diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2d38cfdbca..f3835820c5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -732,7 +732,7 @@ }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package", "redirect_document_id": true }, { @@ -747,62 +747,62 @@ }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection", +"redirect_url": "https://docs.microsoft.com/windows/security/microsoft-defender-atp/customize-exploit-protection", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection", "redirect_document_id": true }, { @@ -822,12 +822,12 @@ }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/graphics.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/graphics", -"redirect_document_id": true +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection", +"redirect_document_id": false }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml", "redirect_document_id": true }, { @@ -842,28 +842,28 @@ }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/prerelease.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/prerelease", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prerelease", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np", "redirect_document_id": true }, { "source_path": "windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md", @@ -3158,7 +3158,7 @@ }, { "source_path": "windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection", "redirect_document_id": true }, { @@ -12198,8 +12198,8 @@ }, { "source_path": "windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity", -"redirect_document_id": true +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection", +"redirect_document_id": false }, { "source_path": "windows/keep-secure/requirements-for-deploying-applocker-policies.md", @@ -15284,7 +15284,12 @@ { "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection", -"redirect_document_id": true +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection", +"redirect_document_id": false } ] } diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index 110355baf4..61a9b33c78 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -1,7 +1,7 @@ --- title: Surface Hub -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi layout: LandingPage ms.prod: surface-hub diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md index 03b3f8d7ef..852ea6463d 100644 --- a/devices/surface-hub/surface-hub-2s-account.md +++ b/devices/surface-hub/surface-hub-2s-account.md @@ -4,8 +4,8 @@ description: "This page describes the procedure for creating the Surface Hub 2S keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md index de75086db3..2058fcd918 100644 --- a/devices/surface-hub/surface-hub-2s-adoption-kit.md +++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md @@ -4,8 +4,8 @@ description: "Microsoft has developed downloadable materials that you can make a keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-change-history.md b/devices/surface-hub/surface-hub-2s-change-history.md index a24c8c12e4..f629bd6bd6 100644 --- a/devices/surface-hub/surface-hub-2s-change-history.md +++ b/devices/surface-hub/surface-hub-2s-change-history.md @@ -4,8 +4,8 @@ description: "This page shows change history for Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin audience: Admin ms.manager: laurawi ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md index 7cc48d747d..7a08a67098 100644 --- a/devices/surface-hub/surface-hub-2s-connect.md +++ b/devices/surface-hub/surface-hub-2s-connect.md @@ -4,8 +4,8 @@ description: "This page explains how to connect external devices to Surface Hub keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-custom-install.md b/devices/surface-hub/surface-hub-2s-custom-install.md index 020256c627..c86ac8b4b3 100644 --- a/devices/surface-hub/surface-hub-2s-custom-install.md +++ b/devices/surface-hub/surface-hub-2s-custom-install.md @@ -4,8 +4,8 @@ description: "Learn how to perform a custom install of Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md index b52bdc6532..77fe0fa1ca 100644 --- a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md +++ b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md @@ -4,8 +4,8 @@ description: "Learn how you can deploy apps to Surface Hub 2S using Intune." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-deploy-checklist.md b/devices/surface-hub/surface-hub-2s-deploy-checklist.md index 10fe718f75..08421ad2f6 100644 --- a/devices/surface-hub/surface-hub-2s-deploy-checklist.md +++ b/devices/surface-hub/surface-hub-2s-deploy-checklist.md @@ -4,8 +4,8 @@ description: "Verify your deployment of Surface Hub 2S using pre- and post-deplo keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-deploy.md b/devices/surface-hub/surface-hub-2s-deploy.md index cd99172ad3..87908ed944 100644 --- a/devices/surface-hub/surface-hub-2s-deploy.md +++ b/devices/surface-hub/surface-hub-2s-deploy.md @@ -4,8 +4,8 @@ description: "This page describes how to deploy Surface Hub 2S using provisionin keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-install-mount.md b/devices/surface-hub/surface-hub-2s-install-mount.md index 7b4e3e3e00..1ae4dcadb6 100644 --- a/devices/surface-hub/surface-hub-2s-install-mount.md +++ b/devices/surface-hub/surface-hub-2s-install-mount.md @@ -4,8 +4,8 @@ description: "Learn how to install and mount Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index 1749e6cafd..3fdc6c7cf0 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -4,8 +4,8 @@ description: "Learn how to update and manage Surface Hub 2S using Intune." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-manage-passwords.md b/devices/surface-hub/surface-hub-2s-manage-passwords.md index 3de1d293aa..accd5d7e84 100644 --- a/devices/surface-hub/surface-hub-2s-manage-passwords.md +++ b/devices/surface-hub/surface-hub-2s-manage-passwords.md @@ -4,8 +4,8 @@ description: "Learn how to configure Surface Hub 2S on-premises accounts with Po keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-onprem-powershell.md b/devices/surface-hub/surface-hub-2s-onprem-powershell.md index 0d51997eda..fb2c98dcbd 100644 --- a/devices/surface-hub/surface-hub-2s-onprem-powershell.md +++ b/devices/surface-hub/surface-hub-2s-onprem-powershell.md @@ -4,8 +4,8 @@ description: "Learn how to configure Surface Hub 2S on-premises accounts with Po keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-onscreen-display.md b/devices/surface-hub/surface-hub-2s-onscreen-display.md index 0f5679cd37..da4712505e 100644 --- a/devices/surface-hub/surface-hub-2s-onscreen-display.md +++ b/devices/surface-hub/surface-hub-2s-onscreen-display.md @@ -4,8 +4,8 @@ description: "Learn how to use the onscreen display to adjust brightness and oth keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-pack-components.md b/devices/surface-hub/surface-hub-2s-pack-components.md index 692f4ee02d..287f43ec7b 100644 --- a/devices/surface-hub/surface-hub-2s-pack-components.md +++ b/devices/surface-hub/surface-hub-2s-pack-components.md @@ -4,8 +4,8 @@ description: "Instructions for packing Surface Hub 2S components, replacing the keywords: pack, replace components, camera, compute cartridge ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-phone-authenticate.md b/devices/surface-hub/surface-hub-2s-phone-authenticate.md index 53b8395f63..f79bbca0d4 100644 --- a/devices/surface-hub/surface-hub-2s-phone-authenticate.md +++ b/devices/surface-hub/surface-hub-2s-phone-authenticate.md @@ -4,8 +4,8 @@ description: "Learn how to simplify signing in to Surface Hub 2S using password- keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md index 05c3c4b37a..8a667d95ac 100644 --- a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md +++ b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md @@ -4,8 +4,8 @@ description: "This page describes the ports, physical buttons, and configuration keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md index 2b28cab313..a1bd059ab4 100644 --- a/devices/surface-hub/surface-hub-2s-prepare-environment.md +++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md @@ -4,8 +4,8 @@ description: "Learn what you need to do to prepare your environment for Surface keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-quick-start.md b/devices/surface-hub/surface-hub-2s-quick-start.md index d1d20bc7c8..3d7f08641a 100644 --- a/devices/surface-hub/surface-hub-2s-quick-start.md +++ b/devices/surface-hub/surface-hub-2s-quick-start.md @@ -4,8 +4,8 @@ description: "View the quick start steps to begin using Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md index d055e724cd..414456c4f3 100644 --- a/devices/surface-hub/surface-hub-2s-recover-reset.md +++ b/devices/surface-hub/surface-hub-2s-recover-reset.md @@ -4,8 +4,8 @@ description: "Learn how to recover and reset Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md index cf7b561dca..8d0768ba93 100644 --- a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md +++ b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md @@ -4,8 +4,8 @@ description: "Learn more about securing Surface Hub 2S with SEMM." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md index 76e5ac1055..fe61755ae3 100644 --- a/devices/surface-hub/surface-hub-2s-setup.md +++ b/devices/surface-hub/surface-hub-2s-setup.md @@ -4,8 +4,8 @@ description: "Learn how to complete first time Setup for Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-site-planning.md b/devices/surface-hub/surface-hub-2s-site-planning.md index 683d732f9a..9b04ea0174 100644 --- a/devices/surface-hub/surface-hub-2s-site-planning.md +++ b/devices/surface-hub/surface-hub-2s-site-planning.md @@ -4,8 +4,8 @@ description: "Learn more about rooms for Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md index e765207b4c..8db9d3818e 100644 --- a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md +++ b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md @@ -4,8 +4,8 @@ description: "Get familiar with site readiness requirements and recommendations keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md index 12955c3afb..5f898a3fb6 100644 --- a/devices/surface-hub/surface-hub-2s-techspecs.md +++ b/devices/surface-hub/surface-hub-2s-techspecs.md @@ -4,9 +4,9 @@ description: "View tech specs for Surface Hub 2S including pen, camera, and opti keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz +author: greg-lindsay manager: laurawi -ms.author: robmazz +ms.author: greglin audience: Admin ms.topic: article ms.date: 06/20/2019 diff --git a/devices/surface-hub/surface-hub-2s-unpack.md b/devices/surface-hub/surface-hub-2s-unpack.md index 474bec14da..950a5caa6f 100644 --- a/devices/surface-hub/surface-hub-2s-unpack.md +++ b/devices/surface-hub/surface-hub-2s-unpack.md @@ -4,8 +4,8 @@ description: "This page includes information about safely unpacking Surface Hub keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-2s-whats-new.md b/devices/surface-hub/surface-hub-2s-whats-new.md index 2f0dad2a22..13d7eb06ce 100644 --- a/devices/surface-hub/surface-hub-2s-whats-new.md +++ b/devices/surface-hub/surface-hub-2s-whats-new.md @@ -4,8 +4,8 @@ description: "Learn more about new features in Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md index 9c1f451f63..b46f7b2edd 100644 --- a/devices/surface-hub/surface-hub-start-menu.md +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -3,8 +3,8 @@ title: Configure Surface Hub Start menu description: Use MDM to customize the Start menu on Surface Hub. ms.prod: surface-hub ms.sitesec: library -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin ms.topic: article ms.date: 08/15/2018 ms.reviewer: diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 230ccdf2c2..a10cc065ed 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -27,7 +27,7 @@ ### [Deploy Surface devices](deploy.md) ### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) -### [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md) +### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md) ### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) @@ -49,6 +49,7 @@ ### [Manage Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) ## Secure +### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) ### [Manage Surface UEFI settings](manage-surface-uefi-settings.md) ### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) ### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index 7ccc8ed708..db6a63ad69 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -3,12 +3,13 @@ title: Surface Asset Tag Tool description: This topic explains how to use the Surface Asset Tag Tool. ms.prod: w10 ms.mktglfcycl: manage +ms.localizationpriority: medium ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 02/01/2019 -ms.reviewer: +ms.date: 10/21/2019 +ms.reviewer: hachidan manager: dansimp --- @@ -33,6 +34,9 @@ To run Surface Asset Tag: extract the zip file, and save AssetTag.exe in desired folder (in this example, C:\\assets). + > [!NOTE] + > For Surface Pro X, use the application named **AssetTag_x86** in the ZIP file. + 2. Open a command console as an Administrator and run AssetTag.exe, entering the full path to the tool. diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index dcff7acd6d..ebbb3fc3b5 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -9,6 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 --- # Change history for Surface documentation @@ -19,7 +22,9 @@ This topic lists new and updated topics in the Surface documentation library. | **New or changed topic** | **Description** | | ------------------------ | --------------- | +| [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)| New document explaining how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.| | [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document highlighting key considerations for deploying, managing, and servicing Surface Pro X.| +|Multiple topics| Updated with information on Surface Pro 7, Surface Pro X, and Surface Laptop 3.| ## September 2019 diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index ec997db3be..1bdd0dac8d 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -9,7 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/16/2017 +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -18,6 +20,9 @@ manager: dansimp Fundamentally, management and deployment of Surface devices with System Center Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device. +> [!NOTE] +> SCCM is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md). + You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index). Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios; the solutions documented in this article may apply to other devices and manufacturers as well. @@ -79,3 +84,4 @@ To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.micr When you deploy Windows to a Surface device, the push-button reset functionality of Windows is configured by default to revert the system back to a state where the environment is not yet configured. When the reset function is used, the system discards any installed applications and settings. Although in some situations it can be beneficial to restore the system to a state without applications and settings, in a professional environment this effectively renders the system unusable to the end user. Push-button reset can be configured, however, to restore the system configuration to a state where it is ready for use by the end user. Follow the process outlined in [Deploy push-button reset features](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/deploy-push-button-reset-features) to customize the push-button reset experience for your devices. + diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md index f160c5977b..efc6802f8f 100644 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -13,13 +13,13 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 07/27/2017 +ms.audience: itpro +ms.date: 10/21/2019 --- # Customize the OOBE for Surface deployments - -This article walks you through the process of customizing the Surface out-of-box experience for end users in your organization. +This article describes customizing the Surface out-of-box experience for end users in your organization. It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE. @@ -28,6 +28,9 @@ It is common practice in a Windows deployment to customize the user experience f In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome. +> [!NOTE] +> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) + This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image). >[!NOTE] @@ -57,7 +60,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou - %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png >[!NOTE] ->You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4. +>You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 7 to deploy to Surface Pro 7, and the files from Surface Book 2 to deploy Surface Book 2, but you should not use the files from a Surface Pro 7 to deploy Surface Book or Surface Pro 6.   diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index 5c4cc7c4a3..7c3f3bd079 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -9,7 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 09/21/2017 +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -17,12 +19,25 @@ manager: dansimp # Deploy Surface app with Microsoft Store for Business and Education **Applies to** -* Surface Pro 4 -* Surface Book -* Surface 3 ->[!NOTE] ->The Surface app ships in Surface Studio. +- Surface Pro 7 +- Surface Laptop 3 +- Surface Pro 6 +- Surface Laptop 2 +- Surface Go +- Surface Go with LTE +- Surface Book 2 +- Surface Pro with LTE Advanced (Model 1807) +- Surface Pro (Model 1796) +- Surface Laptop +- Surface Studio +- Surface Studio 2 +- Surface Book +- Surface Pro 4 +- Surface 3 LTE +- Surface 3 +- Surface Pro 3 + The Surface app is a lightweight Microsoft Store app that provides control of many Surface-specific settings and options, including: @@ -34,9 +49,12 @@ The Surface app is a lightweight Microsoft Store app that provides control of ma * Enable or disable Surface audio enhancements -* Quick access to support documentation and information for your device +* Quick access to support documentation and information for your device -If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business. +Customers using Windows Update will ordinarily receive Surface app as part of automatic updates. But if your organization is preparing images for deployment to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business. + +> [!NOTE] +> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) ## Surface app overview diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md index 94094f2b60..f836e8254c 100644 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -11,7 +11,8 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: dansimp -ms.date: 08/13/2019 +ms.audience: itpro +ms.date: 10/21/2019 ms.author: dansimp ms.topic: article --- @@ -68,7 +69,7 @@ Look to the **version** number to determine the latest files that contain the mo The first file — SurfacePro6_Win10_16299_1900307_0.msi — is the newest because its VERSION field has the newest build in 2019; the other files are from 2018. ## Supported devices -Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. +Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. >[!NOTE] >There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update. diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md index 258912cc3d..fe487f8337 100644 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md @@ -9,7 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/16/2017 +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -17,13 +19,21 @@ manager: dansimp # Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit **Applies to** -- Surface Studio -- Surface Pro 4 -- Surface Book + +- Surface Studio and later +- Surface Pro 4 and later +- Surface Book and later +- Surface Laptop and later +- Surface Go - Surface 3 - Windows 10 -This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies. +This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. + +> [!NOTE] +> MDT is not currently supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) + +When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies. By following the procedures in this article, you can create an up-to-date reference image and deploy this image to your Surface devices, a process known as *reimaging*. Reimaging will erase and overwrite the existing environment on your Surface devices. This process allows you to rapidly configure your Surface devices with identical environments that can be configured to precisely fit your organization’s requirements. diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md index 7eb53c4ec9..e8a0143aab 100644 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md @@ -9,7 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 01/06/2017 +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -20,6 +22,11 @@ With Microsoft Surface Enterprise Management Mode (SEMM), you can securely confi For a more high-level overview of SEMM, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode). +A streamlined method of managing firmware from the cloud on Surface Pro 7,Surface Pro X and Surface Laptop 3 is now available via public preview. For more information,refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md). + +> [!NOTE] +> SEMM is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md). + #### Download and install Microsoft Surface UEFI Configurator The tool used to create SEMM packages is Microsoft Surface UEFI Configurator. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. Run the Microsoft Surface UEFI Configurator Windows Installer (.msi) file to start the installation of the tool. When the installer completes, find Microsoft Surface UEFI Configurator in the All Apps section of your Start menu. diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md index 00aa0c1f1a..1b1216cd8d 100644 --- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md +++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md @@ -13,13 +13,14 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 07/27/2017 +ms.audience: itpro +ms.date: 10/21/2019 --- # Ethernet adapters and Surface deployment -This article provides guidance and answers to help you perform a network deployment to Surface devices. +This article provides guidance and answers to help you perform a network deployment to Surface devices including Surface Pro 3 and later. Network deployment to Surface devices can pose some unique challenges for system administrators. Due to the lack of a native wired Ethernet adapter, administrators must provide connectivity through a removable Ethernet adapter. @@ -32,6 +33,9 @@ The primary concern when selecting an Ethernet adapter is how that adapter will Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware. +> [!NOTE] +> PXE boot is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) + The following Ethernet devices are supported for network boot with Surface devices: - Surface USB-C to Ethernet and USB 3.0 Adapter @@ -50,7 +54,6 @@ Third-party Ethernet adapters are also supported for network deployment, althoug ## Boot Surface devices from the network - To boot from the network or a connected USB stick, you must instruct the Surface device to boot from an alternate boot device. You can alter the boot order in the system firmware to prioritize USB boot devices, or you can instruct it to boot from an alternate boot device during the boot up process. To boot a Surface device from an alternative boot device, follow these steps: diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index 1bcf364edd..7f694266e4 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -1,7 +1,7 @@ --- title: Get started with Surface devices -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi layout: LandingPage ms.assetid: diff --git a/devices/surface/images/df1.png b/devices/surface/images/df1.png new file mode 100644 index 0000000000..3f5b4e1bee Binary files /dev/null and b/devices/surface/images/df1.png differ diff --git a/devices/surface/images/df2a.png b/devices/surface/images/df2a.png new file mode 100644 index 0000000000..6a50ae6862 Binary files /dev/null and b/devices/surface/images/df2a.png differ diff --git a/devices/surface/images/df3.png b/devices/surface/images/df3.png new file mode 100644 index 0000000000..c5263ce83f Binary files /dev/null and b/devices/surface/images/df3.png differ diff --git a/devices/surface/index.md b/devices/surface/index.md index 2677bffc49..3d8e45e45e 100644 --- a/devices/surface/index.md +++ b/devices/surface/index.md @@ -3,8 +3,8 @@ title: Microsoft Surface documentation and resources layout: HubPage hide_bc: true description: Surface and Surface Hub documentation for admins & IT professionals -author: robmazz -ms.author: robmazz +author: greg-lindsay +ms.author: greglin manager: laurawi ms.topic: hub-page keywords: Microsoft Surface, Microsoft Surface Hub, Surface documentation diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md index 2babc04471..efdf20be4d 100644 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ b/devices/surface/manage-surface-driver-and-firmware-updates.md @@ -13,12 +13,13 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/10/2019 +ms.audience: itpro +ms.date: 10/21/2019 --- # Manage Surface driver and firmware updates -This article describes the available options that you can use to manage firmware and driver updates for Surface devices. +This article describes the available options that you can use to manage firmware and driver updates for Surface devices including Surface Pro 3 and later. To see a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). @@ -59,3 +60,6 @@ The process of deploying firmware updates during an operating system deployment **WindowsPE and Surface firmware and drivers** System Center Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase. + +## Supported devices +Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md index 74e22a3d1b..4de1914275 100644 --- a/devices/surface/manage-surface-uefi-settings.md +++ b/devices/surface/manage-surface-uefi-settings.md @@ -17,13 +17,17 @@ manager: dansimp # Manage Surface UEFI settings -Current and future generations of Surface devices, including Surface Pro 4, Surface Book, and Surface Studio, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. +Current and future generations of Surface devices, including Surface Pro 7, Surface Book 2, and Surface Studio 2,use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. >[!NOTE] >Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI. You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot. +## Support for cloud-based management +With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md). + + ## PC information On the **PC information** page, detailed information about your Surface device is provided: diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 41b2e3d994..4a37b1fd9d 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -9,7 +9,7 @@ author: dansimp ms.author: dansimp ms.topic: article ms.date: 1/15/2019 -ms.reviewer: +ms.reviewer: hachidan manager: dansimp --- @@ -60,6 +60,11 @@ Full Brightness | Default: 100
Option: Range of 0-100 percent of screen b ## Changes and updates +### Version 1.16.137
+*Release Date: 22 October 2019*
+This version of Surface Brightness Control adds support for the following: +-Recompiled for x86, adding support for Surface Pro 7, Surface Pro X, and Surface Laptop 3. + ### Version 1.12.239.0 *Release Date: 26 April 2019*
This version of Surface Brightness Control adds support for the following: diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index 29b42615a0..64e380aab5 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -2,7 +2,7 @@ title: Microsoft Surface Data Eraser (Surface) description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10 -ms.reviewer: +ms.reviewer: hachidan manager: dansimp ms.localizationpriority: medium keywords: tool, USB, data, erase @@ -13,7 +13,8 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 05/15/2018 +ms.audience: itpro +ms.date: 10/21/2019 --- # Microsoft Surface Data Eraser @@ -28,6 +29,9 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d Compatible Surface devices include: +* Surface Pro 7 +* Surface Pro X +* Surface Laptop 3 * Surface Pro 6 * Surface Laptop 2 * Surface Go @@ -156,6 +160,12 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following: +### Version 3.21.137 +*Release Date: 21 Oct 2019* +This version of Surface Data Eraser is compiled for x86 and adds support for the following devices: + +Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3. + ### Version 3.2.78.0 *Release Date: 4 Dec 2018* diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index b6921a138f..ce9f38dfc2 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -2,7 +2,7 @@ title: Microsoft Surface Deployment Accelerator (Surface) description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4 -ms.reviewer: +ms.reviewer: hachidan manager: dansimp ms.date: 07/27/2017 ms.localizationpriority: medium @@ -14,14 +14,16 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article +ms.audience: itpro --- # Microsoft Surface Deployment Accelerator -Microsoft Surface Deployment Accelerator (SDA) provides a quick and simple deployment mechanism for organizations to reimage Surface devices. +Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. -SDA includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use SDA to create and capture a Windows reference image and then deploy it with the latest Windows updates. +> [!NOTE] +> SDA is not currently supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md). SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution. diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md index f095bc3269..51e39c27a3 100644 --- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md +++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md @@ -9,8 +9,10 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 01/03/2018 -ms.reviewer: +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 +ms.reviewer: scottmca manager: dansimp --- @@ -55,7 +57,7 @@ Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices, * Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise with the SAC servicing option. >[!NOTE] ->Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4). +>Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware such as Surface Pro 7, Surface Pro X, or Surface Laptop 3 without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4). Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option. diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index 41b2939439..28726e9c2d 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -41,6 +41,8 @@ Command line | Directly troubleshoot Surface devices remotely without user inter SDT for Business is supported on Surface 3 and later devices, including: +- Surface Pro 7 +- Surface Laptop 3 - Surface Pro 6 - Surface Laptop 2 - Surface Go @@ -168,6 +170,12 @@ You can select to run a wide range of logs across applications, drivers, hardwar - [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) ## Changes and updates +### Version 2.43.139.0 +*Release date: October 21, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following: +-Surface Pro 7 +-Surface Laptop 3 + ### Version 2.42.139.0 *Release date: September 24, 2019*
This version of Surface Diagnostic Toolkit for Business adds support for the following: diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md index c02d79e984..7359067813 100644 --- a/devices/surface/surface-diagnostic-toolkit-command-line.md +++ b/devices/surface/surface-diagnostic-toolkit-command-line.md @@ -10,7 +10,7 @@ ms.topic: article ms.date: 11/15/2018 ms.reviewer: hachidan manager: dansimp -ms.localizationpriority: normal +ms.localizationpriority: medium ms.audience: itpro --- @@ -19,7 +19,7 @@ ms.audience: itpro Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. >[!NOTE] ->To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device. +>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device. ## Running SDT app console diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md index 8cbef59101..5d709fb69c 100644 --- a/devices/surface/surface-dock-firmware-update.md +++ b/devices/surface/surface-dock-firmware-update.md @@ -107,7 +107,7 @@ Successful completion of Surface Dock Firmware Update results in new registry ke ## Changes and updates -Microsoft periodically releases new versions of Surface Dock Firmware Update. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Firmware Update. +Microsoft periodically releases new versions of Surface Dock Firmware Update.Note that the MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version of the MSI. ## Versions reference ### Version 1.42.139 @@ -119,6 +119,8 @@ This version, contained in Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.316 - Component10CurrentFwVersion updated to **4ac3970**. - Component20CurrentFwVersion updated to **4a1d570**. +It adds support for Surface Pro 7 and Surface Laptop 3. + ## Legacy versions ### Version 2.23.139.0 diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 5944375042..32c1f38406 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -226,6 +226,10 @@ create a reset package using PowerShell to reset SEMM. ## Version History +### Version 2.59.139 +* Support to Surface Pro 7 and Surface Laptop 3 +- Support to Wake on Power feature + ### Version 2.54.139.0 * Support to Surface Hub 2S * Bug fixes diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md new file mode 100644 index 0000000000..93d897f272 --- /dev/null +++ b/devices/surface/surface-manage-dfci-guide.md @@ -0,0 +1,172 @@ +--- +title: Intune management of Surface UEFI settings +description: This article explains how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices. +ms.localizationpriority: medium +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: dansimp +ms.author: dansimp +ms.topic: article +ms.date: 10/20/2019 +ms.reviewer: jesko +manager: dansimp +ms.audience: itpro +--- +# Intune management of Surface UEFI settings + +## Introduction + +The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. + +### Background + +Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are collectively known as firmware (while programs stored in dynamic media are known as software). + +In contrast to other Windows 10 devices available in the market today, Surface provides IT admins with the ability to configure and manage firmware through a rich set of UEFI configuration settings. This provides a layer of hardware control on top of software-based policy management as implemented via mobile device management (MDM) policies, Configuration Manager or Group Policy. For example, organizations deploying devices in highly secure areas with sensitive information can prevent camera use by removing functionality at the hardware level. From a device standpoint, turning the camera off via a firmware setting is equivalent to physically removing the camera. Compare the added security of managing at the firmware level to relying only on operating system software settings. For example, if you disable the Windows audio service via a policy setting in a domain environment, a local admin could still re-enable the service. + +### DFCI versus SEMM + +Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use. + +Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console. + +DFCI leverages the device profiles capability in Intune and is deployed using Windows Autopilot, eliminating the need for manual interaction by IT admins or end users. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain a costly on-premises infrastructure. + +## Supported devices + +At this time, DFCI is supported in the following devices: + +- Surface Pro 7 +- Surface Pro X +- Surface Laptop 3 + +## Prerequisites + +- Devices must be registered with Windows Autopilot by your reseller or distributor. For more information, refer to the [Microsoft Device Partner Center](https://devicepartner.microsoft.com/support). + +- Before configuring DFCI for Surface, you should already be familiar with [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD). + +## Before you begin + +Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal). + +## Configure DFCI management for Surface devices + +A DFCI environment requires setting up a DFCI profile that contains the settings and an Autopilot profile to apply the settings to registered devices. An enrollment status profile is also recommended to ensure settings are pushed down during OOBE setup when users first start the device. This guide explains how to configure the DFCI environment and manage UEFI configuration settings for targeted Surface devices. + +## Create DFCI profile + +Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices. + +1. Open Intune select **Device configuration > Profiles > Create profile** and enter a name; for example **My DFCI profile.** +2. Select Windows 10 and later for platform type. +3. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 2 on this page below or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile. + +> ![Create DFCI profile](images/df1.png) + +4. Click **OK** and then select **Create**. +5. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**. + +![Assign security group](images/df2a.png) + +## Create Autopilot profile + +1. Go to **Intune > Device enrollment > Windows enrollment** and scroll down to select **Deployment Profiles**. +2. Select **Create profile**, enter a name; for example, My Autopilot profile, and select **Next**. +3. Select the following settings: + +- Deployment mode: **User-Driven**. +- Join type: Azure **AD joined**. + +4. Leave the remaining default settings unchanged and select **Next** +5. On the Scope tags page, select **Next**. +6. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**. +7. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group. + +## Configure Enrollment Status Page + +To ensure that devices apply the DFCI configuration during OOBE before users sign in, you need to configure enrollment status. + +For more information, refer to [Set up an enrollment status page](https://docs.microsoft.com/intune/enrollment/windows-enrollment-status). + + +## Configure DFCI settings on Surface devices + +DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level). + +You configure DFCI policy settings by editing the DFCI profile: + +- **Intune > Device configuration > Profiles > “DFCI profile name” > Properties > Settings** + +### Block user access to UEFI settings + +For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in the followng table, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.** +The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also. + +### Table 1. DFCI scenarios + +| Device management goal | Configuration steps | +| --------------------------------------------- | --------------------------------------------------------------------------------------------- | +| Block local users from changing UEFI settings | Under **Security Features > Allow local user to change UEFI settings**, select **None**. | +| Disable cameras | Under **Built in Hardware > Cameras**, select **Disabled**. | +| Disable Microphones and speakers | Under **Built in Hardware > Microphones and speakers**, select **Disabled**. | +| Disable radios (Bluetooth, Wi-Fi) | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**. | +| Disable Boot from external media (USB, SD) | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. | + + +> [!NOTE] +> DFCI in Intune includes two settings that do not currently apply to Surface devices: +- CPU and IO virtualization +- Disable Boot from network adapters + +Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). + +## Register devices in Autopilot + +As stated above, DFCI can only be applied on devices registered in Windows Autopilot by your reseller or distributor and is only supported, at this time, on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For security reasons, it’s not possible to “self-provision” your devices into Autopilot. + +## Manually Sync Autopilot devices + +Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices. + +- In Intune, go to **Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**. + + For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows). + +> [!NOTE] +> When adjusting settings directly in UEFI, you need to ensure the device fully restarts to the standard Windows login. + +## Verifying UEFI settings on DFCI-managed devices + +In a test environment, you can verify settings in the Surface UEFI interface. + +1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time. +2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure. + +![Surface UEFI](images/df3.png) + +Note how: + +- The settings are greyed out because **Allow local user to change UEFI setting** is set to None. +- Audio is set to off because **Microphones and speakers** are set to **Disabled**. + +## Removing DFCI policy settings + +When you create a DFCI profile, all configured settings will remain in effect across all devices within the profile’s scope of management. You can only remove DFCI policy settings by editing the DFCI profile directly. + +If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate. + +## Unregistering devices from DFCI to prepare for resale or recycle + +1. Contact your partner, OEM, or reseller to unregister the device from Autopilot. +2. Remove the device from Intune. +3. Connect a Surface-branded network adapter. +4. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time. +5. Select **Management > Configure > Refresh from Network**. +6. Validate DFCI is removed from the device in the UEFI. + +## Learn more +- [Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot) +- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) +- [Use DFCI profiles on Windows devices in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 0457612090..f877f0d659 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -28,6 +28,7 @@ Surface Pro X is designed almost exclusively for a modern, cloud-based environme For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to: - [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) +- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus. diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md index 8418efebd7..baa547d04b 100644 --- a/devices/surface/surface-pro-arm-app-performance.md +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -1,5 +1,5 @@ --- -title: Windows 10 ARM-based PC app compatibility +title: Surface Pro X app compatibility description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs. ms.prod: w10 ms.localizationpriority: medium @@ -13,7 +13,7 @@ ms.reviewer: jessko manager: dansimp ms.audience: itpro --- -# Windows 10 ARM-based PC app compatibility +# Surface Pro X app compatibility Applications run differently on ARM-based Windows 10 PCs such as Surface Pro X. Limitations include the following: diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index fc560e5345..ac6102c2ef 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -9,7 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/16/2017 +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -17,11 +19,24 @@ manager: dansimp # Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit #### Applies to -* Surface Pro 3 -* Surface 3 -* Surface Pro 2 -* Surface Pro -* Windows 10 +- Surface Pro 6 +- Surface Laptop 2 +- Surface Go +- Surface Go with LTE +- Surface Book 2 +- Surface Pro with LTE Advanced (Model 1807) +- Surface Pro (Model 1796) +- Surface Laptop +- Surface Studio +- Surface Studio 2 +- Surface Book +- Surface Pro 4 +- Surface 3 LTE +- Surface 3 +- Surface Pro 3 +- Surface Pro 2 +- Surface Pro +- Windows 10 In addition to the traditional deployment method of reimaging devices, administrators that want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade. The process described in this article shows how to perform a Windows 10 upgrade deployment to Surface devices. @@ -37,6 +52,9 @@ For versions of Windows prior to Windows 10, if you wanted to install a new vers Introduced with Windows 10 and MDT 2013 Update 1, you can use the upgrade installation path directly with Microsoft deployment technologies such as the Microsoft Deployment Toolkit (MDT). With an upgrade deployment you can use the same deployment technologies and process, but you can preserve users settings, and applications of the existing environment on the device. +> [!NOTE] +> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) + ## Deployment tools and resources Performing an upgrade deployment of Windows 10 requires the same tools and resources that are required for a traditional reimaging deployment. You can read about the tools required, including detailed explanations and installation instructions, in [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md). To proceed with the upgrade deployment described in this article, you will need the following tools installed and configured: diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md index 52e96859b3..5ea2e92440 100644 --- a/devices/surface/using-the-sda-deployment-share.md +++ b/devices/surface/using-the-sda-deployment-share.md @@ -9,7 +9,9 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/16/2017 +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -20,6 +22,9 @@ With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator). +> [!NOTE] +> SDA is not currently supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md). + Using SDA provides these primary benefits: * With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you. diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index 9c6fafb2d6..00b08cc73a 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -1,5 +1,5 @@ --- -title: Windows Autopilot and Surface Devices (Surface) +title: Windows Autopilot and Surface Devices ms.reviewer: manager: dansimp description: Find out about Windows Autopilot deployment options for Surface devices. @@ -11,18 +11,24 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article +ms.localizationpriority: medium +ms.audience: itpro +ms.date: 10/21/2019 --- # Windows Autopilot and Surface devices -Windows Autopilot is a cloud-based deployment technology available in Windows 10. Using Windows Autopilot, you can remotely deploy and configure devices in a truly zero-touch process right out of the box. Windows Autopilot registered devices are identified over the internet at first boot using a unique device signature, known as the hardware hash, and automatically enrolled and configured using modern management solutions such as Azure Active Directory (AAD) and Mobile Device Management (MDM). +Windows Autopilot is a cloud-based deployment technology available in Windows 10. Using Windows Autopilot, you can remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot registered devices are identified over the internet at first boot using a unique device signature, known as a hardware hash, and automatically enrolled and configured using modern management solutions such as Azure Active Directory (AAD) and Mobile Device Management (MDM). -With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution. +With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process eliminates need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution. -In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. For information about licensing and other prerequisites, see [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements). +## Modern management +Autopilot is the recommended deployment option for Surface devices including Surface Pro 7, Surface Laptop 3, and Surface Pro X, which is specifically designed to be deployed with Autopilot. -### Windows version considerations -Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices ship with Windows 10 Version 1709 or above. + For the best experience, enroll your Surface devices with the assistance of a Microsoft Cloud Solution Provider. Doing so enables you to manage UEFI firmware settings on Surface devices directly from Intune, eliminating the need to physically touch devices for certificate management. For more information, see [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md). + +## Windows version considerations +Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 ship with Windows 10 Version 1903 or above. ## Surface partners enabled for Windows Autopilot Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management. @@ -34,3 +40,7 @@ When you purchase Surface devices from a Surface partner enabled for Windows Aut - [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) - [SHI](https://www.shi.com/Surface) +## Learn more +For more information about Windows Autopilot, refer to: +- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) +- [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements) \ No newline at end of file diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 744a4be799..746d5b282e 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -9,7 +9,8 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/19/2018 +ms.localizationpriority: medium +ms.date: 10/21/2019 --- # Defender CSP @@ -138,7 +139,7 @@ The following list shows the supported values: - 2 = Manual steps required - 3 = Full scan required - 4 = Reboot required -- 5 = Remediated with non critical failures +- 5 = Remediated with noncritical failures - 6 = Quarantined - 7 = Removed - 8 = Cleaned @@ -243,7 +244,7 @@ The following list shows the supported values: - 2 = Pending reboot - 4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan) - 8 = Pending offline scan -- 16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender) +- 16 = Pending critical failure (Windows Defender has failed critically and an Administrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender) Supported operation is Get. @@ -352,6 +353,53 @@ The data type is a string. Supported operation is Get. +**Health/TamperProtectionEnabled** +Indicates whether the Windows Defender tamper protection feature is enabled.​ + +The data type is a boolean. + +Supported operation is Get. + +**Health/IsVirtualMachine** +Indicates whether the device is a virtual machine. + +The data type is a string. + +Supported operation is Get. + +**Configuration** +An interior node to group Windows Defender configuration information. + +Supported operation is Get. + +**Configuration/TamperProtection** +Tamper protection helps protect important security features from unwanted changes and interference. This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions. + +Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune. + +The data type is a Signed blob. + +Supported operations are Add, Delete, Get, Replace. + +Intune tamper protection setting UX supports three states: +- Not configured (default): Does not have any impact on the default state of the device. +- Enabled: Enables the tamper protection feature. +- Disabled: Turns off the tamper protection feature. + +When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. + +**Configuration/EnableFileHashComputation** +Enables or disables file hash computation feature. +When this feature is enabled Windows defender will compute hashes for files it scans. + +The data type is a integer. + +Supported operations are Add, Delete, Get, Replace. + +Valid values are: +- 1 – Enable. +- 0 (default) – Disable. + **Scan** Node that can be used to start a Windows Defender scan on a device. @@ -374,5 +422,4 @@ Supported operations are Get and Execute. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index fb7628c241..e5c1dcd59e 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -9,7 +9,8 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/12/2018 +ms.localizationpriority: medium +ms.date: 10/21/2019 --- # Defender DDF file @@ -19,7 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is for Windows 10, version 1809. +The XML below is the current version for this CSP. ```xml @@ -628,6 +629,112 @@ The XML below is for Windows 10, version 1809. + + TamperProtectionEnabled + + + + + + + + + + + + + + + text/plain + + + + + IsVirtualMachine + + + + + + + + + + + + + + + text/plain + + + + + + Configuration + + + + + + + + + + + + + + + + + + + TamperProtection + + + + + + + + + + + + + + + + + + text/plain + + + + + EnableFileHashComputation + + + + + + + + + + + + + + + + + + text/plain + + + Scan diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png index c4a743deeb..793b1568ff 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and b/windows/client-management/mdm/images/provisioning-csp-defender.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index df1f000ad7..0a50619021 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -165,7 +165,7 @@ ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswo
  • WindowsLogon/ConfigAutomaticRestartSignOn
  • WindowsLogon/EnableFirstLogonAnimation
    • -Policy CSP - Audit +Policy CSP - Audit

    Added new Audit policies in Windows 10, version 1903.

    @@ -175,6 +175,10 @@ ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswo

    Added new CSP in Windows 10, version 1903.

    +Defender CSP +

    Added the following new nodes:
    Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.

    + + DiagnosticLog CSP
    DiagnosticLog DDF

    Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
    @@ -1929,17 +1933,19 @@ What data is handled by dmwappushsvc? | It is a component handling the internal How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | ## Change history in MDM documentation + ### October 2019 |New or updated topic | Description| |--- | ---| -|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
    ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID| +|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
    ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.| +|[Defender CSP](defender-csp.md)|Added the following new nodes:
    Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.| ### September 2019 |New or updated topic | Description| |--- | ---| -|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
    IsStub| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
    IsStub.| |[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.| |[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies:
    DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.| @@ -1958,7 +1964,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o |[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| |[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
    SecurityKey, SecurityKey/UseSecurityKeyForSignin| |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
    LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| -|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider| +|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider.| ### June 2019 diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index ae70b4a30e..535126c94e 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -55,6 +56,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Issues manually installing updates by double-clicking the .msu file
    You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

    See details >    		September 10, 2019
    KB4474419    		Resolved
    KB4474419    		September 23, 2019
    10:00 AM PT
    Intermittent issues when printing
    The print spooler service may intermittently have issues completing a print job and results print job failure.

    See details >    		September 24, 2019
    KB4516030    		Resolved
    KB4520002    		October 08, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Issues manually installing updates by double-clicking the .msu file
    After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"

    Affected platforms:
    • Server: Windows Server 2008 SP2
    Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet

    Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.

    Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall.

    Back to top    		September 10, 2019
    KB4474419    		Resolved
    KB4474419    		Resolved:
    September 23, 2019
    10:00 AM PT

    Opened:
    September 20, 2019
    04:57 PM PT
    Intermittent issues when printing
    Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
    • Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
    • The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
    Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.

    Back to top    		September 24, 2019
    KB4516030    		Resolved
    KB4520002    		Resolved:
    October 08, 2019
    10:00 AM PT

    Opened:
    September 30, 2019
    06:26 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 72f9e6f8fa..217b281dbc 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -61,7 +61,6 @@ sections: text: "

    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    -
    SummaryOriginating updateStatusLast updated
    Intermittent issues when printing
    The print spooler service may intermittently have issues completing a print job and results print job failure.

    See details >    		OS Build 16299.1392

    September 23, 2019
    KB4522012    		Resolved
    KB4520004    		October 08, 2019
    10:00 AM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Resolved
    		September 19, 2019
    04:08 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -79,7 +78,6 @@ sections: text: " -
    DetailsOriginating updateStatusHistory
    Intermittent issues when printing
    Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
    • Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
    • The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4520004.

    Back to top    		OS Build 16299.1392

    September 23, 2019
    KB4522012    		Resolved
    KB4520004    		Resolved:
    October 08, 2019
    10:00 AM PT

    Opened:
    September 30, 2019
    06:26 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4516066, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 5ad00ae3bb..9480e53e4d 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -67,7 +67,6 @@ sections:
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.

    See details >OS Build 17134.950

    August 13, 2019
    KB4512501Resolved
    KB4519978October 15, 2019
    10:00 AM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >OS Build 17134.829

    June 11, 2019
    KB4503286Resolved
    KB4519978October 15, 2019
    10:00 AM PT
    Intermittent issues when printing
    The print spooler service may intermittently have issues completing a print job and results print job failure.

    See details >OS Build 17134.1009

    September 23, 2019
    KB4522014Resolved
    KB4520008October 08, 2019
    10:00 AM PT -
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >OS Build 17134.1006

    September 10, 2019
    KB4516058Resolved
    September 19, 2019
    04:08 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

    See details >OS Build 17134.523

    January 08, 2019
    KB4480966Mitigated
    April 25, 2019
    02:00 PM PT " @@ -86,7 +85,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    After installing KB4512501, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803
    Resolution: This issue was resolved in KB4519978.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4519978    		Resolved:
    October 15, 2019
    10:00 AM PT

    Opened:
    September 11, 2019
    05:32 PM PT
    Intermittent issues when printing
    Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
    • Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
    • The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4520008.

    Back to top    		OS Build 17134.1009

    September 23, 2019
    KB4522014    		Resolved
    KB4520008    		Resolved:
    October 08, 2019
    10:00 AM PT

    Opened:
    September 30, 2019
    06:26 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4516058, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index f19b9b7ad2..364659d2b9 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -69,7 +69,6 @@ sections:
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >OS Build 17763.557

    June 11, 2019
    KB4503327Resolved
    KB4520062October 15, 2019
    10:00 AM PT
    Intermittent issues when printing
    The print spooler service may intermittently have issues completing a print job and results print job failure.

    See details >OS Build 17763.740

    September 23, 2019
    KB4522015Resolved
    KB4519338October 08, 2019
    10:00 AM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.

    See details >OS Build 17763.55

    October 09, 2018
    KB4464330Resolved
    KB4516077September 24, 2019
    10:00 AM PT -
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >OS Build 17763.737

    September 10, 2019
    KB4512578Resolved
    September 19, 2019
    04:08 PM PT
    Devices with some Asian language packs installed may receive an error
    Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    See details >OS Build 17763.437

    April 09, 2019
    KB4493509Mitigated
    May 03, 2019
    10:59 AM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

    See details >OS Build 17763.253

    January 08, 2019
    KB4480116Mitigated
    April 09, 2019
    10:00 AM PT @@ -98,7 +97,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    After installing KB4511553, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803
    Resolution: This issue was resolved in KB4520062.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4520062    		Resolved:
    October 15, 2019
    10:00 AM PT

    Opened:
    September 11, 2019
    05:32 PM PT
    Intermittent issues when printing
    Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
    • Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
    • The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4519338.

    Back to top    		OS Build 17763.740

    September 23, 2019
    KB4522015    		Resolved
    KB4519338    		Resolved:
    October 08, 2019
    10:00 AM PT

    Opened:
    September 30, 2019
    06:26 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4512578, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index d34418e158..f1e8b5126b 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -67,8 +67,6 @@ sections:
    dGPU occasionally disappear from device manager on Surface Book 2
    Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

    See details >OS Build 18362.145

    May 29, 2019
    KB4497935Resolved
    October 18, 2019
    04:33 PM PT
    Intermittent issues when printing
    The print spooler service may intermittently have issues completing a print job and results print job failure.

    See details >OS Build 18362.357

    September 23, 2019
    KB4522016Resolved
    KB4517389October 08, 2019
    10:00 AM PT
    Audio in games is quiet or different than expected
    Microsoft has received reports that audio in certain games is quieter or different than expected.

    See details >OS Build 18362.356

    September 10, 2019
    KB4515384Resolved
    KB4517211September 26, 2019
    02:00 PM PT -
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >OS Build 18362.356

    September 10, 2019
    KB4515384Resolved
    September 19, 2019
    04:08 PM PT -
    Some users report issues related to the Start menu and Windows Desktop Search
    A small number of users have reported issues related to the Start menu and Windows Desktop Search.

    See details >OS Build 18362.356

    September 10, 2019
    KB4515384Resolved
    September 19, 2019
    04:58 PM PT
    Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
    Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.

    See details >N/A

    Mitigated
    September 13, 2019
    05:25 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive error code 0x80073701.

    See details >OS Build 18362.145

    May 29, 2019
    KB4497935Investigating
    August 16, 2019
    04:28 PM PT
    Intermittent loss of Wi-Fi connectivity
    Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

    See details >OS Build 18362.116

    May 21, 2019
    KB4505057Mitigated External
    August 01, 2019
    08:44 PM PT @@ -93,8 +91,6 @@ sections: - -
    DetailsOriginating updateStatusHistory
    Intermittent issues when printing
    Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
    • Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
    • The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517389.

