deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs

Browse Source
This commit is contained in:
iaanw
2017-02-27 14:46:38 -08:00
parent 845886b155 f1af927662
commit 73ec92308f
397 changed files with 10720 additions and 3395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,7 +10,6 @@ Tools/NuGet/
.openpublishing.build.mdproj
.openpublishing.buildcore.ps1
packages.config
windows/keep-secure/index.md
# User-specific files
.vs/

3
1.ps1 Normal file
View File

@ -0,0 +1,3 @@
git add .
git commit -m "changes"
git push -u origin vso-10788146

1
README.md
View File

@ -8,6 +8,7 @@ Welcome! This repository houses the docs that are written for IT professionals f
- [Surface](https://technet.microsoft.com/itpro/surface)
- [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
- [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
- [HoloLens](https://technet.microsoft.com/itpro/hololens)
- [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop)
## Contributing

162
browsers/edge/available-policies.md
View File

@ -9,109 +9,123 @@ title: Available policies for Microsoft Edge (Microsoft Edge for IT Pros)
localizationpriority: high
---
# Available policies for Microsoft Edge
# Available Group Policy and Mobile Data Management (MDM) settings policies for Microsoft Edge
**Applies to:**
- Windows 10
- Windows 10 Mobile
- Windows 10, Windows Insider Program
- Windows 10 Mobile, Windows Insider Program
Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
> **Note**<br>
> For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
> [!NOTE]
> For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
## Group Policy settings
Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
| Policy name |Supported versions |Description |Options |
|Policy name|Supported versions|Description|Options|
|-------------|------------|-------------|--------|
|Allow Developer Tools |Windows 10, Version 1511 or later |This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.<p>If you enable or dont configure this setting, the F12 Developer Tools are available in Microsoft Edge.<p>If you disable this setting, the F12 Developer Tools arent available in Microsoft Edge. |**Enabled or not configured (default):** Shows the F12 Developer Tools on Microsoft Edge.<p>**Disabled:** Hides the F12 Developer Tools on Microsoft Edge. |
|Allow InPrivate browsing |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can browse using InPrivate website browsing.<p>If you enable or dont configure this setting, employees can use InPrivate website browsing.<p>If you disable this setting, employees cant use InPrivate website browsing. |**Enabled or not configured (default):** Lets employees use InPrivate website browsing.<p>**Disabled:** Stops employees from using InPrivate website browsing. |
|Allow web content on New Tab page |Windows 10 or later |This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cant change it.<p>If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.<p>If you disable this setting, Microsoft Edge opens a new tab with a blank page.<p>If you dont configure this setting, employees can choose how new tabs appears. |**Not configured (default):** Employees see web content on New Tab page, but can change it.<p>**Enabled:** Employees see web content on New Tab page.<p>**Disabled:** Employees always see an empty new tab. |
|Configure Autofill |Windows 10 or later |This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill.<p>If you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge.<p>If you disable this setting, employees cant use Autofill to automatically fill in forms while using Microsoft Edge.<p>If you dont configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge. |**Not configured (default):** Employees can choose to turn Autofill on or off.<p>**Enabled:** Employees can use Autofill to complete form fields.<p>**Disabled:** Employees cant use Autofill to complete form fields. |
|Configure cookies |Windows 10 or later|This setting lets you configure how to work with cookies.<p>If you enable this setting, you must also decide whether to:<br><ul><li>**Allow all cookies (default):** Allows all cookies from all websites.</li><li>**Block all cookies:** Blocks all cookies from all websites.</li><li>**Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites.</li></ul><p>If you disable or don't configure this setting, all cookies are allowed from all sites. |**Enabled:** Lets you decide how your company treats cookies.<br>If you use this option, you must also choose whether to:<br><ul><li>**Allow all cookies (default):** Allows all cookies from all websites.</li><li>**Block all cookies:** Blocks all cookies from all websites.</li><li>**Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites.</li></ul><p>**Disabled or not configured:** All cookies are allowed from all sites.|
|Configure Do Not Track |Windows 10 or later |This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests arent sent, but employees can choose to turn on and send requests.<p>If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info.<p>If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info.<p>If you dont configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tracking info. |**Not configured (default):** Employees can choose to send Do Not Track headers on or off.<p>**Enabled:** Employees can send Do Not Track requests to websites requesting tracking info.<p>**Disabled:** Employees cant send Do Not Track requests to websites requesting tracking info. |
|Allow Extensions |Windows 10, Version 1607 or later |This policy setting lets you decide whether employees can use Edge Extensions.<p>If you enable or dont configure this setting, employees can use Edge Extensions.<p>If you disable this setting, employees cant use Edge Extensions. |**Enabled or not configured:** Lets employees use Edge Extensions.<p>**Disabled:** Stops employees from using Edge Extensions. |
|Configure Favorites |Windows 10, Version 1511 or later |This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time.<p>If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.<p>If you disable or dont configure this setting, employees will see the Favorites that they set in the Favorites hub. |**Enabled:** Configure the default list of Favorites for your employees. If you use this option, you must also add the URLs to the sites.<p>**Disabled or not configured:** Uses the Favorites list and URLs specified in the Favorites hub. |
|Configure Home pages |Windows 10, Version 1511 or later |This policy setting lets you configure one or more Home pages. for domain-joined devices. Your employees won't be able to change this after you set it.<p>If you enable this setting, you can configure one or more Home pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format: <br>`<support.contoso.com><support.microsoft.com>`<p>If you disable or dont configure this setting, your default Home page is the webpage specified in App settings. |**Enabled:** Configure your Home pages. If you use this option, you must also include site URLs.<p>**Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings. |
|Configure Password Manager |Windows 10 or later |This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.<p>If you enable this setting, employees can use Password Manager to save their passwords locally.<p>If you disable this setting, employees cant use Password Manager to save their passwords locally.<p>If you dont configure this setting, employees can choose whether to use Password Manager to save their passwords locally. |**Not configured:** Employees can choose whether to use Password Manager.<p>**Enabled (default):** Employees can use Password Manager to save passwords locally.<p>**Disabled:** Employees can't use Password Manager to save passwords locally. |
|Configure Pop-up Blocker |Windows 10 or later |This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.<p>If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.<p>If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear.<p>If you dont configure this setting, employees can choose whether to use Pop-up Blocker. |**Enabled or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows.<p>**Disabled:** Turns off Pop-up Blocker, allowing pop-up windows. |
|Configure search suggestions in Address bar |Windows 10 or later |This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.<p>If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge.<p>If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge.<p>If you dont configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. |**Not configured (default):** Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.<p>**Enabled:** Employees can see search suggestions in the Address bar of Microsoft Edge.<p>**Disabled:** Employees cant see search suggestions in the Address bar of Microsoft Edge. |
|Configure SmartScreen Filter |Windows 10 or later |This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, SmartScreen Filter is turned on.<p>If you enable this setting, SmartScreen Filter is turned on and employees cant turn it off.<p>If you disable this setting, SmartScreen Filter is turned off and employees cant turn it on.<p>If you dont configure this setting, employees can choose whether to use SmartScreen Filter. |**Not configured (default):** Employees can choose whether to use SmartScreen Filter.<p>**Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.<p>**Disabled:** Turns off SmartScreen Filter. |
|Configure the Enterprise Mode Site List |Windows 10 or later| This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.<p>If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.<p>If you disable or dont configure this setting, Microsoft Edge wont use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.<p>**Note**<br>If theres an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If youre already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.|**Enabled:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if its configured.<p>If you use this option, you must also add the location to your site list in the `{URI}` box. When configured, any site on the list will always open in Internet Explorer 11.<p>**Disabled or not configured (default):** You won't be able to use the Enterprise Mode Site List.|
|Prevent access to the about:flags page |Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.<p>If you enable this policy setting, employees cant access the about:flags page.<p>If you disable or dont configure this setting, employees can access the about:flags page. |**Enabled:** Stops employees from using the about:flags page.<p>**Disabled or not configured (default):** Lets employees use the about:flags page. |
|Prevent bypassing SmartScreen prompts for files |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unverified files.<p>If you enable this setting, employees cant ignore SmartScreen Filter warnings and theyre blocked from downloading the unverified files.<p>If you disable or dont configure this setting, employees can ignore SmartScreen Filter warnings and continue the download process. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about unverified files.<p>**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about unverified files and lets them continue the download process. |
|Prevent bypassing SmartScreen prompts for sites |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites.<p>If you enable this setting, employees cant ignore SmartScreen Filter warnings and theyre blocked from continuing to the site.<p>If you disable or dont configure this setting, employees can ignore SmartScreen Filter warnings and continue to the site. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about potentially malicious sites.<p>**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about potentially malicious sites and continue to the site. |
|Prevent using Localhost IP address for WebRTC |Windows 10, Version 1511 or later |This policy setting lets you decide whether an employees Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.<p>If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.<p>If you disable or dont configure this setting, Localhost IP addresses are shown while making calls using the WebRTC protocol. |**Enabled:** Hides the Localhost IP address during calls using the WebRTC protocol.<p>**Disabled or not configured (default):** Shows the Localhost IP address during phone calls using the WebRTC protocol. |
|Send all intranet sites to Internet Explorer 11 |Windows 10 or later |This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.<p>If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.<p>If you disable or dont configure this setting, all websites, including intranet sites, are automatically opened using Microsoft Edge. |**Enabled:** Automatically opens all intranet sites using Internet Explorer 11.<p>**Disabled or not configured (default):** Automatically opens all websites, including intranet sites, using Microsoft Edge. |
|Show message when opening sites in Internet Explorer |Windows 10, Version 1607 and later |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you disable or dont configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>**Disabled or not configured (default):** Doesnt show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. |
|Allow Address bar drop-down list suggestions|Windows 10, Windows Insider Program|This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.<p>**Note**<br>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.<p>If you enable or don't configure this setting, employees can see the Address bar drop-down functionality in Microsoft Edge.<p>If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type".|**Enabled or not configured (default):** Employees can see the Address bar drop-down functionality in Microsoft Edge.<p>**Disabled:** Employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type".|
|Allow Adobe Flash|Windows 10 or later|This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.<p>If you enable or don't configure this setting, employees can use Adobe Flash.<p>If you disable this setting, employees can't use Adobe Flash.|**Enabled or not configured (default):** Employees use Adobe Flash in Microsoft Edge.<p>**Disabled:** Employees cant use Adobe Flash.|
|Allow clearing browsing data on exit|Windows 10, Windows Insider Program|This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.<p>If you enable this policy setting, clearing browsing history on exit is turned on.<p>If you disable or don't configure this policy setting, it can be turned on and configured by the employee in the Clear browsing data options area, under Settings.|**Enabled:** Turns on the automatic clearing of browsing data when Microsoft Edge closes.<p>**Disabled or not configured (default):** Employees can turn on and configure whether to automatically clear browsing data when Microsoft Edge closes in the Clear browsing data options area under Settings.|
|Allow Developer Tools|Windows 10, Version 1511 or later|This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.<p>If you enable or dont configure this setting, the F12 Developer Tools are available in Microsoft Edge.<p>If you disable this setting, the F12 Developer Tools arent available in Microsoft Edge.|**Enabled or not configured (default):** Shows the F12 Developer Tools on Microsoft Edge.<p>**Disabled:** Hides the F12 Developer Tools on Microsoft Edge.|
|Allow Extensions|Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can use Edge Extensions.<p>If you enable or dont configure this setting, employees can use Edge Extensions.<p>If you disable this setting, employees cant use Edge Extensions.|**Enabled or not configured:** Lets employees use Edge Extensions.<p>**Disabled:** Stops employees from using Edge Extensions.|
|Allow InPrivate browsing|Windows 10, Version 1511 or later|This policy setting lets you decide whether employees can browse using InPrivate website browsing.<p>If you enable or dont configure this setting, employees can use InPrivate website browsing.<p>If you disable this setting, employees cant use InPrivate website browsing.|**Enabled or not configured (default):** Lets employees use InPrivate website browsing.<p>**Disabled:** Stops employees from using InPrivate website browsing.|
|Allow Microsoft Compatibility List|Windows 10, Version 1607 or later|This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat.<p>If you enable or dont configure this setting, Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though its in whatever version of IE is necessary for it to appear properly.<p>If you disable this setting, the Microsoft Compatibility List isnt used during browser navigation.|**Enabled or not configured (default):** Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though its in whatever version of IE is necessary for it to appear properly.<p>**Disabled:** Microsoft Edge doesnt use the Microsoft Compatibility List during browser navigation.|
|Allow search engine customization|Windows 10, Windows Insider Program|This policy setting lets you decide whether users can change their search engine.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable or don't configure this policy, users can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.<p>If you disable this setting, users can't add search engines or change the default used in the address bar.|**Enabled or not configured (default):** Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.<p>**Disabled:** Employees can't add search engines or change the default used in the Address bar.|
