Merge pull request #7902 from vinaypamnani-msft/vp-tiering1

[Tiering] Update metadata for client-management
2025-05-12 13:27:23 +00:00 · 2023-02-16 13:47:40 -06:00 · 2023-02-16 13:47:40 -06:00 · 6f1de7219b
commit 6f1de7219b
parent 6b65819f90 1aae3b199a
16 changed files with 84 additions and 54 deletions
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@ -8,7 +8,9 @@ manager: aaroncz
 ms.localizationpriority: medium
 ms.date: 03/28/2022
 ms.topic: article
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@ -1,14 +1,16 @@
 ---
 title: Azure Active Directory integration with MDM
 description: Azure Active Directory is the world's largest enterprise cloud identity management service.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.date: 12/31/2017
 ---
@ -46,7 +48,7 @@ Azure AD Join also enables company owned devices to be automatically enrolled in
 > [!IMPORTANT]
 > Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](/previous-versions/azure/dn499825(v=azure.100)) license.
- 
+
 ### BYOD scenario
 Windows 10 also introduces a simpler way to configure personal devices to access work apps and resources. Users can add their Microsoft work account to Windows and enjoy simpler and safer access to the apps and resources of the organization. During this process, Azure AD detects if the organization has configured an MDM. If that’s the case, Windows attempts to enroll the device in MDM as part of the “add account” flow. In the BYOD case, users can reject the MDM Terms of Use. The device isn't enrolled in MDM and access to organization resources is typically restricted.
@ -70,7 +72,7 @@ Once a user has an Azure AD account added to Windows and enrolled in MDM, the en
 > [!NOTE]
 > Users can't remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
- 
+
 ### MDM endpoints involved in Azure AD–integrated enrollment
 Azure AD MDM enrollment is a two-step process:
@ -187,7 +189,7 @@ The following image show how MDM applications show up in the Azure app gallery.
 ### Add cloud-based MDM to the app gallery
 > [!NOTE]
-> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application 
+> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application
 The following table shows the required information to create an entry in the Azure AD app gallery.
@ -200,7 +202,7 @@ The following table shows the required information to create an entry in the Azu
 |**Icons**|A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215|
- 
+
 ### Add on-premises MDM to the app gallery
 There are no special requirements for adding on-premises MDM to the app gallery. There's a generic entry for administrators to add an app to their tenant.
@ -232,7 +234,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
 |--- |--- |--- |--- |--- |
 |FRX|OOBE|Dark theme + blue background color|Filename: Ui-dark.css|Filename: oobe-dekstop.css|
 |MOSET|Settings/Post OOBE|Light theme|Filename: Ui-light.css|Filename: settings-desktop.css|
- 
+
 ## Terms of Use protocol semantics
 The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows does a full-page redirect to this endpoint. This redirect enables the MDM to display the terms and conditions that apply. It allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
@ -332,7 +334,7 @@ The following table shows the error codes.
 |Azure AD token validation failed|302|unauthorized_client|unauthorized_client|
 |internal service error|302|server_error|internal service error|
- 
+
 ## Enrollment protocol with Azure AD
 With Azure integrated MDM enrollment, there's no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@ -6,10 +6,12 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.author: vinpa
 ms.date: 01/18/2022
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.topic: article
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
@ -29,23 +31,23 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
 ## Set up
 - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 aren't supported.
- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported. 
+- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported.
- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop. 
+- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
 Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you're using to connect to the remote PC.
 - On the PC you want to connect to:
  1. Open system properties for the remote PC.
-  
+
  2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
     ![Allow remote connections to this computer.](images/allow-rdp.png)
  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
-     
+
      - Adding users manually
-   
+
        You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:
        ```powershell
        net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
@ -62,7 +64,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
         > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there's a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
      - Adding users using policy
-     
+
         Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
         > [!TIP]
--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@ -1,7 +1,7 @@
 ---
 title: Mobile device management MDM for device updates
 description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/15/2017
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Mobile device management (MDM) for device updates
--- a/windows/client-management/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/diagnose-mdm-failures-in-windows-10.md
@ -1,7 +1,7 @@
 ---
 title: Diagnose MDM failures in Windows 10
 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/25/2018
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Diagnose MDM failures in Windows 10
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -7,9 +7,11 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 04/30/2022
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Enroll a Windows 10 device automatically using Group Policy
@ -188,19 +190,19 @@ Requirements:
   - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
   - 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](https://www.microsoft.com/download/confirmation.aspx?id=100591)
-   
+
   - 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
-   
+
   - 20H2 --> [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
   - 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
   - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
-   
+
   - 22H2 --> [Administrative Templates (.admx) for Windows 10 October 2022 Update (22H2)](https://www.microsoft.com/download/104677)
   - 22H2 --> [Administrative Templates (.admx) for Windows 11 2022 September Update (22H2)](https://www.microsoft.com/download/details.aspx?id=104593)