    Back to top    		OS Build 18362.357

    September 23, 2019
    KB4522016    		Resolved
    KB4517389    		Resolved:
    October 08, 2019
    10:00 AM PT

    Opened:
    September 30, 2019
    06:26 PM PT
    Audio in games is quiet or different than expected
    Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4517211.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    KB4517211    		Resolved:
    September 26, 2019
    02:00 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4515384, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas. If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub (Windows + F) then try the Windows 10 Troubleshoot settings (found in Settings). If you are having an issue with search, see Fix problems in Windows Search.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		Resolved:
    September 19, 2019
    04:58 PM PT

    Opened:
    September 11, 2019
    05:18 PM PT
    Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
    Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on specific models of NEC devices. If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections. The Wi-Fi driver may have a yellow exclamation point in device manager. The task tray icon for networking may show the icon for no internet and Network & Internet settings may not show any Wi-Fi networks.

    To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: If you are using an affected device and you have already installed Windows 10, version 1903, you can mitigate the issue disabling then re-enabling the Wi-Fi adapter in Device Manager. You should now be able to use Wi-Fi until your next reboot.

    Next steps: Microsoft and NEC are working on a resolution and will provide an update in an upcoming release.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		N/A

    		Mitigated
    		Last updated:
    September 13, 2019
    05:25 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 9b171c527f..0df1e85294 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Issues manually installing updates by double-clicking the .msu file
    You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

    See details >    		September 10, 2019
    KB4474419    		Resolved
    KB4474419    		September 23, 2019
    10:00 AM PT
    Intermittent issues when printing
    The print spooler service may intermittently have issues completing a print job and results print job failure.

    See details >    		September 24, 2019
    KB4516030    		Resolved
    KB4520002    		October 08, 2019
    10:00 AM PT
    Issues manually installing updates by double-clicking the .msu file
    You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

    See details >    		September 10, 2019
    KB4474419    		Mitigated
    KB4474419    		September 24, 2019
    08:17 AM PT
    " @@ -77,7 +77,7 @@ sections: - type: markdown text: " + -
    DetailsOriginating updateStatusHistory
    Issues manually installing updates by double-clicking the .msu file
    After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"

    Affected platforms:
    • Server: Windows Server 2008 SP2
    Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet

    Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.

    Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall.

    Back to top    		September 10, 2019
    KB4474419    		Resolved
    KB4474419    		Resolved:
    September 23, 2019
    10:00 AM PT

    Opened:
    September 20, 2019
    04:57 PM PT
    Intermittent issues when printing
    Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
    • Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
    • The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
    Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.

    Back to top    		September 24, 2019
    KB4516030    		Resolved
    KB4520002    		Resolved:
    October 08, 2019
    10:00 AM PT

    Opened:
    September 30, 2019
    06:26 PM PT
    Issues manually installing updates by double-clicking the .msu file
    After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"

    Affected platforms:
    • Server: Windows Server 2008 SP2
    Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet

    Resolution: This issue is resolved in KB4474419 released September 23, 2019. Currently, this version is only available from the Microsoft Update Catalog. To resolve this issue, you will need to manually download the package and use the workaround above to install it.

    Next steps: We estimate a solution will be available in mid-October on Windows Update and Windows Server Update Services (WSUS).

    Back to top    		September 10, 2019
    KB4474419    		Mitigated
    KB4474419    		Last updated:
    September 24, 2019
    08:17 AM PT