|Allow web content on New Tab page|Windows 10 or later|This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cant change it.<p>If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.<p>If you disable this setting, Microsoft Edge opens a new tab with a blank page.<p>If you dont configure this setting, employees can choose how new tabs appears.|**Not configured (default):** Employees see web content on New Tab page, but can change it.<p>**Enabled:** Employees see web content on New Tab page.<p>**Disabled:** Employees always see an empty new tab.|
|Configure additional search engines|Windows 10, Windows Insider Program|This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link(s) you wish to add:<br>`<https://fabrikam.com/opensearch.xml>https://www.contoso.com/opensearch.xml`<p>If you disable this setting, any added search engines are removed from your employee's devices.<p>If you don't configure this setting, the search engine list is set to what is specified in App settings.|**Enabled:** Add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine.<p>**Disabled (default):** Any additional search engines are removed from your employee's devices.<p>**Not configured:** Search engine list is set to what is specified in App settings.|
|Configure Autofill|Windows 10 or later|This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill.<p>If you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge.<p>If you disable this setting, employees cant use Autofill to automatically fill in forms while using Microsoft Edge.<p>If you dont configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge.|**Not configured (default):** Employees can choose to turn Autofill on or off.<p>**Enabled:** Employees can use Autofill to complete form fields.<p>**Disabled:** Employees cant use Autofill to complete form fields.|
|Configure cookies|Windows 10 or later|This setting lets you configure how to work with cookies.<p>If you enable this setting, you must also decide whether to:<br><ul><li>**Allow all cookies (default):** Allows all cookies from all websites.</li><li>**Block all cookies:** Blocks all cookies from all websites.</li><li>**Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites.</li></ul><p>If you disable or don't configure this setting, all cookies are allowed from all sites.|**Enabled:** Lets you decide how your company treats cookies.<br>If you use this option, you must also choose whether to:<br><ul><li>**Allow all cookies (default):** Allows all cookies from all websites.</li><li>**Block all cookies:** Blocks all cookies from all websites.</li><li>**Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites.</li></ul><p>**Disabled or not configured:** All cookies are allowed from all sites.|
|Configure Do Not Track|Windows 10 or later|This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests arent sent, but employees can choose to turn on and send requests.<p>If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info.<p>If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info.<p>If you dont configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tracking info.|**Not configured (default):** Employees can choose to send Do Not Track headers on or off.<p>**Enabled:** Employees can send Do Not Track requests to websites requesting tracking info.<p>**Disabled:** Employees cant send Do Not Track requests to websites requesting tracking info.|
|Configure Favorites|Windows 10, Version 1511 or later|This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time.<p>If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.<p>If you disable or dont configure this setting, employees will see the Favorites that they set in the Favorites hub.|**Enabled:** Configure the default list of Favorites for your employees. If you use this option, you must also add the URLs to the sites.<p>**Disabled or not configured:** Uses the Favorites list and URLs specified in the Favorites hub.|
|Configure Password Manager|Windows 10 or later|This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.<p>If you enable this setting, employees can use Password Manager to save their passwords locally.<p>If you disable this setting, employees cant use Password Manager to save their passwords locally.<p>If you dont configure this setting, employees can choose whether to use Password Manager to save their passwords locally.|**Not configured:** Employees can choose whether to use Password Manager.<p>**Enabled (default):** Employees can use Password Manager to save passwords locally.<p>**Disabled:** Employees can't use Password Manager to save passwords locally.|
|Configure Pop-up Blocker|Windows 10 or later|This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.<p>If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.<p>If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear.<p>If you dont configure this setting, employees can choose whether to use Pop-up Blocker.|**Enabled or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows.<p>**Disabled:** Turns off Pop-up Blocker, allowing pop-up windows.|
|Configure search suggestions in Address bar|Windows 10 or later|This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.<p>If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge.<p>If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge.<p>If you dont configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.|**Not configured (default):** Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.<p>**Enabled:** Employees can see search suggestions in the Address bar of Microsoft Edge.<p>**Disabled:** Employees cant see search suggestions in the Address bar of Microsoft Edge.|
|Configure Start pages|Windows 10, Version 1511 or later|This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it.<p>If you enable this setting, you can configure one or more Start pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format: <br>`<support.contoso.com><support.microsoft.com>`<p>If you disable or dont configure this setting, your default Start page is the webpage specified in App settings.|**Enabled:** Configure your Start pages. If you use this option, you must also include site URLs.<p>**Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings.|
|Configure the Adobe Flash Click-to-Run setting|Windows 10, Windows Insider Program|This policy setting lets you decide whether employees must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.<p>If you enable or dont configure the Adobe Flash Click-to-Run setting, an employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.<p>**Important**<br>Sites are put on the auto-allowed list based on how frequently employees load and run the content.<p>If you disable this setting, Adobe Flash content is automatically loaded and run by Microsoft Edge.|**Enabled or not configured:** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.<p>**Disabled:** Adobe Flash content is automatically loaded and run by Microsoft Edge.|
|Configure the Enterprise Mode Site List|Windows 10 or later|This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.<p>If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.<p>If you disable or dont configure this setting, Microsoft Edge wont use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.<p>**Note**<br>If theres an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If youre already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.|**Enabled:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if its configured.<p>If you use this option, you must also add the location to your site list in the `{URI}` box. When configured, any site on the list will always open in Internet Explorer 11.<p>**Disabled or not configured (default):** You won't be able to use the Enterprise Mode Site List.|
|Configure Windows Defender SmartScreen|Windows 10 or later|This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.<p>If you enable this setting, Windows Defender SmartScreen is turned on and employees cant turn it off.<p>If you disable this setting, Windows Defender SmartScreen is turned off and employees cant turn it on.<p>If you dont configure this setting, employees can choose whether to use Windows Defender SmartScreen.|**Not configured (default):** Employees can choose whether to use Windows Defender SmartScreen.<p>**Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.<p>**Disabled:** Turns off Windows Defender SmartScreen.|
|Disable lockdown of Start pages|Windows 10, Windows Insider Program|This policy setting lets you disable the lock down of Start pages, letting employees modify the Start pages when the "Configure Start pages" setting is in effect.<p>**Note**<br>This setting only applies when you're using the “Configure Start pages" setting.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means that employees can modify them.<p>If you disable or don't configure this setting, employees can't change any Start pages configured using the "Configure Start pages" setting, thereby locking down the Start pages.|**Enabled:** Youre unable to lock down any Start pages that are configured using the "Configure Start pages" setting, which means that your employees can modify them.<p>**Disabled or not configured (default):** Employees can't change any Start pages configured using the "Configure Start pages" setting.|
|Keep favorites in sync between Internet Explorer and Microsoft Edge|Windows 10, Windows Insider Program|This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge.<p>If you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge.<p>If you disable or don't configure this setting, employees cant sync their favorites between Internet Explorer and Microsoft Edge.|**Enabled:** Employees can sync their Favorites between Internet Explorer and Microsoft Edge.<p>**Disabled or not configured (default):** Employees cant sync their Favorites between Internet Explorer and Microsoft Edge.|
|Prevent access to the about:flags page|Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.<p>If you enable this policy setting, employees cant access the about:flags page.<p>If you disable or dont configure this setting, employees can access the about:flags page.|**Enabled:** Stops employees from using the about:flags page.<p>**Disabled or not configured (default):** Lets employees use the about:flags page.|
|Prevent bypassing Windows Defender SmartScreen prompts for files|Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.<p>If you enable this setting, employees cant ignore Windows Defender SmartScreen warnings and theyre blocked from downloading the unverified files.<p>If you disable or dont configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download process.|**Enabled:** Stops employees from ignoring the Windows Defender SmartScreen warnings about unverified files.<p>**Disabled or not configured (default):** Lets employees ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.|
|Prevent bypassing Windows Defender SmartScreen prompts for sites|Windows 10, Version 1511 or later|This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.<p>If you enable this setting, employees cant ignore Windows Defender SmartScreen warnings and theyre blocked from continuing to the site.<p>If you disable or dont configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.|**Enabled:** Stops employees from ignoring the Windows Defender SmartScreen warnings about potentially malicious sites.<p>**Disabled or not configured (default):** Lets employees ignore the Windows Defender SmartScreen warnings about potentially malicious sites and continue to the site.|
|Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start|Windows 10, Windows Insider Program|This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.<p>If you enable this setting, Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.<p>If you disable or don't configure this setting, Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.|**Enabled:** Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.<p>**Disabled or not configured (default):** Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.|
|Prevent the First Run webpage from opening on Microsoft Edge|Windows 10, Windows Insider Program|This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.<p>If you enable this setting, employees won't see the First Run page when opening Microsoft Edge for the first time.<p>If you disable or don't configure this setting, employees will see the First Run page when opening Microsoft Edge for the first time.|**Enabled:** Employees won't see the First Run page when opening Microsoft Edge for the first time.<p>**Disabled or not configured (default):** Employees will see the First Run page when opening Microsoft Edge for the first time.|
|Prevent using Localhost IP address for WebRTC|Windows 10, Version 1511 or later|This policy setting lets you decide whether an employees Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.<p>If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.<p>If you disable or dont configure this setting, Localhost IP addresses are shown while making calls using the WebRTC protocol.|**Enabled:** Hides the Localhost IP address during calls using the WebRTC protocol.<p>**Disabled or not configured (default):** Shows the Localhost IP address during phone calls using the WebRTC protocol.|
|Send all intranet sites to Internet Explorer 11|Windows 10 or later|This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.<p>If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.<p>If you disable or dont configure this setting, all websites, including intranet sites, are automatically opened using Microsoft Edge.|**Enabled:** Automatically opens all intranet sites using Internet Explorer 11.<p>**Disabled or not configured (default):** Automatically opens all websites, including intranet sites, using Microsoft Edge.|
|Set default search engine|Windows 10, Windows Insider Program|This policy setting lets you configure the default search engine for your employees. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable this setting, you can choose a default search engine for your employees. If this setting is enabled, you must also add the default engine to the “Set default search engine” setting, by adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link you wish to add:<br>`https://fabrikam.com/opensearch.xml`<p>**Note**<br>If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.<p>If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.<p>If you don't configure this setting, the default search engine is set to the one specified in App settings.|**Enabled:** You can choose a default search engine for your employees.<p>**Disabled:** The policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.<p>**Not configured (default):** The default search engine is set to the one specified in App settings.|
|Show message when opening sites in Internet Explorer|Windows 10, Version 1607 and later|This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you disable or dont configure this setting, the default app behavior occurs and no additional page appears.|**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>**Disabled or not configured (default):** Doesnt show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.|
## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
> **Note**<br>
> [!NOTE]
> The **Supports** column uses these options:
- **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
- **Mobile.** Supports Windows 10 Mobile devices only.
- **Both.** Supports both desktop and mobile devices.
> - **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
> - **Mobile.** Supports Windows 10 Mobile devices only.
> - **Both.** Supports both desktop and mobile devices.
All devices must be enrolled with Intune if you want to use the Windows Custom URI Policy.
| Policy name |Supported versions |Supported device |Details |
|Policy name|Supported versions|Supported device|Details|
|-------------|-------------------|-----------------|--------|
|AllowAutofill|Windows 10 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Autofill to complete form fields.</li><li>**1 (default).** Employees can use Autofill to complete form fields.</li></ul></li></ul>
|AllowBrowser |Windows 10 or later |Mobile |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowBrowser</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Microsoft Edge.</li><li>**1 (default).** Employees can use Microsoft Edge.</li></ul></li></ul>|
|AllowCookies |Windows 10 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Allows all cookies from all sites.</li><li>**1.** Blocks only cookies from 3rd party websites</li><li>**2.** Blocks all cookies from all sites.</li></ul></li></ul> |
|AllowDeveloperTools |Windows 10, Version 1511 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools</li><li>**Data type:** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees can't use the F12 Developer Tools</li><li>**1 (default).** Employees can use the F12 Developer Tools</li></ul></li></ul> |
