From 6c9fbe20a42bd0e0d413bdf29e52ed8166c0f82c Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Mon, 9 Jan 2023 15:05:59 -0600 Subject: [PATCH 1/7] Update customize-start-menu-layout-windows-11.md --- .../configuration/customize-start-menu-layout-windows-11.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md index 30b508c5cf..2eeaf05946 100644 --- a/windows/configuration/customize-start-menu-layout-windows-11.md +++ b/windows/configuration/customize-start-menu-layout-windows-11.md @@ -31,7 +31,10 @@ This article shows you how to export an existing Start menu layout, and use the ## Before you begin -- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from changing the layout. +- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. However, the reapplication of the MDM policy on logon/explorer restart will restore the specified layout and not retain any user changes. +- +To prevent users from making any changes to the Start Menu layout see topic [NoChangeStartMenu](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu/) + - It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises. From 864a75ec841d0d03ead1cb71385ff147e515a0e4 Mon Sep 17 00:00:00 2001 From: aendrawos <91459443+aendrawos@users.noreply.github.com> Date: Tue, 10 Jan 2023 17:30:06 +0200 Subject: [PATCH 2/7] Update understanding-admx-backed-policies.md The tool is supposed to encode and decode (it was written "encoding and encoding") --- windows/client-management/understanding-admx-backed-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md index 4a730f6508..66e765ef29 100644 --- a/windows/client-management/understanding-admx-backed-policies.md +++ b/windows/client-management/understanding-admx-backed-policies.md @@ -237,7 +237,7 @@ Below is the internal OS mapping of a Group Policy to an MDM area and name. This `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]//` -The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) +The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and decoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) **Snippet of manifest for AppVirtualization area:** From a020c87a5bbfc64b091302f5716621274352415f Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Tue, 10 Jan 2023 12:09:57 -0600 Subject: [PATCH 3/7] Changed URL to Relative path for "Update customize-start-menu-layout-windows-11.md" Corrected an error where I used a URL instead of a relative path Changed https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu/ To windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu --- windows/configuration/customize-start-menu-layout-windows-11.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md index 2eeaf05946..e198570974 100644 --- a/windows/configuration/customize-start-menu-layout-windows-11.md +++ b/windows/configuration/customize-start-menu-layout-windows-11.md @@ -33,7 +33,7 @@ This article shows you how to export an existing Start menu layout, and use the - When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. However, the reapplication of the MDM policy on logon/explorer restart will restore the specified layout and not retain any user changes. - -To prevent users from making any changes to the Start Menu layout see topic [NoChangeStartMenu](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu/) +To prevent users from making any changes to the Start Menu layout see topic [NoChangeStartMenu](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu) - It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises. From b0cb4aa0e96309f58d605bee8edda5e378c9edfa Mon Sep 17 00:00:00 2001 From: David Strome Date: Tue, 10 Jan 2023 13:38:11 -0800 Subject: [PATCH 4/7] Moving 'author' above 'ms.author' to test auto assignment issue --- windows/configuration/customize-start-menu-layout-windows-11.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md index e198570974..5949a458c5 100644 --- a/windows/configuration/customize-start-menu-layout-windows-11.md +++ b/windows/configuration/customize-start-menu-layout-windows-11.md @@ -2,10 +2,10 @@ title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices. manager: aaroncz +author: lizgt2000 ms.author: lizlong ms.reviewer: ericpapa ms.prod: windows-client -author: lizgt2000 ms.localizationpriority: medium ms.collection: highpri ms.technology: itpro-configure From 6552d54743495ef1d992e81bcc162c4d208a17ff Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 10 Jan 2023 16:42:21 -0800 Subject: [PATCH 5/7] editorial revision --- .../customize-start-menu-layout-windows-11.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md index 5949a458c5..f043da3ecb 100644 --- a/windows/configuration/customize-start-menu-layout-windows-11.md +++ b/windows/configuration/customize-start-menu-layout-windows-11.md @@ -1,5 +1,5 @@ --- -title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs +title: Add or remove pinned apps on the Start menu in Windows 11 description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices. manager: aaroncz author: lizgt2000 @@ -9,7 +9,7 @@ ms.prod: windows-client ms.localizationpriority: medium ms.collection: highpri ms.technology: itpro-configure -ms.date: 12/31/2017 +ms.date: 01/10/2023 ms.topic: article --- @@ -31,12 +31,11 @@ This article shows you how to export an existing Start menu layout, and use the ## Before you begin -- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. However, the reapplication of the MDM policy on logon/explorer restart will restore the specified layout and not retain any user changes. -- -To prevent users from making any changes to the Start Menu layout see topic [NoChangeStartMenu](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu) +- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. When a user signs in or Explorer restarts, Windows reapplies the MDM policy. This action restores the specified layout and doesn't retain any user changes. + To prevent users from making any changes to the Start menu layout, see the [NoChangeStartMenu](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-nochangestartmenu) policy. -- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises. +- It's recommended to use a mobile device management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises. In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started: From 120ecfb6a61d0dadf35af3040ef536c63d786b70 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 10 Jan 2023 17:25:41 -0800 Subject: [PATCH 6/7] make url https --- .../client-management/understanding-admx-backed-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md index 66e765ef29..344d0eb5a7 100644 --- a/windows/client-management/understanding-admx-backed-policies.md +++ b/windows/client-management/understanding-admx-backed-policies.md @@ -1,6 +1,6 @@ --- title: Understanding ADMX policies -description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices. +description: You can use ADMX policies for Windows mobile device management (MDM) across Windows devices. ms.author: vinpa ms.topic: article ms.prod: windows-client @@ -237,7 +237,7 @@ Below is the internal OS mapping of a Group Policy to an MDM area and name. This `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]//` -The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and decoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) +The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and decoding the policy data [Coder's Toolbox](https://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii). **Snippet of manifest for AppVirtualization area:** From ef09b9352d301ae27f38f97ec795c60007197d3d Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 11 Jan 2023 08:34:00 -0800 Subject: [PATCH 7/7] fixed formatting issue --- .../windows-autopatch/references/windows-autopatch-privacy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index 2b8f0abea0..06470b36ca 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -79,7 +79,7 @@ Windows Autopatch creates and uses guest accounts using just-in-time access func | Account name | Usage | Mitigating controls | | ----- | ----- | -----| | MsAdmin@tenantDomain.onmicrosoft.com |
  • This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.
  • This account doesn't have interactive sign-in permissions. The account performs operations only through the service.
| Audited sign-ins | -| MsAdminInt@tenantDomain.onmicrosoft.com |
  • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
  • This account is used for interactive login to the customer’s tenant.
  • The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.
|
  • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
  • Audited sign-ins | +| MsAdminInt@tenantDomain.onmicrosoft.com |
    • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
    • This account is used for interactive login to the customer’s tenant.
    • The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.
    |
    • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
    • Audited sign-ins
    | | MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins | ## Microsoft Windows Update for Business