    Opened:
    September 20, 2019
    04:57 PM PT
    " diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md index 7d87930ea5..8829cf492a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 04/24/2018 --- # Enable Secure Score security controls @@ -27,7 +26,7 @@ ms.date: 04/24/2018 -Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations. +Set the baselines for calculating the score of security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations. >[!NOTE] >Changes might take up to a few hours to reflect on the dashboard. diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md index 4d70c50373..d0ad0448da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md @@ -1,7 +1,7 @@ --- title: See how exploit protection works in a demo description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps. -keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation +keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigation search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -10,9 +10,9 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium audience: ITPro -author: levinec -ms.author: ellevin -ms.date: 04/02/2019 +author: denisebmsft +ms.author: deniseb +ms.date: 10/21/2019 ms.reviewer: manager: dansimp --- @@ -23,21 +23,16 @@ manager: dansimp * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. -It consists of a number of mitigations that can be applied to either the operating system or an individual app. -Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection. +[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. Mitigation can be applied to either the operating system or to an individual app. Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](emet-exploit-protection.md) are included in exploit protection. -This topic helps you enable exploit protection in audit mode and review related events in Event Viewer. -You can enable audit mode for certain app-level mitigations to see how they will work in a test environment. -This lets you see a record of what *would* have happened if you had enabled the mitigation in production. -You can make sure it doesn't affect your line-of-business apps, and see which suspicious or malicious events occur. +This article helps you enable exploit protection in audit mode and review related events in Event Viewer. You can enable audit mode to see how mitigation works for certain apps in a test environment. By auditing exploit protection, you can see what *would* have happened if you had enabled exploit protection in your production environment. This way, you can help ensure exploit protection doesn't adversely affect your line-of-business apps, and you can see which suspicious or malicious events occur. > [!TIP] > You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works. ## Enable exploit protection in audit mode -You can set mitigations in audit mode for specific programs either by using the Windows Security app or PowerShell. +You can set mitigation in audit mode for specific programs either by using the Windows Security app or Windows PowerShell. ### Windows Security app @@ -45,12 +40,12 @@ You can set mitigations in audit mode for specific programs either by using the 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**. -3. Go to **Program settings** and choose the app you want to apply mitigations to: +3. Go to **Program settings** and choose the app you want to apply protection to: 1. If the app you want to configure is already listed, click it and then click **Edit** - 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app: - * Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. - * Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. + 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app. + - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. + - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. @@ -76,14 +71,14 @@ Where: * \: * The mitigation's cmdlet as defined in the following table. Each mitigation is separated with a comma. - Mitigation | Audit mode cmdlet --|- - Arbitrary code guard (ACG) | AuditDynamicCode - Block low integrity images | AuditImageLoad - Block untrusted fonts | AuditFont, FontAuditOnly - Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned - Disable Win32k system calls | AuditSystemCall - Do not allow child processes | AuditChildProcess + |Mitigation | Audit mode cmdlet | +|---|---| + |Arbitrary code guard (ACG) | AuditDynamicCode | + |Block low integrity images | AuditImageLoad + |Block untrusted fonts | AuditFont, FontAuditOnly | + |Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned | + |Disable Win32k system calls | AuditSystemCall | + |Do not allow child processes | AuditChildProcess | For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command: @@ -97,14 +92,14 @@ You can disable audit mode by replacing `-Enable` with `-Disable`. To review which apps would have been blocked, open Event Viewer and filter for the following events in the Security-Mitigations log. -Feature | Provider/source | Event ID | Description --|-|-|- - Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit - Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit - Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit - Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit - Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit - Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit +|Feature | Provider/source | Event ID | Description | +|---|---|--|---| + |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit | + |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit | + |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit | + |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit | + |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit | + |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit | ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index b657e78ae2..c7ae3aac79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -1,7 +1,7 @@ --- title: Microsoft Defender ATP evaluation lab description: Learn about Microsoft Defender ATP capabilities, run attack simulations, and see how it prevents, detects, and remediates threats. -keywords: +keywords: evaluate mdatp, evaluation, lab, simulation, windows 10, windows server 2019, evaluation lab search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -26,12 +26,18 @@ Conducting a comprehensive security product evaluation can be a complex process The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action. -When you get started with the lab, you'll be guided through a simple set-up process where your tenant will be provisioned with test machines. These test machines will come pre-configured to have the latest and greatest Windows 10 version with the right security components in place and Office 2019 Standard installed. +When you get started with the lab, you'll be guided through a simple set-up process where you can specify the type of configuration that best suits your needs. + +After the lab setup process is complete, you can add Windows 10 or Windows Server 2019 machines. These test machines come pre-configured to have the latest and greatest OS versions with the right security components in place and Office 2019 Standard installed. With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Microsoft Defender ATP performs. You'll have full access to all the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. +## Before you begin +You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender ATP to access the evaluation lab. + +Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink) ## Get started with the lab You can access the lab from the menu. In the navigation menu, select **Evaluation and tutorials > Evaluation lab**. @@ -43,15 +49,28 @@ When you access the evaluation lab for the first time, you'll find an introducti It's a good idea to read the guide before starting the evaluation process so that you can conduct a thorough assessment of the platform. >[!NOTE] ->- Each environment is provisioned with only three test machines. ->- Each machine will be available for only three days from the day of activation. ->- When you've used up these three machines, no new machines are provided. -Deleting a machine does not refresh the available test machine count. +>- Each environment is provisioned with a limited set of test machines. +>- Depending the type of environment structure you select, machines will be available for the specified number of hours from the day of activation. +>- When you've used up the provisioned machines, no new machines are provided. A deleted machine does not refresh the available test machine count. >- Given the limited resources, it’s advisable to use the machines carefully. -## Evaluation setup -When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. The machine will be configured with the most up to date version of Windows 10 and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. +## Setup the evaluation lab + +1. In the navigation pane, select **Evaluation and tutorials > Evaluation lab**, then select **Setup lab**. + + ![Image of the evaluation lab welcome page](images/evaluation-lab-setup.png) + +2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Create lab**. + + ![Image of lab configuration options](images/lab-creation-page.png) + +When the environment completes the setup process, you're ready to add machines. + +## Add machines +When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. You can add Windows 10 or Windows Server 2019 machines. + +The machine will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. @@ -74,33 +93,27 @@ Automated investigation settings will be dependent on tenant settings. It will b >[!NOTE] >The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections. +1. From the dashboard, select **Add machine**. -1. In the navigation pane, select **Evaluation and tutorials > Evaluation lab**. + ![Image of lab setup page](images/lab-setup-page.png) -2. Select **Prepare lab**. - ![Image of welcome page](images/welcome-evaluation-lab.png) +2. Choose the type of machine to add. You can choose to add Windows 10 or Windows Server 2019. -3. Select **Add machine**. + ![Image of lab setup with machine options](images/add-machine-options.png) - >[!WARNING] - >- Each environment is provisioned with only three test machines. - >- Each machine will be available for only three days from the day of activation. - >- When you've used up these three machines, no new machines are provided. - Deleting a machine does not refresh the available test machine count. - >- Given the limited resources, it’s advisable to use the machines carefully. - - ![Image of add machine](images/evaluation-add-machine.png) >[!NOTE] >If something goes wrong with the machine creation process, you'll be notified and you'll need to submit a new request. If the machine creation fails, it will not be counted against the overall allowed quota. -4. The connection details are displayed. Select **Copy** to save the password for the machine. +3. The connection details are displayed. Select **Copy** to save the password for the machine. >[!NOTE] >The password is only displayed once. Be sure to save it for later use. -5. Machine set up begins. This can take up to approximately 30 minutes. + ![Image of machine added with connection details](images/add-machine-eval-lab.png) + +4. Machine set up begins. This can take up to approximately 30 minutes. The environment will reflect your test machine status through the evaluation - including risk score, exposure score, and alerts created through the simulation. @@ -165,5 +178,5 @@ Your feedback helps us get better in protecting your environment from advanced a Let us know what you think, by selecting **Provide feedback**. -![Image of provide feedback](images/eval-feedback.png) +![Image of provide feedback](images/send-us-feedback-eval-lab.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-eval-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-eval-lab.png new file mode 100644 index 0000000000..2b5b014a6b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-eval-lab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-evaluation-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-evaluation-lab.png new file mode 100644 index 0000000000..2187629052 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-evaluation-lab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-options.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-options.png new file mode 100644 index 0000000000..1e9dc0b534 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-options.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/evaluation-lab-setup.png b/windows/security/threat-protection/microsoft-defender-atp/images/evaluation-lab-setup.png new file mode 100644 index 0000000000..fda12c1b95 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/evaluation-lab-setup.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lab-creation-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/lab-creation-page.png new file mode 100644 index 0000000000..5f76ba9386 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/lab-creation-page.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lab-setup-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/lab-setup-page.png new file mode 100644 index 0000000000..b67a8198a8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/lab-setup-page.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/machine-added-evaluation-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/machine-added-evaluation-lab.png new file mode 100644 index 0000000000..81d97b7fed Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/machine-added-evaluation-lab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/send-us-feedback-eval-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/send-us-feedback-eval-lab.png new file mode 100644 index 0000000000..8b37ac8a3a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/send-us-feedback-eval-lab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index 56e0d4eeb2..249d6de806 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 010/08/2018 +ms.date: 10/08/2018 --- # Manage Microsoft Defender ATP incidents diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 7a0f0c27d6..84e9cb78dd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -188,7 +188,102 @@ You may now enroll more devices. You can also enroll them later, after you have ``` -9. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +9. To whitelist Defender and Auto Update for displaying notifications in UI on macOS 10.15 (Catalina), import the following .mobileconfig as a custom payload: + + ```xml + + + + + PayloadContent + + + NotificationSettings + + + AlertType + 2 + BadgesEnabled + + BundleIdentifier + com.microsoft.autoupdate2 + CriticalAlertEnabled + + GroupingType + 0 + NotificationsEnabled + + ShowInLockScreen + + ShowInNotificationCenter + + SoundsEnabled + + + + AlertType + 2 + BadgesEnabled + + BundleIdentifier + com.microsoft.wdavtray + CriticalAlertEnabled + + GroupingType + 0 + NotificationsEnabled + + ShowInLockScreen + + ShowInNotificationCenter + + SoundsEnabled + + + + PayloadDescription + + PayloadDisplayName + notifications + PayloadEnabled + + PayloadIdentifier + BB977315-E4CB-4915-90C7-8334C75A7C64 + PayloadOrganization + Microsoft + PayloadType + com.apple.notificationsettings + PayloadUUID + BB977315-E4CB-4915-90C7-8334C75A7C64 + PayloadVersion + 1 + + + PayloadDescription + + PayloadDisplayName + mdatp - allow notifications + PayloadEnabled + + PayloadIdentifier + 85F6805B-0106-4D23-9101-7F1DFD5EA6D6 + PayloadOrganization + Microsoft + PayloadRemovalDisallowed + + PayloadScope + System + PayloadType + Configuration + PayloadUUID + 85F6805B-0106-4D23-9101-7F1DFD5EA6D6 + PayloadVersion + 1 + + + ``` + +10. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**: diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 84088ccd42..99a5b6cc89 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -118,6 +118,16 @@ Save the **Configuration Profile**. Use the **Logs** tab to monitor deployment status for each enrolled device. +### Notification settings + +Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all machines with Defender: + + ```xml + + + PayloadContentNotificationSettingsAlertType2BadgesEnabledBundleIdentifiercom.microsoft.autoupdate2CriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledAlertType2BadgesEnabledBundleIdentifiercom.microsoft.wdavtrayCriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledPayloadDescriptionPayloadDisplayNamenotificationsPayloadEnabledPayloadIdentifierBB977315-E4CB-4915-90C7-8334C75A7C64PayloadOrganizationMicrosoftPayloadTypecom.apple.notificationsettingsPayloadUUIDBB977315-E4CB-4915-90C7-8334C75A7C64PayloadVersion1PayloadDescriptionPayloadDisplayNamemdatp - allow notificationsPayloadEnabledPayloadIdentifier85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadOrganizationMicrosoftPayloadRemovalDisallowedPayloadScopeSystemPayloadTypeConfigurationPayloadUUID85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadVersion1 + ``` + ### Package 1. Create a package in **Settings > Computer Management > Packages**. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 2f67653ec0..70d70defed 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -72,7 +72,7 @@ There are several ways to uninstall Microsoft Defender ATP for Mac. Please note ### From the command line -- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` +- ```sudo rm -rf '/Applications/Microsoft Defender ATP.app'``` ## Configuring from the command line