name: Overview + href: volume-activation/add-manage-products-vamt.md + - name: Add and Remove Computers + href: volume-activation/add-remove-computers-vamt.md + - name: Update Product Status + href: volume-activation/update-product-status-vamt.md + - name: Remove Products + href: volume-activation/remove-products-vamt.md + - name: Manage Product Keys + items: + - name: Overview + href: volume-activation/manage-product-keys-vamt.md + - name: Add and Remove a Product Key + href: volume-activation/add-remove-product-key-vamt.md + - name: Install a Product Key + href: volume-activation/install-product-key-vamt.md + - name: Install a KMS Client Key + href: volume-activation/install-kms-client-key-vamt.md + - name: Manage Activations + items: + - name: Overview + href: volume-activation/manage-activations-vamt.md + - name: Run Online Activation + href: volume-activation/online-activation-vamt.md + - name: Run Proxy Activation + href: volume-activation/proxy-activation-vamt.md + - name: Run KMS Activation + href: volume-activation/kms-activation-vamt.md + - name: Run Local Reactivation + href: volume-activation/local-reactivation-vamt.md + - name: Activate an Active Directory Forest Online + href: volume-activation/activate-forest-vamt.md + - name: Activate by Proxy an Active Directory Forest + href: volume-activation/activate-forest-by-proxy-vamt.md + - name: Manage VAMT Data + items: + - name: Overview + href: volume-activation/manage-vamt-data.md + - name: Import and Export VAMT Data + href: volume-activation/import-export-vamt-data.md + - name: Use VAMT in Windows PowerShell + href: volume-activation/use-vamt-in-windows-powershell.md + - name: VAMT Step-by-Step Scenarios + items: + - name: Overview + href: volume-activation/vamt-step-by-step.md + - name: "Scenario 1: Online Activation" + href: volume-activation/scenario-online-activation-vamt.md + - name: "Scenario 2: Proxy Activation" + href: volume-activation/scenario-proxy-activation-vamt.md + - name: "Scenario 3: KMS Client Activation" + href: volume-activation/scenario-kms-activation-vamt.md + - name: VAMT Known Issues + href: volume-activation/vamt-known-issues.md + - name: Information sent to Microsoft during activation + href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md - name: Monitor items: - name: Windows Update for Business reports @@ -280,9 +373,9 @@ - name: How does Windows Update work? href: update/how-windows-update-works.md - name: Windows client upgrade paths - href: upgrade/windows-10-upgrade-paths.md + href: upgrade/windows-upgrade-paths.md - name: Windows client edition upgrade - href: upgrade/windows-10-edition-upgrades.md + href: upgrade/windows-edition-upgrades.md - name: Deploy Windows 10 with Microsoft 365 href: deploy-m365.md - name: Understand the Unified Update Platform @@ -327,82 +420,6 @@ href: planning/security-and-data-protection-considerations-for-windows-to-go.md - name: "Windows To Go: frequently asked questions" href: planning/windows-to-go-frequently-asked-questions.yml - - - name: Volume Activation Management Tool (VAMT) technical reference - items: - - name: VAMT technical reference - href: volume-activation/volume-activation-management-tool.md - - name: Introduction to VAMT - href: volume-activation/introduction-vamt.md - - name: Active Directory-Based Activation Overview - href: volume-activation/active-directory-based-activation-overview.md - - name: Install and Configure VAMT - items: - - name: Overview - href: volume-activation/install-configure-vamt.md - - name: VAMT Requirements - href: volume-activation/vamt-requirements.md - - name: Install VAMT - href: volume-activation/install-vamt.md - - name: Configure Client Computers - href: volume-activation/configure-client-computers-vamt.md - - name: Add and Manage Products - items: - - name: Overview - href: volume-activation/add-manage-products-vamt.md - - name: Add and Remove Computers - href: volume-activation/add-remove-computers-vamt.md - - name: Update Product Status - href: volume-activation/update-product-status-vamt.md - - name: Remove Products - href: volume-activation/remove-products-vamt.md - - name: Manage Product Keys - items: - - name: Overview - href: volume-activation/manage-product-keys-vamt.md - - name: Add and Remove a Product Key - href: volume-activation/add-remove-product-key-vamt.md - - name: Install a Product Key - href: volume-activation/install-product-key-vamt.md - - name: Install a KMS Client Key - href: volume-activation/install-kms-client-key-vamt.md - - name: Manage Activations - items: - - name: Overview - href: volume-activation/manage-activations-vamt.md - - name: Run Online Activation - href: volume-activation/online-activation-vamt.md - - name: Run Proxy Activation - href: volume-activation/proxy-activation-vamt.md - - name: Run KMS Activation - href: volume-activation/kms-activation-vamt.md - - name: Run Local Reactivation - href: volume-activation/local-reactivation-vamt.md - - name: Activate an Active Directory Forest Online - href: volume-activation/activate-forest-vamt.md - - name: Activate by Proxy an Active Directory Forest - href: volume-activation/activate-forest-by-proxy-vamt.md - - name: Manage VAMT Data - items: - - name: Overview - href: volume-activation/manage-vamt-data.md - - name: Import and Export VAMT Data - href: volume-activation/import-export-vamt-data.md - - name: Use VAMT in Windows PowerShell - href: volume-activation/use-vamt-in-windows-powershell.md - - name: VAMT Step-by-Step Scenarios - items: - - name: Overview - href: volume-activation/vamt-step-by-step.md - - name: "Scenario 1: Online Activation" - href: volume-activation/scenario-online-activation-vamt.md - - name: "Scenario 2: Proxy Activation" - href: volume-activation/scenario-proxy-activation-vamt.md - - name: "Scenario 3: KMS Client Activation" - href: volume-activation/scenario-kms-activation-vamt.md - - name: VAMT Known Issues - href: volume-activation/vamt-known-issues.md - - name: User State Migration Tool (USMT) technical reference items: - name: USMT overview articles @@ -570,25 +587,6 @@ href: planning/testing-your-application-mitigation-packages.md - name: Use the Sdbinst.exe Command-Line Tool href: planning/using-the-sdbinstexe-command-line-tool.md - - name: Volume Activation - items: - - name: Overview - href: volume-activation/volume-activation-windows-10.md - - name: Plan for volume activation - href: volume-activation/plan-for-volume-activation-client.md - - name: Activate using Key Management Service - href: volume-activation/activate-using-key-management-service-vamt.md - - name: Activate using Active Directory-based activation - href: volume-activation/activate-using-active-directory-based-activation-client.md - - name: Activate clients running Windows 10 - href: volume-activation/activate-windows-10-clients-vamt.md - - name: Monitor activation - href: volume-activation/monitor-activation-client.md - - name: Use the Volume Activation Management Tool - href: volume-activation/use-the-volume-activation-management-tool-client.md - - name: "Appendix: Information sent to Microsoft during activation " - href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md - - name: Install fonts in Windows client href: windows-10-missing-fonts.md - name: Customize Windows PE boot images diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9407853770..c487f33918 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1933,7 +1933,7 @@ To turn off these recommendations, you can use any of the following methods: - In Group Policy, set the "Remove Recommended from Start Menu" policy to Enabled under **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**. - In an MDM solution, such as Microsoft Intune, you can use the [HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) setting in the Start Policy configuration service provider (CSP). - In the registry, you can set **HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackDocs** to 0. -- In the UI, you can turn off **Show recommendations for tips, shortcuts, new apps, and more** under **Settings** > **Personalization** > **Start**. +- In the UI, you can turn off **Show recently opened items in Start, Jump Lists, and File Explorer** under **Settings** > **Personalization** > **Start**. ### Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline