deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-02 18:53:41 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs1' into sh-7964624

Browse Source
This commit is contained in:
Trudy Hakala
2016-07-12 10:02:12 -07:00
parent 4746da8553 3bba2d85e5
commit 6ea0142dcc
28 changed files with 69 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
browsers/edge/TOC.md
View File

@ -1,5 +1,5 @@
#[Microsoft Edge - Deployment Guide for IT Pros](index.md)
##[Change History for Microsoft Edge](change-history-for-microsoft-edge.md)
##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
##[Available policies for Microsoft Edge](available-policies.md)
##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)

12
education/windows/TOC.md
View File

@ -1,16 +1,16 @@
# [Windows 10 for education](index.md)
## [Change history for Windows 10 for Education](change-history-edu.md)
## [Setup options for Windows 10](set-up-windows-10.md)
### [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md)
### [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md)
### [Use the Set up School PCs app ](use-set-up-school-pcs-app.md)
### [Technical reference for the Set up School PCs app )](set-up-school-pcs-technical.md)
### [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
### [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
## [Get Minecraft Education Edition](get-minecraft-for-education.md)
### [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md)
### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md)
## [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
### [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
### [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
### [Take a Test app technical reference (Preview)](take-a-test-app-technical.md)
## [Take tests in Windows 10 ](take-tests-in-windows-10.md)
### [Set up Take a Test on a single PC ](take-a-test-single-pc.md)
### [Set up Take a Test on multiple PCs ](take-a-test-multiple-pcs.md)
### [Take a Test app technical reference ](take-a-test-app-technical.md)
## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
## [Chromebook migration guide](chromebook-migration-guide.md)

BIN
education/windows/images/setup-options.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 67 KiB

After

Width:  |  Height:  |  Size: 81 KiB

2
education/windows/index.md
View File

@ -17,7 +17,7 @@ author: jdeckerMS
|Topic |Description |
|------|------------|
| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | Learn how the Set up School PCs app works and how to use it. |
| [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) | Learn how the Set up School PCs app works and how to use it. |
| [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md) | See the changes that the Set up School PCs app makes to a PC. |
| [Get Minecraft Education Edition](get-minecraft-for-education.md) | Learn how to get early access to **Minecraft Education Edition**. |
| [Take tests in Windows 10](take-tests-in-windows-10.md) | Learn how to configure and use the **Take a Test** app in Windows 10 |

2
education/windows/set-up-school-pcs-technical.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
author: jdeckerMS
---
# Technical reference for the Set up School PCs app (Preview)
# Technical reference for the Set up School PCs app
**Applies to:**
- Windows 10

11
education/windows/set-up-windows-10.md
View File

@ -1,5 +1,5 @@
---
title: Setup options for Windows 10
title: Provisioning options for Windows 10
description: Decide which option for setting up Windows 10 is right for you.
keywords: shared cart, shared PC, school
ms.prod: w10
@ -9,17 +9,12 @@ ms.pagetype: edu
author: jdeckerMS
---
# Setup options for Windows 10
# Provisioning options for Windows 10
**Applies to:**
- Windows 10
MSA is only intended for consumer services. Schools may want to consider using MDM or group policy to block students from adding MSA as a secondary account
Reminder to schools that they should consider ratings when picking apps from the store. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, etc.
You have two tools to choose from to set up PCs for your classroom: **Set up School PCs** app and the **Provision school devices** option in Windows Imaging and Configuration Designer (ICD). Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account). The following diagram compares the tools.
![Which tool to use to set up Windows 10](images/setup-options.png)

2
education/windows/take-a-test-app-technical.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
author: jdeckerMS
---
# Take a Test app technical reference (Preview)
# Take a Test app technical reference
**Applies to:**
- Windows 10

2
education/windows/take-a-test-multiple-pcs.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
author: jdeckerMS
---
# Set up Take a Test on multiple PCs (Preview)
# Set up Take a Test on multiple PCs
**Applies to:**
- Windows 10

2
education/windows/take-a-test-single-pc.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
author: jdeckerMS
---
# Set up Take a Test on a single PC (Preview)
# Set up Take a Test on a single PC
**Applies to:**
- Windows 10