|AllowDoNotTrack |Windows 10 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Stops employees from sending Do Not Track headers to websites requesting tracking info.</li><li>**1.** Employees can send Do Not Track headers to websites requesting tracking info.</li></ul></li></ul> |
|AllowExtensions |Windows 10, Version 1607 and later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Edge Extensions.</li><li>**1 (default).** Employees can use Edge Extensions.</li></ul></li></ul> |
|AllowInPrivate |Windows 10, Version 1511 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use InPrivate browsing.</li><li>**1 (default).** Employees can use InPrivate browsing.</li></ul></li></ul> |
|AllowPasswordManager |Windows 10 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can't use Password Manager to save passwords locally.</li><li>**1.** Employees can use Password Manager to save passwords locally.</li></ul></li></ul> |
|AllowPopups |Windows 10 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Pop-up Blocker, allowing pop-up windows.</li><li>**1.** Turns on Pop-up Blocker, stopping pop-up windows.</li></ul></li></ul> |
|AllowSearchSuggestions<br>inAddressBar |Windows 10 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees cant see search suggestions in the Address bar of Microsoft Edge.</li><li>**1.** Employees can see search suggestions in the Address bar of Microsoft Edge.</li></ul></li></ul> |
|AllowSmartScreen |Windows 10 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off SmartScreen Filter.</li><li>**1.** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.</li></ul></li></ul> |
|EnterpriseModeSiteList |Windows 10 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Not configured.</li><li>**1 (default).** Use the Enterprise Mode Site List, if configured.</li><li>**2.** Specify the location to the site list.</li></ul><p>**Note**<br>If theres an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If youre already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.</li></ul>|
|Favorites |Windows 10, Version 1511 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/Favorites</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the **Favorite** URLs for your employees.<p>**Example:**<br>`<contoso.com>`<br>`<fabrikam.com>`<p>**Note**<br> URLs must be on separate lines and aren't shared between Microsoft Edge and Internet Explorer 11.</li></ul> |
|FirstRunURL |Windows 10, Version 1511 or later |Mobile |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/FirstRunURL</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the first run URL for your employees.<p>**Example:**<br>`<contoso.one>`</li></ul></li></ul> |
|HomePages |Windows 10, Version 1511 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/HomePages</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the Home page URLs for your employees.<p>**Example:**<br>`<contoso.com/support><fabrikam.com/support>`</li></ul></li></ul> |
|PreventAccessToAbout<br>FlagsInMicrosoftEdge |Windows 10, Version 1607 and later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can access the about:flags page in Microsoft Edge.</li><li>**1.** Employees can't access the about:flags page in Microsoft Edge.</li></ul></li></ul> |
|PreventSmartScreen<br>PromptOverride |Windows 10, Version 1511 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can ignore SmartScreen warnings.</li><li>**1.** Employees can't ignore SmartScreen warnings.</li></ul></li></ul> |
|PreventSmartScreen<br>PromptOverrideFor<br>Files |Windows 10, Version 1511 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles </li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can ignore SmartScreen warnings for files.</li><li>**1.** Employees can't ignore SmartScreen warnings for files.</li></ul></li></ul> |
|PreventUsingLocalHost<br>IPAddressForWebRTC |Windows 10, Version 1511 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Shows an employee's LocalHost IP address while using the WebRTC protocol.</li><li>**1.** Doesn't show an employee's LocalHost IP address while using the WebRTC protocol.</li></ul></li></ul> |
|SendIntranetTraffic<br>toInternetExplorer |Windows 10 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Automatically opens all websites, including intranet sites, using Microsoft Edge.</li><li>**1.** Automatically opens all intranet sites using Internet Explorer 11.</li></ul></li></ul> |
|ShowMessageWhen<br>OpeningInteretExplorer<br>Sites |Windows 10, Version 1607 and later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInteretExplorer</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Doesnt show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li><li>**1.** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li></ul></li></ul> |
|AllowAddressBarDropdown|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."</li><li>**1 (default).** Allowed. Address bar drop-down is enabled.</li></ul></li></ul>|
|AllowAutofill|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Autofill to complete form fields.</li><li>**1 (default).** Employees can use Autofill to complete form fields.</li></ul></li></ul>|
|AllowBrowser|Windows 10 or later|Mobile|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowBrowser</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Microsoft Edge.</li><li>**1 (default).** Employees can use Microsoft Edge.</li></ul></li></ul>|
|AllowCookies|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Allows all cookies from all sites.</li><li>**1.** Blocks only cookies from 3rd party websites</li><li>**2.** Blocks all cookies from all sites.</li></ul></li></ul>|
|AllowDeveloperTools|Windows 10, Version 1511 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools</li><li>**Data type:** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees can't use the F12 Developer Tools</li><li>**1 (default).** Employees can use the F12 Developer Tools</li></ul></li></ul>|
|AllowDoNotTrack|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Stops employees from sending Do Not Track headers to websites requesting tracking info.</li><li>**1.** Employees can send Do Not Track headers to websites requesting tracking info.</li></ul></li></ul>|
|AllowExtensions|Windows 10, Version 1607 and later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Edge Extensions.</li><li>**1 (default).** Employees can use Edge Extensions.</li></ul></li></ul>|
|AllowFlash|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Not allowed. Employees cant use Adobe Flash</li><li>**1 (default).** Allowed. Employees can use Adobe Flash.</li></ul></li></ul>|
|AllowFlashClickToRun|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Adobe Flash content is automatically loaded and run by Microsoft Edge</li><li>**1 (default).** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.</li></ul></li></ul>|
|AllowInPrivate|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use InPrivate browsing.</li><li>**1 (default).** Employees can use InPrivate browsing.</li></ul></li></ul>|
|AllowMicrosoftCompatibilityList|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Additional search engines aren't allowed and the default cant be changed in the Address bar.</li><li>**1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.</li></ul></li></ul>|
|AllowPasswordManager|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can't use Password Manager to save passwords locally.</li><li>**1.** Employees can use Password Manager to save passwords locally.</li></ul></li></ul>|
|AllowPopups|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Pop-up Blocker, allowing pop-up windows.</li><li>**1.** Turns on Pop-up Blocker, stopping pop-up windows.</li></ul></li></ul>|
|AllowSearchEngineCustomization|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Additional search engines are not allowed and the default cant be changed in the Address bar.</li><li>**1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.</li></ul></li></ul>|
|AllowSearchSuggestions<br>inAddressBar|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees cant see search suggestions in the Address bar of Microsoft Edge.</li><li>**1.** Employees can see search suggestions in the Address bar of Microsoft Edge.</li></ul></li></ul>|
|AllowSmartScreen|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Windows Defender SmartScreen.</li><li>**1.** Turns on Windows Defender SmartScreen, providing warning messages to your employees about potential phishing scams and malicious software.</li></ul></li></ul>|
|ClearBrowsingDataOnExit|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.</li><li>**1.** Browsing data is cleared on exit.</li></ul></li></ul>|
|ConfigureAdditionalSearchEngines|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Additional search engines are not allowed.</li><li>**1.** Additional search engines are allowed.</li></ul></li></ul>|
|DisableLockdownOfStartPages|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.</li><li>**1.** Disable lockdown of the Start pages and allow users to modify them.</li></ul></li></ul>|
|EnterpriseModeSiteList|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Not configured.</li><li>**1 (default).** Use the Enterprise Mode Site List, if configured.</li><li>**2.** Specify the location to the site list.</li></ul><p>**Note**<br>If theres an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If youre already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.</li></ul>|
|Favorites|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/Favorites</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the **Favorite** URLs for your employees.<p>**Example:**<br>`<contoso.com>`<br>`<fabrikam.com>`<p>**Note**<br> URLs must be on separate lines and aren't shared between Microsoft Edge and Internet Explorer 11.</li></ul>|
|FirstRunURL|Windows 10, Version 1511 or later|Mobile|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/FirstRunURL</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the first run URL for your employees.<p>**Example:**<br>`<contoso.one>`</li></ul></li></ul>|
|HomePages|Windows 10, Version 1511 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/HomePages</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the Start page (previously known as Home page) URLs for your employees.<p>**Example:**<br>`<contoso.com/support><fabrikam.com/support>`</li></ul></li></ul>|
|PreventAccessToAbout<br>FlagsInMicrosoftEdge|Windows 10, Version 1607 and later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can access the about:flags page in Microsoft Edge.</li><li>**1.** Employees can't access the about:flags page in Microsoft Edge.</li></ul></li></ul>|
|PreventFirstRunPage|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees see the First Run webpage.</li><li>**1.** Employees don't see the First Run webpage.</li></ul></li></ul>|
|PreventLiveTileDataCollection|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.</li><li>**1.** Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.</li></ul></li></ul>|
|PreventSmartScreenPromptOverride|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Windows Defender SmartScreen.</li><li>**1.** Turns on Windows Defender SmartScreen.</li></ul></li></ul>|
|PreventSmartScreenPromptOverrideForFiles|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Lets employees ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.</li><li>**1.** Stops employees from ignoring the Windows Defender SmartScreen warnings about unverified files.</li></ul></li></ul>|
|PreventUsingLocalHost<br>IPAddressForWebRTC|Windows 10, Version 1511 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Shows an employee's LocalHost IP address while using the WebRTC protocol.</li><li>**1.** Doesn't show an employee's LocalHost IP address while using the WebRTC protocol.</li></ul></li></ul>|
|SendIntranetTraffic<br>toInternetExplorer|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Automatically opens all websites, including intranet sites, using Microsoft Edge.</li><li>**1.** Automatically opens all intranet sites using Internet Explorer 11.</li></ul></li></ul>|
|SetDefaultSearchEngine|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** The default search engine is set to the one specified in App settings.</li><li>**1.** Allows you to configure the default search engine for your employees.</li></ul></li></ul>|
|ShowMessageWhen<br>OpeningInteretExplorer<br>Sites|Windows 10, Version 1607 and later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInteretExplorer</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Doesnt show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li><li>**1.** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li></ul></li></ul>|
|SyncFavoritesBetweenIEAndMicrosoftEdge|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Synchronization is turned off.</li><li>**1.** Synchronization is turned on.</li></ul></li></ul>|
## Microsoft Edge and Windows 10-specific Group Policy settings
These are additional Windows 10-specific Group Policy settings that work with Microsoft Edge.
|Group Policy setting |Description |Options |
| --------------------|--------------|---------|
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Whether employees can use Cortana. |**Enabled or not configured:** Employees can use Cortana on their devices.<p>**Disabled:** Stops employees from using Cortana on their devices.<p>**Note** Employees can still perform searches even with Cortana turned off. |
|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync |Whether employees can use the **Sync your Settings** options to sync their settings to and from their device. |**Enabled:** Turns off the **Sync your Settings** options and none of the **Sync your Setting** groups are synced on the device. You can use the **Allow users to turn syncing on** option to turn the feature off by default, but to let the employee change this setting.<p>**Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting employees pick what can sync on their device. |
|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings |Whether a browser group can use the **Sync your Settings** options to sync their info to and from their device. This includes settings and info like **History** and Favorites. |**Enabled:** Turns off the **Sync your Settings** options so that browser groups are unable to sync their settings and info. You can use the **Allow users to turn browser syncing on** option to turn the feature off by default, but to let the employee change this setting.<p>**Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting browser groups pick what can sync on their device. |
|Group Policy setting|Description|Options|
|--------------------|--------------|---------|
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana|Whether employees can use Cortana.|**Enabled or not configured:** Employees can use Cortana on their devices.<p>**Disabled:** Stops employees from using Cortana on their devices.<p>**Note** Employees can still perform searches even with Cortana turned off.|
|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync|Whether employees can use the **Sync your Settings** options to sync their settings to and from their device.|**Enabled:** Turns off the **Sync your Settings** options and none of the **Sync your Setting** groups are synced on the device. You can use the **Allow users to turn syncing on** option to turn the feature off by default, but to let the employee change this setting.<p>**Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting employees pick what can sync on their device.|
|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings|Whether a browser group can use the **Sync your Settings** options to sync their info to and from their device. This includes settings and info like **History** and Favorites.|**Enabled:** Turns off the **Sync your Settings** options so that browser groups are unable to sync their settings and info. You can use the **Allow users to turn browser syncing on** option to turn the feature off by default, but to let the employee change this setting.<p>**Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting browser groups pick what can sync on their device.|
## Microsoft Edge and Windows 10-specific MDM policy settings
These are additional Windows 10-specific MDM policy settings that work with Microsoft Edge.
|MDM Policy name |Supports |Details |
|----------------|--------------|------------------- |
|AllowCortana |Both | <ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Cortana on their devices.</li><li>**1 (default).** Employees can use Cortana on their devices.</li></ul></li></ul> |
|AllowSyncMySettings |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant sync settings between PCs.</li><li>**1 (default).** Employees can sync between PCs.</li></ul></li></ul> |
|MDM Policy name|Supports|Details|
|----------------|--------------|-------------------|
|AllowCortana|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Cortana on their devices.</li><li>**1 (default).** Employees can use Cortana on their devices.</li></ul></li></ul>|
|AllowSyncMySettings|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant sync settings between PCs.</li><li>**1 (default).** Employees can sync between PCs.</li></ul></li></ul>|
## Related topics
* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
 
