deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into WDAC-Docs

Browse Source
This commit is contained in:
Angela Fleischmann 2023-01-24 14:36:53 -07:00 committed by GitHub
commit 6f96bc1828
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 52 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -334,7 +334,7 @@ Value type is integer.
Supported operation is Get. Supported operation is Get.
- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode. - Bit 0 - Set to 1 when Application Guard is enabled into Windows Isolated environment mode.
- Bit 1 - Set to 1 when the client machine is Hyper-V capable. - Bit 1 - Set to 1 when the client machine is Hyper-V capable.
- Bit 2 - Reserved for Microsoft. - Bit 2 - Reserved for Microsoft.
- Bit 3 - Set to 1 when Application Guard is installed on the client machine. - Bit 3 - Set to 1 when Application Guard is installed on the client machine.

38
windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
View File

@ -111,3 +111,41 @@ listAumids("CustomerAccount")
# Get a list of AUMIDs for all accounts on the device: # Get a list of AUMIDs for all accounts on the device:
listAumids("allusers") listAumids("allusers")
``` ```
## Example
The following code sample creates a function in Windows PowerShell that returns the AUMID of any application currently listed in the Start menu.
```powershell
function Get-AppAUMID {
param (
[string]$AppName
)
$Apps = (New-Object -ComObject Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items()
if ($AppName){
$Result = $Apps | Where-Object { $_.name -like "*$AppName*" } | Select-Object name,@{n="AUMID";e={$_.path}}
if ($Result){
Return $Result
}
else {"Unable to locate {0}" -f $AppName}
}
else {
$Result = $Apps | Select-Object name,@{n="AUMID";e={$_.path}}
Return $Result
}
}
```
The following Windows PowerShell commands demonstrate how you can call the Get-AppAUMID function after you've created it.
```powershell
# Get the AUMID for OneDrive
Get-AppAUMID -AppName OneDrive
# Get the AUMID for Microsoft Word
Get-AppAUMID -AppName Word
# List all apps and their AUMID in the Start menu
Get-AppAUMID
```

2
windows/deployment/windows-10-subscription-activation.md
View File

@ -40,7 +40,7 @@ This article covers the following information:
For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md). For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
> [!NOTE] > [!NOTE]
> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy using **Select Excluded Cloud Apps**. > Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications), from their device compliance policy using **Select Excluded Cloud Apps**. For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
## Subscription activation for Enterprise ## Subscription activation for Enterprise

4
windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
View File

@ -30,8 +30,8 @@ For a device to be eligible for Windows feature updates as a part of Windows Aut
| Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. | | Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
| Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). | | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
| Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). | | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). | | Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../references/windows-autopatch-wqu-unsupported-policies.md). |
| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers). | | Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](../references/windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers). |
## Windows feature update releases ## Windows feature update releases

4
windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
View File

@ -1,7 +1,7 @@
--- ---
title: Windows quality update signals title: Windows quality update signals
description: This article explains the Windows quality update signals description: This article explains the Windows quality update signals
ms.date: 05/30/2022 ms.date: 01/24/2023
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-updates ms.technology: itpro-updates
ms.topic: conceptual ms.topic: conceptual
@ -57,5 +57,3 @@ Autopatch monitors the following reliability signals:
| Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. | | Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. |
When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Autopatch can to detect regressions, which are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers. When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Autopatch can to detect regressions, which are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers.
Once your tenant reaches 500 devices, Windows Autopatch starts generating recommendations specific to your devices. Based on this information, the service starts developing insights specific to your tenant allowing a customized response to what's happening in your environment.

4
windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
View File

@ -1,7 +1,7 @@
--- ---
title: Changes made at tenant enrollment title: Changes made at tenant enrollment
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
ms.date: 12/01/2022 ms.date: 01/24/2023
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-updates ms.technology: itpro-updates
ms.topic: reference ms.topic: reference
@ -56,13 +56,11 @@ Windows Autopatch will create Azure Active Directory groups that are required to
- Windows Autopatch - Set MDM to Win Over GPO - Windows Autopatch - Set MDM to Win Over GPO
- Windows Autopatch - Data Collection - Windows Autopatch - Data Collection
- Windows Autopatch-Window Update Detection Frequency
| Policy name | Policy description | Properties | Value | | Policy name | Policy description | Properties | Value |
| ----- | ----- | ----- | ----- | | ----- | ----- | ----- | ----- |
| Windows Autopatch-SetMDMtoWinOverGPO | Setsmobile device management (MDM)towinoverGPO<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked | | Windows Autopatch-SetMDMtoWinOverGPO | Setsmobile device management (MDM)towinoverGPO<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
| Windows Autopatch-DataCollection | AllowsdiagnosticdatafromthisdevicetobeprocessedbyMicrosoftManagedDesktop and TelemetrysettingsforWindows devices.<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> | | Windows Autopatch-DataCollection | AllowsdiagnosticdatafromthisdevicetobeprocessedbyMicrosoftManagedDesktop and TelemetrysettingsforWindows devices.<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
| Windows Autopatch-WindowsUpdateDetectionFrequency | SetsWindowsupdatedetectionfrequency<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
## Deployment rings for Windows 10 and later ## Deployment rings for Windows 10 and later

1
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -31,4 +31,5 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| Message center post number | Description | | Message center post number | Description |
| ----- | ----- | | ----- | ----- |
| [MC500889](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 Windows Autopatch baseline configuration update |
| [MC494386](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 (2023.01 B) Windows quality update deployment | | [MC494386](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 (2023.01 B) Windows quality update deployment |

8
windows/security/threat-protection/auditing/audit-audit-policy-change.md
View File

@ -49,13 +49,13 @@ Changes to audit policy that are audited include:
The following events will be enabled with Success auditing in this subcategory: The following events will be enabled with Success auditing in this subcategory:
- 4902(S): The Per-user audit policy table was created. - [4902](event-4902.md)(S): The Per-user audit policy table was created.
- 4907(S): Auditing settings on object were changed. - [4907](event-4907.md)(S): Auditing settings on object were changed.
- 4904(S): An attempt was made to register a security event source. - [4904](event-4904.md)(S): An attempt was made to register a security event source.
- 4905(S): An attempt was made to unregister a security event source. - [4905](event-4905.md)(S): An attempt was made to unregister a security event source.
All other events in this subcategory will be logged regardless of the "Audit Policy Change" setting. All other events in this subcategory will be logged regardless of the "Audit Policy Change" setting.

4
windows/security/threat-protection/auditing/audit-authorization-policy-change.md
View File

@ -20,6 +20,8 @@ ms.topic: reference
Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects. Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
**Event volume**: Medium to High.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | IF | No | IF | No | IF With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | | Domain Controller | IF | No | IF | No | IF With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
@ -40,5 +42,3 @@ Audit Authorization Policy Change allows you to audit assignment and removal of
- [4913](event-4913.md)(S): Central Access Policy on the object was changed. - [4913](event-4913.md)(S): Central Access Policy on the object was changed.
**Event volume**: Medium to High.