2
education/windows/take-tests-in-windows-10.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
author: jdeckerMS
---
# Take tests in Windows 10 (Preview)
# Take tests in Windows 10
**Applies to:**
- Windows 10

2
education/windows/use-set-up-school-pcs-app.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
author: jdeckerMS
---
# Use the Set up School PCs app (Preview)
# Use the Set up School PCs app
**Applies to:**
- Windows 10

1
windows/deploy/TOC.md
View File

@ -1,5 +1,4 @@
# [Deploy Windows 10](index.md)
## [Deploy Windows 10 in a test lab](windows-10-poc.md)
## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)

1
windows/deploy/change-history-for-deploy-windows-10.md
View File

@ -15,6 +15,7 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
- [Provisioning packages for Windows 10](provisioning-packages.md)
- [Provision PCs with apps and certificates for initial deployment](provision-pcs-with-apps-and-certificates.md)
- [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)

1
windows/deploy/index.md
View File

@ -15,7 +15,6 @@ Learn about deploying Windows 10 for IT professionals.
|Topic |Description |
|------|------------|
|[Deploy Windows 10 in a test lab](windows-10-poc.md) |This guide provides instructions for setting up a proof of concept (PoC) lab using Hyper-V and a minimum amount of resources. |
|[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |

2
windows/deploy/provision-pcs-for-initial-deployment.md
View File

@ -29,7 +29,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
- Simple to apply.
[Learn more about the benefits and uses of provisioning packages.](../whats-new/new-provisioning-packages.md)
[Learn more about the benefits and uses of provisioning packages.](provisioning-packages.md)
## What does simple provisioning do?

2
windows/deploy/provision-pcs-with-apps-and-certificates.md
View File

@ -29,7 +29,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
- Simple to apply.
[Learn more about the benefits and uses of provisioning packages.](../whats-new/new-provisioning-packages.md)
[Learn more about the benefits and uses of provisioning packages.](provisioning-packages.md)
## Create the provisioning package

13
windows/deploy/provisioning-packages.md
View File

@ -33,11 +33,11 @@ Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT
* **Simple provisioning** Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.
> [Learn how to use simple provisioning to configure Windows 10 computers.](../deploy/provision-pcs-for-initial-deployment.md)
> [Learn how to use simple provisioning to configure Windows 10 computers.](provision-pcs-for-initial-deployment.md)
* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.
> [Learn how to use advanced provisioning to configure Windows 10 computers with apps and certificates.](../deploy/provision-pcs-with-apps-and-certificates.md)
> [Learn how to use advanced provisioning to configure Windows 10 computers with apps and certificates.](provision-pcs-with-apps-and-certificates.md)
* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include:
@ -93,11 +93,11 @@ For details about the settings you can customize in provisioning packages, see [
## Creating a provisioning package
With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must install the Windows Assessment and Deployment Kit (ADK) for Windows 10 [from the Windows Insider Program site](http://go.microsoft.com/fwlink/p/?linkid=533700).
With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740).
While running ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box:
- Windows Imaging and Configuration Designer (ICD)
- Configuration Designer
> **Note:** In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features.
@ -115,10 +115,11 @@ Provisioning packages can be applied both during image deployment and during run
## Related topics
- [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
- [LProvision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md)
[Configure devices without MDM](../manage/configure-devices-without-mdm.md)
- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
 

193
windows/deploy/windows-10-poc.md
View File

@ -1,193 +0,0 @@
---
title: Deploy Windows 10 in a test lab (Windows 10)
description: Concepts and procedures for deploying Windows 10 in a proof of concept lab environment.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
---
# Step by step guide: Demonstrate Windows 10 deployment in a test lab
**Applies to**
- Windows 10
## In this guide
This guide provides instructions for configuring a test lab to be used as a proof of concept (PoC) environment where you can deploy Windows 10. The PoC enviroment is configured using Hyper-V and a minimum amount of resources. Additional guides leverage the PoC environment and provide detailed steps for deploying Windows 10 under common scenarios with current deployment tools. The following topics are available in this guide:
<table border="0" cellpadding="2">
<tr>
<td BGCOLOR="#a0e4fa">Topic</td>
<td BGCOLOR="#a0e4fa">Description</td>
<tr>
<td>[Hardware and software requirements](#hardware-and-software-requirements)</td>
<td>Prerequisites to configure the PoC environment.</td>
</tr>
<tr>
<td>[Lab setup](#lab-setup)</td>
<td>A summary of the PoC environment.</td>
</tr>
<tr>
<td>[Configure the PoC environment](#configure-the-poc-environment)</td>
<td>Step by step instructions to configure the PoC environment.</td>
</tr>
</tr>
<tr>
<td>[Step by step: Deploy Windows 10](#windows-10-poc-guides)</td>
<td>Child topics that provide step by step instructions to deploy Windows 10 using the PoC environment.</td>
</tr>
</table>
## Hardware and software requirements
Two computers are required to complete this guide:
<table border="1" cellpadding="2">
<tr>
<td></td>
<td BGCOLOR="#a0e4fa">**Computer 1**</td>
<td BGCOLOR="#a0e4fa">**Computer 2**</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">Role</td>
<td>Hyper-V host</td>
<td>Client</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">Description</td>
<td>This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.</td>
<td>This computer is a test system on your corporate network that will be converted to a VHD.</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">OS</td>
<td>Windows 8/8.1/10 or Windows Server 2012/2012 R2/2016</td>
<td>Windows 7 or a later</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">Edition</td>
<td>Enterprise, Professional, or Education</td>
<td>Any</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">Architecture</td>
<td>64-bit</td>
<td>Any*</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">RAM</td>
<td>8 GB RAM (16 GB recommended)</td>
<td>Any</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">Disk</td>
<td>50 GB available hard disk space (100 GB recommended)</td>
<td>Any</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">CPU</td>
<td>SLAT-Capable CPU</td>
<td>Any</td>
</tr>
<tr>
<td BGCOLOR="#a0e4fa">Network</td>
<td>Internet connection</td>
<td>Any</td>
</tr>
</table>
>*Retaining applications and settings during the upgrade process requires that architecture (32 or 64-bit) is the same before and after the upgrade.
## Lab setup
The Hyper-V host computer is configured to host four VMs on a private, proof of concept network. Links are provided to download trial versions of Windows Server 2012 and all deployment tools necessary to complete the lab.
- Two VMs are running Windows Server 2012 R2 with required network services and tools installed.
- Two VMs are client systems: One VM is intended to mirror a host on your corporate network and one VM is running Windows 10 to demonstrate the hardware replacement scenario.
See the following diagram:
![PoC](images/poc.png)
**Note**:
>If you have an existing Hyper-V host, you can use this host if desired and skip the Hyper-V installation section in this guide. If your Hyper-V host is running Windows Server 2008 R2, you must enable PowerShell functionality to complete the steps in this guide.
>The two Windows Server VMs can be combined into a single VM to conserve RAM and disk space if required. However, instructions in this guide assume two server systems are used. Using two servers enables Active Directory Domain Services and DHCP to be installed on a server that is not directly connected to the corporate network. This mitigates the risk of clients on the corporate network receiving DHCP leases from the PoC network (i.e. "rogue" DHCP), and limits NETBIOS service broadcasts to the corporate network.
## Configure the PoC environment
### In this section
[Install Hyper-V](#install-hyper-v)<BR>
[Download VHDs](#download-vhds)<BR>
[Configure Hyper-V](#configure-hyper-v)<BR>
[Configure VHDs](#configure-vhds)<BR>
[Verify the configuration](#verify-the-configuration)
### Install Hyper-V
Use one of the following procedures to install Hyper-V on the Hyper-V host computer:
- [Install Hyper-V on a computer running Windows 8/8.1/10](#to-install-hyper-v-on-a-computer-running-windows-8-8-1-10)<BR>
- [Install Hyper-V on a computer running Windows Server 2012/2012 R2/2016](#to-install-hyper-v-on-a-computer-running-windows-server-2012-2012-r2-2016)
####To install Hyper-V on a computer running Windows 8/8.1/10
1. Verify that the computer supports Hyper-V.
Starting with Windows 8, the host computers microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. To verify your computer supports SLAT, open an administrator command prompt, type systeminfo, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements.
See the following example:
```
C:\>systeminfo
...
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes
```
In this example, the computer supports SLAT and Hyper-V.
If one or more requirements are evaluated as "No" then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the "Virtualization Enabled In Firmware" setting from "No" to "Yes." The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
Note: A 64-bit operating system is requried to run Hyper-V.
2. Enable Hyper-V.
The Hyper-V feature is not installed by default. To get it, open an elevated Windows PowerShell window and type the following command:
```
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V All
```
When you are prompted to restart the computer, choose Yes. The computer might restart more than once.
You can also install Hyper-V using the Control Panel in Windows, under Turn Windows features on or off, as shown below:
![hyper-v feature](images/hyper-v-feature.png)
####To install Hyper-V on a computer running Windows Server 2012/2012 R2/2016
### Download VHDs
### Configure Hyper-V
### Configure VHDs
## Windows 10 PoC guides
- [Step by step: Deploy Windows 10 PoC with System Center Configuration Manager](windows-10-poc-sccm.md)
- [Step by step: Deploy Windows 10 PoC with the Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
## Related Topics
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
 

8
windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
View File

@ -2,7 +2,7 @@
title: Manage identity verification using Windows Hello for Business (Windows 10)
description: In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN.
ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
keywords: identity, PIN, biometric, Hello
keywords: identity, PIN, biometric, Hello, passport
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@ -44,7 +44,7 @@ As an administrator in an enterprise or educational organization, you can create
- Windows Hello for Business, which is configured by Group Policy or MDM policy, uses key-based or certificate-based authentication.
## Benefits of Microsoft Passport
## Benefits of Windows Hello
Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.
@ -52,7 +52,7 @@ You may wonder [how a PIN can help protect a device better than a password](why-
In Windows 10, Hello replaces passwords. The Hello provisioning process creates two cryptographic keys bound to the Trusted Platform Module (TPM), if a device has a TPM, or in software. Access to these keys and obtaining a signature to validate user possession of the private key is enabled only by the PIN or biometric gesture. The two-step verification that takes place during Hello enrollment creates a trusted relationship between the identity provider and the user when the public portion of the public/private key pair is sent to an identity provider and associated with a user account. When a user enters the gesture on the device, the identify provider knows from the combination of Hello keys and gesture that this is a verified identity and provides an authentication token that allows Windows 10 to access resources and services. In addition, during the registration process, the attestation claim is produced for every identity provider to cryptographically prove that the Hello keys are tied to TPM. During registration, when the attestation claim is not presented to the identity provider, the identity provider must assume that the Hello key is created in software.
![how authentication works in microsoft passport](images/authflow.png)
![how authentication works in windows hello](images/authflow.png)
Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.
Hello helps protect user identities and user credentials. Because no passwords are used, it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are generated within isolated environments of TPMs.
@ -70,7 +70,7 @@ Hello also enables Windows 10 Mobile devices to be used as [a remote credential
- Authentication is the two-factor authentication with the combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (Windows Hello). The Hello gesture does not roam between devices and is not shared with the server; it is stored locally on a device.
- Private key never leaves a device. The authenticating server has a public key that is mapped to the user account during the registration process.
- PIN entry and biometric gesture both trigger Windows 10 to verify the user's identity and authenticate using Hello keys or certificates.
- *Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy.*
- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy.
- Certificates are added to the Hello container and are protected by the Hello gesture.
- Windows Update behavior: After a reboot is required by Windows Update, the last interactive user is automatically signed on without any user gesture and the session is locked so the user's lock screen apps can run.

1
windows/manage/change-history-for-manage-and-update-windows-10.md
View File

@ -20,6 +20,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
- [Diagnostics for devices managed by MDM](diagnostics-for-mdm-devices.md)
- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
- [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
- [Guidelines for choosing an app for assigned access (kisok mode)](guidelines-for-assigned-access-app.md)
## June 2016

2
windows/manage/group-policies-for-enterprise-and-education-editions.md
View File