 
 
* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)

5
browsers/edge/change-history-for-microsoft-edge.md
View File

@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
## February 2017
|New or changed topic | Description |
|----------------------|-------------|
|[Available Group Policy and Mobile Data Management (MDM) settings policies for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. |
## November 2016
|New or changed topic | Description |
|----------------------|-------------|

12
browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
View File

@ -29,7 +29,7 @@ If you're having trouble deciding whether Microsoft Edge is good for your organi
![Microsoft Edge infographic](images/microsoft-edge-infographic-sm.png)<br>
[Click to enlarge](img-microsoft-edge-infographic-lg.md)<br>
[Click to download image](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
### Microsoft Edge
Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
@ -50,10 +50,10 @@ IE11 offers enterprises additional security, manageability, performance, backwar
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
## Related topics
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/en-us/browser/mt612809.aspx)
- [Download Internet Explorer 11](http://windows.microsoft.com/en-US/internet-explorer/download-ie)
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892)
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
- [Download Internet Explorer 11](http://windows.microsoft.com/internet-explorer/download-ie)
- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index)
- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-ieak/index)
- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/itpro/internet-explorer/ie11-ieak/index)
- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)

2
browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
View File

@ -17,7 +17,7 @@ If youre having problems launching your legacy apps while running Internet Ex
1. **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.

4
browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
View File

@ -41,8 +41,8 @@ In IE, press **ALT+V** to show the **View** menu, press **T** to enter the **Too
## Where did the search box go?
IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
**Note**<br>
Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
>[!NOTE]
>Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
 

5
devices/hololens/TOC.md
View File

@ -1,8 +1,9 @@
# [Microsoft HoloLens](index.md)
## [HoloLens in the enterprise: requirements](hololens-requirements.md)
## [Set up HoloLens](hololens-setup.md)
## [Unlock Windows Holographic Enterprise features](hololens-upgrade-enterprise.md)
## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Set up HoloLens in kiosk mode](hololens-kiosk.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

21
devices/hololens/change-history-hololens.md Normal file
View File

@ -0,0 +1,21 @@
---
title: Change history for Microsoft HoloLens documentation
description: This topic lists new and updated topics for HoloLens.
keywords: change history
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerMS
localizationpriority: medium
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
## January 2017
| New or changed topic | Description |
| --- | --- |
| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |

5
devices/hololens/hololens-enroll-mdm.md
View File

@ -6,14 +6,15 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Enroll HoloLens in MDM
You can manage multiple HoloLens devices simultaneously using solutions like Microsoft InTune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need.
You can manage multiple Microsoft HoloLens devices simultaneously using solutions like Microsoft InTune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need.
>[!NOTE]
>Mobile device management (MDM) for Development Edition HoloLens does not include VPN, BitLocker, or kiosk mode. Those features are only available when you [upgrade to Windows Holographic Enterprise](hololens-upgrade-enterprise.md).
>Mobile device management (MDM) for the Development edition of HoloLens does not include VPN, BitLocker, or kiosk mode. Those features are only available when you [upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
## Requirements

3
devices/hololens/hololens-install-apps.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Install apps on HoloLens
@ -15,7 +16,7 @@ The recommended way to install Universal Windows Platform (UWP) apps on HoloLens
You can also deploy apps using your mobile device management (MDM) provider or use the Windows Device Portal to install apps, if you enable **Developer Mode** on the HoloLens device.
>[!IMPORTANT]
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device.** Developer Mode** on a device that has been upgraded to Windows Holographic Enterprise enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device.**Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
## Use Windows Store for Business to deploy apps to HoloLens

5
devices/hololens/hololens-kiosk.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Set up HoloLens in kiosk mode
@ -17,7 +18,7 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/holographic/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
>[!IMPORTANT]
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic Enterprise enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/holographic/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/holographic/Using_the_Windows_Device_Portal.html#connecting_over_usb).
@ -31,7 +32,7 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
![Kiosk Mode](images/kiosk.png)
>[!NOTE]
>The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has an [Enterprise license](hololens-upgrade-enterprise.md).
>The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.

9
devices/hololens/hololens-provisioning.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Configure HoloLens using a provisioning package
@ -13,7 +14,7 @@ author: jdeckerMS
Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Imaging and Configuration Designer (ICD), a tool for configuring images and runtime settings which are then built into provisioning packages.
Some of the HoloLens configurations that you can apply in a provisioning package:
- Upgrade to Windows Holographic Enterprise
- Upgrade to Windows Holographic for Business
- Set up a local account
- Set up a Wi-Fi connection
- Apply certificatess to the device
@ -31,7 +32,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
## Create a provisioning package for HoloLens
>[!NOTE]
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic Enterprise or if [the device has already been upgraded to Windows Holographic Enterprise](hololens-upgrade-enterprise.md).
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
1. On the Windows ICD start page, select **Advanced provisioning**.
@ -100,7 +101,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
Provisioning packages make use of configuration service providers (CSPs). If you're not familiar with CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers).
In Windows ICD, when you create a provisioning package for Windows Holographic, the settings in **Available customizations** are based on [CSPs that are supported in Windows Holographic](https://msdn.microsoft.co/library/windows/hardware/dn920025.aspx#HoloLens). The following table describes settings that you might want to configure for HoloLens.
In Windows ICD, when you create a provisioning package for Windows Holographic, the settings in **Available customizations** are based on [CSPs that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens). The following table describes settings that you might want to configure for HoloLens.
![Common runtime settings for HoloLens](images/icd-settings.png)
@ -109,7 +110,7 @@ In Windows ICD, when you create a provisioning package for Windows Holographic,
| **Accounts** | Create a local account. HoloLens currently supports a single user only. Creating multiple local accounts in a provisioning package is not supported. <br><br>**IMPORTANT**<br>If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/holographic/reset_or_recover_your_hololens#perform_a_full_device_recovery). |
| **Certificates** | Deploy a certificate to HoloLens. |
| **ConnectivityProfiles** | Deploy a Wi-Fi profile to HoloLens. |
| **EditionUpgrade** | [Upgrade to Windows Holographic Enterprise.](hololens-upgrade-enterprise.md) |
| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens-upgrade-enterprise.md) |
| **Policies** | Allow or prevent developer mode on HoloLens. |
>[!NOTE]

11
devices/hololens/hololens-requirements.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Microsoft HoloLens in the enterprise: requirements
@ -35,7 +36,7 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
- Wi-Fi network
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
## Upgrade to Windows Holographic Enterprise
## Upgrade to Windows Holographic for Business
- HoloLens Enterprise license XML file
@ -44,11 +45,11 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
## Related resources
[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/en-us/documentation/articles/active-directory-get-started-premium/)
[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/)
[Get started with Intune](https://docs.microsoft.com/en-us/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
[Enroll devices for management in Intune](https://docs.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
[Azure AD editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/)
[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)

1
devices/hololens/hololens-setup.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Set up HoloLens

11
devices/hololens/hololens-upgrade-enterprise.md
View File

@ -1,21 +1,22 @@
---
title: Unlock Windows Holographic Enterprise features (HoloLens)
description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic Enterprise.
title: Unlock Windows Holographic for Business features (HoloLens)
description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Unlock Windows Holographic Enterprise features
# Unlock Windows Holographic for Business features
Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://developer.microsoft.com/windows/holographic/release_notes#introducing_microsoft_hololens_commercial_suite), which provides extra features designed for business.
When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic Enterprise. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
>[!TIP]
>You can tell that the HoloLens has been upgraded to the Enterprise edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic Enterprise.
>You can tell that the HoloLens has been upgraded to the business edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic for Business.

BIN
devices/hololens/images/upgrade-flow.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

5
devices/hololens/index.md
View File

@ -6,13 +6,14 @@ ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerMS
localizationpriority: medium
---
# Microsoft HoloLens
<table><tbody>
<tr><td style="border: 0px;width: 75%;valign= top"><p>Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.</p><p> Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic Enterprise when you apply the Enterprise license file to the device.</p></td><td align="left" style="border: 0px">![Hololens](images/hololens.png)</td></tr>
<tr><td style="border: 0px;width: 75%;valign= top"><p>Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.</p><p> Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.</p></td><td align="left" style="border: 0px">![Hololens](images/hololens.png)</td></tr>
</tbody></table>
## In this section
@ -21,7 +22,7 @@ author: jdeckerMS
| --- | --- |
| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time |
| [Unlock Windows Holographic Enterprise features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic Enterprise|
| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business|
| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft InTune |
| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app |
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |

5
devices/surface-hub/TOC.md
View File

@ -5,7 +5,8 @@
#### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
#### [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
##### [Online deployment](online-deployment-surface-hub-device-accounts.md)
##### [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md)
##### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md)
##### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md)
##### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md)
##### [Create a device account using UI](create-a-device-account-using-office-365.md)
##### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
@ -35,5 +36,7 @@
#### [Using a room control system](use-room-control-system-with-surface-hub.md)
### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
### [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)
## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
## [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md)
## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
## [Change history for Surface Hub](change-history-surface-hub.md)

2
devices/surface-hub/accessibility-surface-hub.md
View File

@ -30,7 +30,7 @@ The full list of accessibility settings are available to IT admins in the **Sett
| Mouse | Defaults selected for **Pointer size**, **Pointer color** and **Mouse keys**. |
| Other options | Defaults selected for **Visual options** and **Touch feedback**. |
Additionally, these accessibility features and apps are returned to default settings when users press [**I'm Done**](i-am-done-finishing-your-surface-hub-meeting.md):
Additionally, these accessibility features and apps are returned to default settings when users press [I'm Done](i-am-done-finishing-your-surface-hub-meeting.md):
- Narrator
- Magnifier
- High contrast

9
devices/surface-hub/change-history-surface-hub.md
View File

@ -14,11 +14,20 @@ localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
## February 2017
| New or changed topic | Description |
| --- | --- |
| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | New |
## January 2017
| New or changed topic | Description |
| --- | --- |
| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | New |
| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | New |
| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. |
| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated procedures for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. |
## December 2016

3
devices/surface-hub/create-and-test-a-device-account-surface-hub.md
View File

@ -46,7 +46,8 @@ For detailed steps using PowerShell to provision a device account, choose an opt
| Organization deployment | Description |
|---------------------------------|--------------------------------------|
| [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md) | Your organization's environment is deployed entirely on Office 365. |
| [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync). |
| [On-premises deployment (single-forest)](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a single-forest environment. |
| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a multi-forest environment. |
| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365. |
If you prefer to use a graphical user interface, some steps can be done using UI instead of PowerShell.

22
devices/surface-hub/device-reset-suface-hub.md
View File

@ -1,22 +0,0 @@
---
title: Device reset (Surface Hub)
description: You may wish to reset your Microsoft Surface Hub.
ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
redirect_url: https://technet.microsoft.com/itpro/surface-hub/device-reset-surface-hub
keywords: reset Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: surfacehub
author: TrudyHa
---
 
 

6
devices/surface-hub/device-reset-surface-hub.md
View File

@ -31,9 +31,11 @@ Initiating a reset will return the device to the last cumulative Windows update,
- Configurations from MDM or the Settings app
> [!IMPORTANT]
> Performing a device reset may take up to 2 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
> Performing a device reset may take up to 6 hours. Do not turn off or unplug the Surface Hub until the process has completed. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again.
After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. If the Surface Hub displays a Welcome screen, that indicates that the reset encountered a problem and rolled back to the previously existing OS image.
If you see a blank screen for long periods of time during the **Reset device** process, please wait and do not take any action.
## Reset a Surface Hub from Settings

3
devices/surface-hub/first-run-program-surface-hub.md
View File

@ -60,7 +60,8 @@ If the default values shown are correct, then you can click **Next** to go on. O
### What happens?
>**Note**  Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-suface-hub.md)). Make sure that the settings are properly configured before proceeding.
>[!NOTE]
> Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding.
 

34
devices/surface-hub/index.md
View File

@ -6,35 +6,25 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: surfacehub
author: TrudyHa
author: jdeckerMS
localizationpriority: medium
---
# Microsoft Surface Hub
Documents related to the Microsoft Surface Hub.
Documents related to deploying and managing the Microsoft Surface Hub in your organization.
>[Looking for the user's guide for Surface Hub?](https://www.microsoft.com/surface/support/surface-hub)
## In this section
| Topic | Description |
| --- | --- |
| [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) | This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers.|
| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. |
| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. |
| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation. |
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Topic</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)</p></td>
<td align="left"><p>This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers.</p></td>
</tr>
<tr><td>[Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md)</td><td>This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise.</td></tr><tr>
<td>[Change history for Surface Hub](change-history-surface-hub.md)</td><td>This topic lists new and updated topis in the Surface Hub documentation.</td></tr>
</tbody>
</table>

5
devices/surface-hub/install-apps-on-surface-hub.md
View File

@ -16,10 +16,9 @@ localizationpriority: medium
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
A few things to know about apps on Surface Hub:
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp).
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). See a [list of apps that work with Surface Hub](https://www.microsoft.com/surface/support/surface-hub/surface-hub-apps).
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631).
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Windows Store to download and install apps.

9
devices/surface-hub/manage-windows-updates-for-surface-hub.md
View File

@ -57,6 +57,7 @@ Surface Hubs, like all Windows 10 devices, include **Windows Update for Business
2. [Configure when Surface Hub receives updates](#configure-when-surface-hub-receives-updates).
> [!NOTE]
> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-wufb-intune)
@ -104,6 +105,14 @@ You can connect Surface Hub to your Windows Server Update Services (WSUS) server
To connect Surface Hub to a WSUS server using MDM, set an appropriate [Update/UpdateServiceUrl](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) policy.
**If you use a proxy server or other method to block URLs**
If you use a method other than WSUS to block specific URLs and prevent updates, you will need to add the following Windows update trusted site URLs to the “allow list”:
- `http(s)://*.update.microsoft.com`
- `http://download.windowsupdate.com`
- `http://windowsupdate.microsoft.com`
Once the Windows 10 Team Anniversary Update is installed, you can remove these addresses to return your Surface Hub to its previous state.
## Maintenance window

3
devices/surface-hub/monitor-surface-hub.md
View File

@ -101,6 +101,9 @@ This table describes the sample queries in the Surface Hub solution:
For Surface Hub to connect to and register with the OMS service, it must have access to the port number of your domains and the URLs. This table list the ports that OMS needs. For more information, see [Configure proxy and firewall settings in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-proxy-firewall/).
>[!NOTE]
>Surface Hub does not currently support the use of a proxy server to communicate with the OMS service.
| Agent resource | Ports | Bypass HTTPS inspection? |
| --------------------------- | ----- | ------------------------ |
| *.ods.opinsights.azure.com | 443 | Yes |

8
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -1,5 +1,5 @@
---
title: On-premises deployment (Surface Hub)
title: On-premises deployment single forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
keywords: single forest deployment, on prem deployment, device account, Surface Hub
@ -11,12 +11,12 @@ author: TrudyHa
localizationpriority: medium
---
# On-premises deployment (Surface Hub)
# On-premises deployment for Surface Hub in a single-forest environment
This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If youre using a multi-forest deployment, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If youre using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
1. Start a remote PowerShell session from a PC and connect to Exchange.
@ -99,7 +99,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
```PowerShell
CsMeetingRoom HUB01 -DomainController DC-ND-001.contoso.com
Set-CsMeetingRoom HUB01 -DomainController DC-ND-001.contoso.com
-LineURItel: +14255550555;ext=50555" Set-CsMeetingRoom -DomainController DC-ND-001.contoso.com
-Identity HUB01 -EnterpriseVoiceEnabled $true
```

105
devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md Normal file
View File

@ -0,0 +1,105 @@
---
title: On-premises deployment multi-forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
keywords: multi forest deployment, on prem deployment, device account, Surface Hub
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerMS
localizationpriority: medium
---
# On-premises deployment for Surface Hub in a multi-forest environment
This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If youre using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md).
1. Start a remote PowerShell session from a PC and connect to Exchange.
Be sure you have the right permissions set to run the associated cmdlets.
Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
```PowerShell
Set-ExecutionPolicy Unrestricted
$org='contoso.microsoft.com'
$cred=Get-Credential $admin@$org
$sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
$sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $sessExchange
Import-PSSession $sessLync
```
2. After establishing a session, create a new mailbox in the Resource Forest. This will allow the account to authenticate into the Surface Hub.
If you're changing an existing resource mailbox:
```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01"
```
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you havent created a compatible policy yet, use the following cmdlet-—this one creates a policy called "Surface Hubs". Once its created, you can apply the same policy to other device accounts.
```PowerShell
$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
```
Once you have a compatible policy, then you will need to apply the policy to the device account.
```PowerShell
Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy -ActiveSyncEnabled $true
Set-Mailbox $acctUpn -Type Room
```
4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
```PowerShell
Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. This should be set in the User Forest.
```PowerShell
Set-AdUser $acctUpn -PasswordNeverExpires $true
```
6. Enable the account in Active Directory so it will authenticate to the Surface Hub. This should be set in the User Forest.
```PowerShell
Set-AdUser $acctUpn -Enabled $true
```
6. You now need to change the room mailbox to a linked mailbox:
```PowerShell
$cred=Get-Credential AuthForest\LinkedRoomTest1
Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1
```
7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
```PowerShell
Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
-DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
-Identity HUB01
```
You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
 

56
devices/surface-hub/online-deployment-surface-hub-device-accounts.md
View File

@ -54,13 +54,10 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
```
Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
Once you have a compatible policy, then you will need to apply the policy to the device account.
```PowerShell
Set-Mailbox 'HUB01@contoso.com' -Type Regular
Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
Set-Mailbox 'HUB01@contoso.com' -Type Room
Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force) -EnableRoomMailboxAccount $true
```
4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
@ -84,7 +81,10 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true
```
7. The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
7. Surface Hub requires a license for Skype for Business functionality.
- Your Surface Hub account requires a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
- You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
@ -98,15 +98,6 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
8. Enable the device account with Skype for Business.
In order to enable Skype for Business, your environment will need to meet the following prerequisites:
- You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
- Your tenant users must have Exchange mailboxes.
- Your device account needs a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
<!-- -->
- Start by creating a remote PowerShell session from a PC.
```PowerShell
@ -115,34 +106,25 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
Import-PSSession $cssess -AllowClobber
```
- To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool
"sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
- Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
```PowerShell
Get-CsOnlineUser -Identity alice@contoso.com| fl *registrarpool*
```
OR by setting a variable
```PowerShell
$strRegistrarPool = (Get-CsOnlineUser -Identity alice@contoso.com).RegistrarPool
```
- Enable the Surface Hub account with the following cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
OR using the $strRegistarPool variable from above
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
```
9. Assign Skype for Business license to your Surface Hub account.
Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
- Select the Surface Hub account, and then click or tap the pen icon, which means edit.
- Click on the **Licenses** option.
- In the **Assign licenses** section, you need to select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and what you've decided in terms of needing Enterprise Voice. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
- Click **Save** and you're done.
>[!NOTE]
>It's also possible to use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to log in to this account.
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.

6
devices/surface-hub/prepare-your-environment-for-surface-hub.md
View File

@ -24,10 +24,10 @@ Review these dependencies to make sure Surface Hub features will work in your IT
|-------------------------------------------------------|-------------------------------------------------------|
| Active Directory or Azure Active Directory (Azure AD) | <p>The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device accounts credentials, as well as to access information like the device accounts display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.</p>You can also domain join or Azure AD join your Surface Hub to allow a group of authorized users to configure settings on the Surface Hub. |
| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync | <p>Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.</p>ActiveSync is used to sync the device accounts calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. |
| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing. |
| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.</br></br>If screen sharing on a Surface Hub fails and the error message **An error occurred during the screen presentation** is displayed, see [Video Based Screen Sharing not working on Surface Hub](https://support.microsoft.com/help/3179272/video-based-screen-sharing-not-working-on-surface-hub) for help. |
| Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
| Network and Internet access | <p>In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred.</p><p>**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.</p>**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. |
| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
| Network and Internet access | <p>In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred.</p><p>**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.</p>**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. |
Additionally, note that Surface Hub requires the following open ports:
- HTTPS: 443

2
devices/surface-hub/save-bitlocker-key-surface-hub.md
View File

@ -24,7 +24,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
2. If youve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
3. If youre using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** &gt; **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
3. If youre using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** &gt; **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
## Related topics

36
devices/surface-hub/surface-hub-downloads.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Useful downloads for Microsoft Surface Hub
description: Downloads related to the Microsoft Surface Hub.
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerMS
localizationpriority: medium
---
# Useful downloads for Microsoft Surface Hub
This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide.
| Link | Description |
| --- | --- |
| [Surface Hub Site Readiness Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) |
| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-setup-guide) | Get a quick overview of how to set up the environment for your new Surface Hub. |
| [Surface Hub Quick Reference Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-quick-reference-guide) | Use this quick reference guide to get information about key features and functions of the Surface Hub. |
| [Surface Hub User Guide (PDF)](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. |
| [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hubs internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC. |
| [Surface Hub SSD Replacement Guide (PDF)](https://www.microsoft.com/surface/en-us/support/surfacehubssd) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. |
| [Microsoft Surface Hub Rollout and Adoption Success Kit (ZIP)](http://download.microsoft.com/download/F/A/3/FA3ADEA4-4966-456B-8BDE-0A594FD52C6C/Surface%20Hub%20RASK.zip) | Best practices for generating awareness and implementing change management to maximize adoption, usage, and benefits of Microsoft Surface Hub. The Rollout and Adoption Success Kit zip file includes the Rollout and Adoption Success Kit detailed document, Surface Hub presentation, demo guidance, awareness graphics, and more. |
| [Unpacking Guide for 84-inch Surface Hub (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-unpacking-guide-84) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) |
| [Unpacking Guide for 55-inch Surface Hub (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-unpacking-guide-55) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) |
| [Wall Mounting and Assembly Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-wall-mounting-assembly-guide) | Detailed instructions on how to safely and securely assemble the wall brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/bf/4d/bf4d6f06-370c-45ee-88e6-c409873914e8.mov?n=04.07.16_installation_video_05_wall_mount.mov) |
| [Floor-Supported Mounting and Assembly Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-floor-supported-mounting-assembly-guide) | Detailed instructions on how to safely and securely assemble the floor-supported brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/ed/de/edde468a-e1d4-4ce8-8b61-c4527dd25c81.mov?n=04.07.16_installation_video_06_floor_support_mount.mov) |
| [Rolling Stand Mounting and Assembly Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-rolling-stand-mounting-assembly-guide) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) |
| [Mounts and Stands Datasheet (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-mounts-and-stands-datasheet) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. |
| [Surface Hub Stand and Wall Mount Specifications (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-stand-and-wall-mount-specs) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. |
| [Surface Hub Onsite Installation and Onsite Repair/Exchange Services FAQ (PDF)](https://www.microsoft.com/surface/en-us/support/surface-hub/onsite-installation-repair-faq) | Get answers to the most common questions about Surface Hub onsite service offerings and delivery. |