-   
+
 2. Install the package on the Domain Controller.
 3. Navigate, depending on the version to the folder:
@ -214,13 +216,13 @@ Requirements:
   - 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)**
   - 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
-   
+
   - 20H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2020 Update (20H2)**
   - 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
   - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update V2 (21H2)**
-    
+
   - 22H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2022 Update (22H2)**
   - 22H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 11 September 2022 Update (22H2)**
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@ -11,6 +11,7 @@ metadata:
  ms.technology: itpro-manage
  ms.collection:
    - highpri
    - tier1
  author: aczechowski
  ms.author: aaroncz
  manager: dougeby
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@ -5,10 +5,12 @@ ms.prod: windows-client
 author: vinaypamnani-msft
 ms.author: vinpa
 ms.date: 09/14/2021
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.topic: article
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
@ -51,7 +53,7 @@ First, you create a default user profile with the customizations that you want,
 1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
   > [!NOTE]
-   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. 
+   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders.
 1. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on.
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@ -1,17 +1,19 @@
 ---
 title: MDM enrollment of Windows 10-based devices
 description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
-MS-HAID: 
+MS-HAID:
  - 'p\_phdevicemgmt.enrollment\_ui'
  - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.date: 12/31/2017
 ---
@ -35,7 +37,7 @@ Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Educatio
 > [!NOTE]
 > Mobile devices can't be connected to an Active Directory domain.
-### Out-of-box-experience 
+### Out-of-box-experience
 Joining your device to an Active Directory domain during the out-of-box-experience (OOBE) isn't supported. To join a domain:
@ -90,7 +92,7 @@ There are a few instances where your device can't be connected to an Active Dire
 | You're logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                    |
 | Your device is running Windows 10 Home.                         | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Active Directory domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
- 
+
 ### Connect your device to an Azure AD domain (join Azure AD)
@ -167,9 +169,9 @@ There are a few instances where your device can't be connected to an Azure AD do
 | Your device is already managed by MDM.                          | The connect to Azure AD flow will attempt to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. |
 | Your device is running Windows 10 Home.                         | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Azure AD domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue.          |
-## Connect personally owned devices 
+
 ## Connect personally owned devices
 Personally owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 doesn't require a personal Microsoft account on devices to connect to work or school.
@ -247,7 +249,7 @@ To create a local account and connect the device:
   ![screen to set up your device](images/unifiedenrollment-rs1-33-b.png)
   After you complete the flow, your device will be connected to your organization’s MDM.
-   
+
 ### Help with connecting personally owned devices
 There are a few instances where your device may not be able to connect to work.
@ -260,7 +262,7 @@ There are a few instances where your device may not be able to connect to work.
 | You don’t have the right privileges to perform this operation. Talk to your admin.                                                                                                  | You can't enroll your device into MDM as a standard user. You must be on an administrator account. |
 | We couldn’t auto-discover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
- 
+
 ## Connect your Windows 10-based device to work using a deep link
@ -283,13 +285,13 @@ The deep link used for connecting your device to work will always use the follow
 | ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
 > [!NOTE]
-> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later. 
+> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later.
 ### Connect to MDM using a deep link
 > [!NOTE]
 > Deep links only work with Internet Explorer or Microsoft Edge browsers. Examples of URI's that may be used to connect to MDM using a deep link:
-> 
+>
 > - **ms-device-enrollment:?mode=mdm**
 > - **ms-device-enrollment:?mode=mdm&username=`someone@example.com`&servername=`https://example.server.com`**
@ -342,7 +344,7 @@ Starting in Windows 10, version 1709, selecting the **Info** button will show a
 ![work or school info.](images/unifiedenrollment-rs1-35-b.png)
 > [!NOTE]
-> Starting in Windows 10, version 1709, the **Manage** button is no longer available. 
+> Starting in Windows 10, version 1709, the **Manage** button is no longer available.
 ### Disconnect
@ -363,7 +365,7 @@ Starting in Windows 10, version 1709, you can get the advanced diagnostic report
 ![collecting enrollment management log files.](images/unifiedenrollment-rs1-37-c.png)
- 
+
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@ -9,7 +9,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Mobile Device Management overview
--- a/windows/client-management/mdm/configuration-service-provider-ddf.md
+++ b/windows/client-management/mdm/configuration-service-provider-ddf.md
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Configuration service provider DDF files
--- a/windows/client-management/mdm/configuration-service-provider-support.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@ -1,7 +1,7 @@
 ---
 title: Configuration service provider support
 description: Learn more about configuration service provider (CSP) supported scenarios.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Configuration service provider support
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@ -7,9 +7,11 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # DynamicManagement CSP
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@ -11,6 +11,7 @@ metadata:
  ms.prod: windows-client
  ms.collection:
    - highpri
    - tier1
  ms.custom: intro-hub-or-landing
  author: vinaypamnani-msft
  ms.author: vinpa
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@ -1,7 +1,7 @@
 ---
 title: Mobile device enrollment
 description: Learn how  mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/11/2017
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Mobile device enrollment
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@ -9,7 +9,9 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.reviewer: pmadrigal
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier1
 ms.date: 08/26/2022
 ---