@ -21,7 +21,7 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows
| **Turn off all Windows Spotlight features** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Turn off Microsoft consumer features** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Do not require CTRL+ALT+DEL** </br>combined with</br>**Turn off app notifications on the lock screen** | Computer Configuration > Administrative Templates > System > Logon </br>and</br>Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon | When both of these policy settings are enabled, the combination will also disable lock screen apps ([assigned access](set-up-a-device-for-anyone-to-use.md)) on Windows 10 Enterprise and Windows 10 Education only. These policy settings can be applied to Windows 10 Pro, but lock screen apps will not be disabled on Windows 10 Pro. |
| **Do not require CTRL+ALT+DEL** </br>combined with</br>**Turn off app notifications on the lock screen** | Computer Configuration > Administrative Templates > System > Logon </br>and</br>Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon | When both of these policy settings are enabled, the combination will also disable lock screen apps ([assigned access](set-up-a-device-for-anyone-to-use.md)) on Windows 10 Enterprise and Windows 10 Education only. These policy settings can be applied to Windows 10 Pro, but lock screen apps will not be disabled on Windows 10 Pro. </br></br>**Important:** The description for **Interactive logon: Do not require CTRL+ALT+DEL** in the Group Policy Editor incorrectly states that it only applies to Windows 10 Enterprise and Education. The description will be corrected in a future release.|
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md) |

2
windows/manage/how-it-pros-can-use-configuration-service-providers.md
View File

@ -23,7 +23,7 @@ The CSPs are documented on the [Hardware Dev Center](http://go.microsoft.com/fwl
**Note**  
The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
 
 [See what's new for CSPs in Windows 10, version 1607.](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whatsnew_1607)
## What is a CSP?

2
windows/manage/lockdown-features-windows-10.md
View File

@ -39,7 +39,7 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
</tr>
<tr class="even">
<td align="left"><p>[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media</p></td>
<td align="left">[Unified Writer Filter](http://go.microsoft.com/fwlink/p/?LinkId=626607)</td>
<td align="left">[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626607)</td>
<td align="left"><p>The Unified Write Filter is continued in Windows 10, with the exception of HORM which has been deprecated.</p></td>
</tr>
<tr class="odd">

4
windows/manage/manage-corporate-devices.md
View File

@ -48,7 +48,7 @@ Desktop devices running Windows 10 that are joined to an Active Directory domai
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>[Microsoft System Center Configuration Manager Technical Preview](http://go.microsoft.com/fwlink/p/?LinkId=613622)</p></td>
<td align="left"><p>[Microsoft System Center Configuration Manager 2016](http://go.microsoft.com/fwlink/p/?LinkId=613622)</p></td>
<td align="left"><p>Client deployment, upgrade, and management with new and existing features</p></td>
</tr>
<tr class="even">
@ -97,7 +97,7 @@ For more information about the MDM protocols, see [Mobile device management](htt
[How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627898.aspx)
[Windows 10, Azure AD and Microsoft Intune: Automatic MDM Enrollment](http://go.microsoft.com/fwlink/p/?LinkId=623321)
[Azure AD, Microsoft Intune and Windows 10 - Using the cloud to modernize enterprise mobility](https://blogs.technet.microsoft.com/enterprisemobility/2015/06/12/azure-ad-microsoft-intune-and-windows-10-using-the-cloud-to-modernize-enterprise-mobility/)
[Microsoft Intune End User Enrollment Guide](http://go.microsoft.com/fwlink/p/?LinkID=617169)