121
devices/surface-hub/surface-hub-wifi-direct.md Normal file
View File

@ -0,0 +1,121 @@
---
title: How Surface Hub addresses Wi-Fi Direct security issues
description: This topic provides guidance on Wi-Fi Direct security risks.
keywords: change history
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerMS
localizationpriority: medium
---
# How Surface Hub addresses Wi-Fi Direct security issues
Microsoft Surface Hub is an all-in-one productivity device that enables teams to better brainstorm, collaborate, and share ideas. Surface Hub relies on Miracast for wireless projection by using Wi-Fi Direct.
This topic provides guidance on Wi-Fi Direct security vulnerabilities, how Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. This hardening information will help customers with high security requirements understand how best to protect their Surface Hub connected networks and data in transit.
The intended audiences for this topic include IT and network administrators interested in deploying Microsoft Surface Hub in their corporate environment with optimal security settings.
## Overview
Microsoft Surface Hub's security depends extensively on Wi-Fi Direct / Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2 Enterprise), issues traditionally associated with 802.11 encryption are simplified by design.
It is important to note Surface Hub operates on par with the field of Miracast receivers, meaning that it is protected from, and vulnerable to, a similar set of exploits as all WPS-based wireless network devices. But Surface Hubs implementation of WPS has extra precautions built in, and its internal architecture helps prevent an attacker even after compromising the Wi-Fi Direct / Miracast layer to move past the network interface onto other attack surfaces and connected enterprise networks see [Wi-Fi Direct vulnerabilities and how Surface Hub addresses them](#vulnerabilities).
## Wi-Fi Direct background
Miracast is part of the Wi-Fi Display standard, which itself is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration.
Wi-Fi Direct or Wi-Fi "Peer to Peer" (P2P) is a standard released by the Wi-Fi Alliance for "Ad-Hoc" networks. This allows supported devices to communicate directly and create groups of networks without requiring a traditional Wi-Fi Access Point or an Internet connection.
Security for Wi-Fi Direct is provided by WPA2 using the WPS standard. Authentication mechanism for devices can be a numerical pin (WPS-PIN), a physical or virtual Push Button (WPS-PBC), or an out-of-band message such as Near Field Communication (WPS-OOO). The Microsoft Surface Hub supports both Push Button (which is the default) and PIN methods.
In Wi-Fi Direct, groups are created as either "persistent," allowing for automatic reconnection using stored key material, or "temporary," where devices cannot re-authenticate without user intervention or action. Wi-Fi Direct groups will typically determine a Group Owner (GO) through a negotiation protocol, which mimics the "station" or "Access Point" functionality for the established Wi-Fi Direct Group. This Wi-Fi Direct GO provides authentication (via an “Internal Registrar”), and facilitate upstream network connections. For Surface Hub, this GO negotiation does not take place, as the network only operates in "autonomous" mode, where Surface Hub is always the Group Owner. Finally, Surface Hub does not and will not join other Wi-Fi Direct networks itself as a client.
<span id="vulnerabilities" />
## Wi-Fi Direct vulnerabilities and how Surface Hub addresses them
**Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process**: Wi-Fi Direct / Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes.
|Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| The discovery process may remain active for an extended period of time, which could allow Invitations and connections to be established without the intent of the device owner. | Surface Hub only operates as the Group Owner (GO), which does not perform the client Discovery or GO negotiation process. Broadcast can be turned off by fully disabling wireless projection. |
| Invitation and discovery using PBC allows an unauthenticated attacker to perform repeated connection attempts or unauthenticated connections are automatically accepted. | By requiring WPS PIN security, Administrators can reduce the potential for such unauthorized connections or "Invitation bombs" (where invitations are repeatedly sent until a user mistakenly accepts one). |
**Wi-Fi Protected Setup (WPS) Push Button Connect (PBC) vs PIN Entry**: Public weaknesses have been demonstrated in WPS-PIN method design and implementation, other vulnerabilities exist within WPS-PBC involving active attacks against a protocol designed for one time use.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| WPS-PBC is vulnerable to active attackers. As stated within the WPS specification: "The PBC method has zero bits of entropy and only protects against passive eavesdropping attacks. PBC protects against eavesdropping attacks and takes measures to prevent a device from joining a network that was not selected by the device owner. The absence of authentication, however, means that PBC does not protect against active attack". Attackers can use selective wireless jamming or other potential denial-of-service vulnerabilities in order to trigger an unintended Wi-Fi Direct GO or connection. Additionally, an active attacker, with only physical proximity, can repeatedly teardown any Wi-Fi Direct group and attempt the described attack until it is successful. |Enable WPS-PIN security within Surface Hubs configuration. As discussed within the Wi-Fi WPS specification: "The PBC method should only be used if no PIN-capable Registrar is available and the WLAN user is willing to accept the risks associated with PBC". |
| WPS-PIN implementations can be brute-forced using a Vulnerability within the WPS standard. Due to the design of split PIN verification, a number of implementation vulnerabilities occurred in the past several years across a wide range of Wi-Fi hardware manufacturers. In 2011 two researchers (Stefan Viehböck and Craig Heffner) released information on this vulnerability and tools such as "Reaver" as a proof of concept. | The Microsoft implementation of WPS within Surface Hub changes the pin every 30 seconds. In order to crack the pin, an attacker must work through the entire exploit in less than 30 seconds. Given the current state of tools and research in this area, a brute-force pin-cracking attack through WPS is unlikely. |
| WPS-PIN can be cracked using an offline attack due to weak initial key (E-S1,E S2) entropy. In 2014, Dominique Bongard discussed a "Pixie Dust" attack where poor initial randomness for the pseudo random number generator (PRNG) within the wireless device lead to the ability to perform an offline brute-force attack. | The Microsoft implementation of WPS within Surface Hub is not susceptible to this offline PIN brute-force attack. The WPS-PIN is randomized for each connection. |
**Unintended exposure of network services**: Network daemons intended for Ethernet or WLAN services may be accidentally exposed due to misconfiguration (such as binding to “all”/0.0.0.0 interfaces), a poorly configured device firewall, or missing firewall rules altogether.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| Misconfiguration binds a vulnerable or unauthenticated network service to "all" interfaces, which includes the Wi-Fi Direct interface. This potentially exposes services not intended to be accessible to Wi-Fi Direct clients, which may be weakly or automatically authenticated. | Within Surface Hub, the default firewall rules only permit the required TCP and UDP network ports and by default deny all inbound connections. Strong authentication can be configured by enabling the WPS-PIN mode. |
**Bridging Wi-Fi Direct and other wired or wireless networks**: While network bridging between WLAN or Ethernet networks is a violation of the Wi-Fi Direct specification, such a bridge or misconfiguration may effectively lower or remove wireless access controls for the internal corporate network.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| Wi-Fi Direct devices could allow unauthenticated or poorly authenticated access to bridged network connections. This may allow Wi-Fi Direct networks to route traffic to internal Ethernet LAN or other infrastructure or enterprise WLAN networks in violation of existing IT security protocols. | Surface Hub cannot be configured to bridge Wireless interfaces or allow routing between disparate networks. The default firewall rules add defense in depth to any such routing or bridge connections. |
**The use of Wi-Fi Direct “legacy” mode**: Exposure to unintended networks or devices when operating in “legacy” mode may present a risk. Device spoofing or unintended connections could occur if WPS-PIN is not enabled.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| By supporting both Wi-Fi Direct and 802.11 infrastructure clients, the system is operating in a "legacy" support mode. This may expose the connection setup phase indefinitely, allowing for groups to be joined or devices invited to connect well after their intended setup phase terminates. | Surface Hub does not support Wi-Fi Direct legacy clients. Only Wi-Fi Direct connections can be made to Surface Hub even when WPS-PIN mode is enabled. |
**Wi-Fi Direct GO negotiation during connection setup**: The Group Owner within Wi-Fi Direct is analogous to the “Access Point” in a traditional 802.11 wireless network. The negotiation can be gamed by a malicious device.
|Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| If groups are dynamically established or if the Wi-Fi Direct device can be made to join new groups, the Group Owner (GO) negotiation can be won by a malicious device that always specifies the max Group Owner "intent" value of 15. (Unless such device is configured to always be a Group Owner, in which case the connection fails.) | Surface Hub takes advantage of Wi-Fi Direct "Autonomous mode", which skips the GO negotiation phase of the connection setup. Surface Hub is always the Group Owner. |
**Unintended or malicious Wi-Fi deauthentication**: Wi-Fi deauthentication is an age-old attack that can be used by a physically local attacker to expedite information leaks against the connection setup process, trigger new four-way handshakes, target Wi-Fi Direct WPS-PBC for active attack, or create denial-of-service attacks.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| Deauthentication packets can be sent by an unauthenticated attacker to cause the station to re-authenticate and sniff the resulting handshake. Cryptographic or brute-force attacks can be attempted on the resulting handshake. Mitigations for these attack include: enforcing length and complexity policies for pre-shared keys; configuring the Access Point (if applicable) to detect malicious levels of deauthentication packets; and using WPS to automatically generate strong keys. In PBC mode the user is interacting with a physical or virtual button to allow arbitrary device association. This process should happen only at setup within a small window, once the button is automatically "pushed", the device will accept any station associating via a canonical PIN value (all zeros). Deauthentication can force a repeated setup process. | The current Surface Hub design uses WPS in PIN or PBC mode. No PSK configuration is permitted, helping enforce the generation of strong keys. It is recommended to enable WPS-PIN. |
| Beyond denial-of-service attacks, deauthentication packets can also be used to trigger a reconnect which re-opens the window of opportunity for active attacks against WPS-PBC. | Enable WPS-PIN security within Surface Hubs configuration. |
**Basic wireless information disclosure**: Wireless networks, 802.11 or otherwise, are inherently sources of information disclosure. Although the information is largely connection or device metadata, it remains an accepted risk for any 802.11 administrator. Wi-Fi Direct with device authentication via WPS-PIN effectively reveals the same information as a PSK or Enterprise 802.11 network.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| During broadcast, connection setup, or even with already encrypted connections, basic information about the devices and packet sizes is wirelessly transmitted. At a basic level, a local attacker within wireless range can determine the names of wireless devices, the MAC addresses of communicating equipment, and possibly other details such as the version of the wireless stack, packet sizes, or the configured Access Point or Group Owner options by examining the relevant 802.11 Information Elements. | The Wi-Fi Direct network employed by Surface Hub cannot be further protected from metadata leaks, in the same way 802.11 Enterprise or PSK wireless networks also leak such metadata. Physical security and removing potential threats from the wireless proximity can be used to reduce any potential information leaks. |
**Wireless evil twin or spoofing attacks**: Spoofing the wireless name is a trivial and known exploit for a physically local attacker in order to lure unsuspecting or mistaken users to connect.
| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
| --- | --- |
| By spoofing or cloning the wireless name or "SSID" of the target network, an attacker may trick the user into connecting to fake malicious network. By supporting unauthenticated, auto-join Miracast an attacker could capture the intended display materials or attempt to perform network attacks on the connecting device. | While no specific protections against joining a spoofed Surface Hub are in place, this attack is partially mitigated in two ways. First, any potential attack must be physically within Wi-Fi range. Second, this attack is only possible during the very first connection. Subsequent connections use a persistent Wi-Fi Direct group and Windows will remember and prioritize this prior connection during future Hub use. (Note: Spoofing the MAC address, Wi-Fi channel and SSID simultaneously was not considered for this report and may result in inconsistent Wi-Fi behavior.) Overall this weakness is a fundamental problem for any 802.11 wireless network not using Enterprise WPA2 protocols such as EAP-TLS or EAP-PWD, which are not supported in Wi-Fi Direct. |
## Surface Hub hardening guidelines
Surface Hub is designed to facilitate collaboration and allow users to start or join meetings quickly and efficiently. As such, the default Wi-Fi Direct settings for Surface Hub are optimized for this scenario.
For users who require additional security around the wireless interface, we recommend Surface Hub users enable the WPS-PIN security setting. This disables WPS-PBC mode and offers client authentication, and provides the strongest level of protection by preventing any unauthorized connections to Surface Hub.
If concerns remain around authentication and authorization of a Surface Hub, we recommend users connect the device to a separate network, either Wi-Fi (such as a "guest" Wi-Fi network) or using separate Ethernet network (preferably an entirely different physical network, but a VLAN can also provide some added security). Of course, this approach may preclude connections to internal network resources or services, and may require additional network configurations to regain access.
Also recommended:
- [Install regular system updates.](manage-windows-updates-for-surface-hub.md)
- Update the Miracast settings to disable auto-present mode.
## Learn more
- [Wi-Fi Direct specifications](http://www.wi-fi.org/discover-wi-fi/wi-fi-direct)
- [Wireless Protected Setup (WPS) specification](http://www.wi-fi.org/discover-wi-fi/wi-fi-protected-setup)

2
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -184,7 +184,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
</tr>
<tr class="even">
<td align="left"><p>5</p></td>
<td align="left"><p>50</p></td>
<td align="left"><p>S0</p></td>
<td align="left"><p>Ready</p></td>
</tr>
</tbody>

1
devices/surface/TOC.md
View File

@ -13,6 +13,7 @@
### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)
### [Surface Dock Updater](surface-dock-updater.md)
### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
## [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
## [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)
## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

7
devices/surface/change-history-for-surface.md
View File

@ -11,13 +11,18 @@ author: jdeckerMS
This topic lists new and updated topics in the Surface documentation library.
## January 2017
|New or changed topic | Description |
| --- | --- |
|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | New |
## December 2016
|New or changed topic | Description |
| --- | --- |
|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)|
## November 2016
|New or changed topic | Description |

BIN
devices/surface/images/sda-fig5-erase.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 276 KiB

After

Width:  |  Height:  |  Size: 74 KiB

2
devices/surface/index.md
View File

@ -33,7 +33,9 @@ For more information on planning for, deploying, and managing Surface devices in
| [Change history for Surface documentation](change-history-for-surface.md) | This topic lists new and updated topics in the Surface documentation library. |
## Learn more
[Certifying Surface Pro 4 and Surface Book as standard devices at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/849/Certifying-Surface-Pro-4-and-Surface-Book-as-standard-devices-at-Microsoft)

42
devices/surface/microsoft-surface-data-eraser.md
View File

@ -16,7 +16,7 @@ author: miladCA
Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
[Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy).
[Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB stick is easy to create by using the provided wizard, the Microsoft Surface Data Eraser wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy).
Compatible Surface devices include:
@ -100,43 +100,41 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
2. Ensure your system firmware is set to boot to USB. To enter the firmware settings:
2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
1. Turn off your Surface device.
a. Turn off your Surface device.
2. Press and hold the **Volume Up** button.
b. Press and hold the **Volume Down** button.
3. Press and release the **Power** button.
c. Press and release the **Power** button.
4. Release the **Volume Up** button.
d. Release the **Volume Down** button.
>[!NOTE]
>If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed.
3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick")
*Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
4. Read the software license terms, and then close the notepad file.
4. Read the software license terms, and then close the Notepad file.
5. Accept or Decline the Software License Terms by typing **Accept** or **Decline**.
5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
6. Select one of the following three options:
6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
- **Enter S to start Data Erase** Select this option to begin the data erase process. You will have a chance to confirm in the next step.
>[!NOTE]
>The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
- **Enter D to perform Diskpart** Select this option to use diskpart.exe to manage partitions on your disk.
![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
*Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
- **Enter X to shut device down** Select this option to perform no action and shut down the device.
7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
7. If you typed **S** to begin the data erase process, the partition that will be erased is displayed, as shown in Figure 5. If this is correct, press **Y** to continue, or **N** to shut down the device.
![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
*Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
8. If you pressed **Y** in step 7, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
9. Click the **Yes** button to continue erasing data on the Surface device.
8. Click the **Yes** button to continue erasing data on the Surface device.
 