8
windows/plan/windows-10-servicing-options.md
View File

@ -34,13 +34,13 @@ This new model uses simpler deployment methods, reducing the overall amount of e
The concept of branching goes back many years, and represents how Windows has traditionally been written and serviced. Each release of Windows was from a particular branch of the Windows code, and updates would be made to that release for the lifecycle of that release. This concept still applies now with Windows 10, but is much more visible because it is incorporated directly into the servicing model.
During the development of Windows 10, Microsoft implemented the following new servicing options:
With Windows 10, Microsoft has implemented the following new servicing options:
![branches](images/branch.png)
**Windows Insider Program**: To see new features before they are released, to provide feedback on those new features, and to initially validate compatibility with existing applications and hardware, a small number of PCs can leverage the Windows Insider Program branch. These are typically dedicated lab machines used for IT testing, secondary PCs used by IT administrators, and other non-critical devices.
**Current Branch (CB)**: For early adopters, IT teams, and other broader piloting groups, the Current Branch (CB) can be used to further validate application compatibility and newly-released features.
**Current Branch for Business (CBB)**. For the majority of people in an organization, the Current Branch for Business (CBB) allows for a staged deployment of new features over a longer period of time.
**Windows Insider Program**: To see new features before they are released, to provide feedback on those new features, and to initially validate compatibility with existing applications and hardware, a small number of PCs can leverage the Windows Insider Program branch. These are typically dedicated lab machines used for IT testing, secondary PCs used by IT administrators, and other non-critical devices.<BR>
**Current Branch (CB)**: For early adopters, IT teams, and other broader piloting groups, the Current Branch (CB) can be used to further validate application compatibility and newly-released features.<BR>
**Current Branch for Business (CBB)**. For the majority of people in an organization, the Current Branch for Business (CBB) allows for a staged deployment of new features over a longer period of time.<BR>
**Long-Term Servicing Branch (LTSB)**: For critical or specialized devices (for example, operation of factory floor machinery, point-of-sale systems, automated teller machines), the Long-Term Servicing Branch (LTSB) provides a version of Windows 10 Enterprise that receives no new features, while continuing to be supported with security and other updates for a long time. (Note that the Long-Term Servicing Branch is a separate Windows 10 Enterprise image, with many in-box apps, including Microsoft Edge, Cortana, and Windows Store, removed.)<BR>
These servicing options provide pragmatic solutions to keep more devices more current in enterprise environments than was previously possible. Most organizations will leverage all of these choices, with the mix determined by how individual PCs are used. Some examples are shown in the table below:

14
windows/whats-new/index.md
View File

@ -10,28 +10,24 @@ author: TrudyHa
# What's new in Windows 10
Learn about new features in Windows 10 for IT professionals, such as Enterprise Data Protection, Windows Hello, Device Guard, and more.
Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Enterprise Data Protection, Windows Hello, Device Guard, and more.
## In this section
- [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
- [What's new in Windows 10, version 1511](whats-new-windows-10-version-1511.md)
- [Documentation for Windows 10 Insider Preview](windows-10-insider-preview.md)
 
## Learn more
[Windows 10 content from Microsoft Ignite](http://go.microsoft.com/fwlink/p/?LinkId=613210)
[Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkId=690485)
## Related topics
- [Windows 10 update history](https://support.microsoft.com/en-us/help/12387/windows-10-update-history)
- [Windows 10 content from Microsoft Ignite](http://go.microsoft.com/fwlink/p/?LinkId=613210)
- [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkId=690485)
[Windows 10 and Windows 10 Mobile](../index.md)
 

7
windows/whats-new/whats-new-windows-10-version-1511.md
View File

@ -12,6 +12,13 @@ author: TrudyHa
Below is a list of some of the new and updated features in Windows 10, version 1511.
## Deployment
### Provisioning devices using Windows Imaging and Configuration Designer (ICD)
With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows Provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management (through a wizard-driven user interface) and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.
## Security
### Easier certificate management

18
windows/whats-new/whats-new-windows-10-version-1607.md
View File

@ -25,20 +25,34 @@ Windows ICD now includes simplified workflows for creating provisioning packages
- [Advanced provisioning to deploy certificates and apps](~/deploy/provision-pcs-with-apps-and-certificates.md)
- [School provisioning to set up classroom devices for Active Directory](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain)
[Learn more about using provisioning packages in Windows 10.](../deploy/provisioning-packages.md)
## Security
### Windows Hello for Business
When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the [Windows Hello](~/keep-secure/manage-identity-verification-using-microsoft-passport.md) name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
Additional changes for Windows Hello in Windows 10, version 1607:
- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
- Group Policy for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**.
- Users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser.
[Learn more about Windows Hello for Business.](../keep-secure/manage-identity-verification-using-microsoft-passport.md)
 
## Management
### Taskbar configuration
Enterprise administrators can add and remove pinned apps from the taskbar. Users can pin apps, unpin apps, and change the order of pinned apps on the taskbar after the enterprise configuration is applied.
Enterprise administrators can add and remove pinned apps from the taskbar. Users can pin apps, unpin apps, and change the order of pinned apps on the taskbar after the enterprise configuration is applied. [Learn how to configure the taskbar.](../manage/windows-10-start-layout-options-and-policies.md)
### Mobile device management and configuration service providers (CSPs)
Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilities for managing devices. To learn more about the specific changes in MDM policies for Windows 10, version 1607, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607).
### Shared PC mode
Windows 10, Version 1607, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](../manage/set-up-shared-or-guest-pc.md)