1
devices/surface/update.md
View File

@ -16,6 +16,7 @@ Find out how to download and manage the latest firmware and driver updates for y
| Topic | Description |
| --- | --- |
|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. |
| [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.|
| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
| [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)| Read about the different methods you can use to manage the process of Surface Dock firmware updates.|

9
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -413,3 +413,12 @@ When you deploy SEMM using this script application and with a configuration that
Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user in this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article.
Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM.
>[!NOTE]
>Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
>We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that just like the certificate itself this universal reset package can be used to unenroll any of your organizations Surface devices from SEMM.
>When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package the device will prompt for the certificate thumbprint before ownership is taken.
>For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.

56
devices/surface/wake-on-lan-for-surface-devices.md Normal file
View File

@ -0,0 +1,56 @@
---
title: Wake On LAN for Surface devices (Surface)
description: See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically even if the devices are powered down.
keywords: update, deploy, driver, wol, wake-on-lan
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: jobotto
---
# Wake On LAN for Surface devices
Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as System Center Configuration Manager) automatically even if the devices are powered down. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using System Center Configuration Manager during a window in the middle of the night, when the office is empty.
>[!NOTE]
>Surface devices must be connected to AC power to support WOL.
## Supported devices
The following devices are supported for WOL:
* Surface Book
* Surface Pro 4
* Surface Pro 3
* Surface 3
* Surface Ethernet adapter
* Surface Dock
* Surface Docking Station for Surface Pro 3
## WOL driver
To enable WOL support on Surface devices, a specific driver for the Surface Ethernet adapter is required. This driver is not included in the standard driver and firmware pack for Surface devices you must download and install it separately. You can download the Surface WOL driver (SurfaceWOL.msi) from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as System Center Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
>[!NOTE]
>During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
>**HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests**
To extract the contents of SurfaceWOL.msi, use the MSIExec administrative installation option (**/a**), as shown in the following example, to extract the contents to the C:\WOL\ folder:
`msiexec /a surfacewol.msi targetdir=C:\WOL /qn`
## Using Surface WOL
The Surface WOL driver conforms to the WOL standard, whereby the device is woken by a special network communication known as a magic packet. The magic packet consists of 6 bytes of 255 (or FF in hexadecimal) followed by 16 repetitions of the target computers MAC address. You can read more about the magic packet and the WOL standard on [Wikipedia](https://wikipedia.org/wiki/Wake-on-LAN#Magic_packet).
>[!NOTE]
>To send a magic packet and wake up a device by using WOL, you must know the MAC address of the target device and Ethernet adapter. Because the magic packet does not use the IP network protocol, it is not possible to use the IP address or DNS name of the device.
Many management solutions, such as System Center Configuration Manager, provide built-in support for WOL. There are also many solutions, including Windows Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center.
>[!NOTE]
>After a device has been woken up with a magic packet, the device will return to sleep if an application is not actively preventing sleep on the system or if the AllowSystemRequiredPowerRequests registry key is not configured to 1, which allows applications to prevent sleep. See the [WOL driver](#wol-driver) section of this article for more information about this registry key.

1
education/windows/TOC.md
View File

@ -12,7 +12,6 @@
## [Take tests in Windows 10 ](take-tests-in-windows-10.md)
### [Set up Take a Test on a single PC](take-a-test-single-pc.md)
### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
### [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)
### [Take a Test app technical reference](take-a-test-app-technical.md)
## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)

7
education/windows/change-history-edu.md
View File

@ -5,13 +5,18 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Change history for Windows 10 for Education
This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
## January 2017
| New or changed topic | Description |
| --- | --- |
| [For IT administrators - get Minecraft: Education Edition](school-get-minecraft.md) | Updates. Learn how schools can use invoices to pay for Minecraft: Education Edition. |
## December 2016
| New or changed topic | Description |
| --- | --- |

1
education/windows/create-tests-using-microsoft-forms.md
View File

@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: CelesteDG
redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms
---
# Create tests using Microsoft Forms

4
education/windows/education-scenarios-store-for-business.md
View File

@ -91,9 +91,9 @@ Find apps for your school using Windows Store for Business. Admins in an educati
**To acquire apps**
- For info on how to acquire apps, see [Acquire apps in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/acquire-apps-windows-store-for-business#acquire-apps)
**To add a payment method**
**To add a payment method - debit or credit card**
If you the app you purchase has a price, youll need to provide a payment method.
If the app you purchase has a price, youll need to provide a payment method.
- Click **Get started! Add a way to pay.** Provide the info needed for your debit or credit card.
For more information on payment options, see [payment options](https://technet.microsoft.com/itpro/windows/manage/acquire-apps-windows-store-for-business#payment-options).

2
education/windows/get-minecraft-for-education.md
View File

@ -5,7 +5,7 @@ keywords: school
ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
author: trudyha
---
# Get Minecraft: Education Edition

BIN
education/windows/images/mcee-add-payment-method.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
education/windows/images/mcee-invoice-bills.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
education/windows/images/mcee-invoice-info.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
education/windows/images/mcee-view-bills.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 81 KiB

BIN
education/windows/images/take_a_test_flow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
education/windows/images/take_a_test_workflow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

64
education/windows/index.md
View File

@ -14,42 +14,76 @@ author: CelesteDG
# Windows 10 for Education
<link rel="stylesheet" href="https://az835927.vo.msecnd.net/sites/uwp/Resources/css/custom.css">
## ![Learn more about Windows](images/education.png) Learn
## Windows 10
### ![Learn more about Windows](images/education.png) Learn
<div class="side-by-side"> <div class="side-by-side-content">
<div class="side-by-side-content-left"><p>
<b>[Windows 10 editions for education customers](windows-editions-for-education-customers.md)</b><br />Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.</p></div>
<div class="side-by-side-content-right"><p><b>[Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)</b><br />Find out more about the features and functionality we support in each edition of Windows.</p><p>
<b>[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)</b><br />When you've made your decision, find out how to buy Windows for your school.</p></div>
<div class="side-by-side-content-left">
<p><b>[Windows 10 editions for education customers](windows-editions-for-education-customers.md)</b><br />Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.</p>
<p><b>[Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)</b><br />Find out more about the features and functionality we support in each edition of Windows.</p>
<p><b>[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)</b><br />When you've made your decision, find out how to buy Windows for your school.</p></div>
<div class="side-by-side-content-right">
<p><b>How-to videos</b><br />
<ul>
<li><a href="https://technet.microsoft.com/en-us/windows/mt723345" target="_blank">Automate common Windows 10 deployment and configuration tasks</a></li>
<li><a href="https://technet.microsoft.com/en-us/windows/mt723346" target="_blank">Deploy a custom Windows 10 Start menu</a></li>
<li><a href="https://technet.microsoft.com/en-us/windows/mt723347" target="_blank">Manage Windows 10 updates and upgrades</a></li>
<li><a href="https://technet.microsoft.com/en-us/windows/mt723344" target="_blank">Reprovision devices at the end of the school year</a></li>
<li><a href="https://technet.microsoft.com/en-us/windows/mt723343" target="_blank">Use MDT to deploy Windows 10</a></li>
<li><a href="https://technet.microsoft.com/en-us/windows/mt723348" target="_blank">Use Windows Store for Business</a></li>
</ul>
</div>
</div></div>
## ![Plan for Windows 10 in your school](images/clipboard.png) Plan
### ![Plan for Windows 10 in your school](images/clipboard.png) Plan
<div class="side-by-side"> <div class="side-by-side-content">
<div class="side-by-side-content-left"><p>
<b>[Provisioning options for Windows 10](set-up-windows-10.md)</b><br />Depending on your school's device management needs, Windows offers a variety of options that you can use to set up Windows 10 on your devices.</p><p>
<b>[Provisioning options for Windows 10](set-up-windows-10.md)</b><br />Depending on your school's device management needs, you can use **Set up School PCs** or the *Provision school devices* option in **Windows Imaging and Configuration Designer** to quickly set up student PCs.</p><p>
<b>[Get Minecraft Education Edition](get-minecraft-for-education.md)</b><br />Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.</p></div>
<div class="side-by-side-content-right"><p><b>[Take tests in Windows 10](take-tests-in-windows-10.md)</b><br />Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.</p>
<p><b>[Chromebook migration guide](chromebook-migration-guide.md)</b><br />Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.</p></div>
</div></div>
## ![Deploy Windows 10 for education](images/PCicon.png) Deploy
### ![Deploy Windows 10 for education](images/PCicon.png) Deploy
<div class="side-by-side"> <div class="side-by-side-content">
<div class="side-by-side-content-left"><p><b>[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)</b><br />Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.</p></div>
<div class="side-by-side-content-right"><p>
<b>[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)</b><br />Get step-by-step guidance to help you deploy Windows 10 in a school environment.</p><p>
<b>[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)</b><br />Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.</p></div>
</div></div>
<div class="side-by-side-content-left">
<p><b>[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)</b><br />Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.</p>
<p><b>[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)</b><br />Get step-by-step guidance to help you deploy Windows 10 in a school environment.</p>
<p><b>[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)</b><br />Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.</p>
</div>
<div class="side-by-side-content-right">
<p><b><a href="https://technet.microsoft.com/en-us/windows/mt574244" target="_blank">Try it out: Windows 10 deployment (for education)</a></b><br />Learn how to upgrade devices running the Windows 7 operating system to Windows 10 Anniversary Update, and how to manage devices, apps, and users in Windows 10 Anniversary Update.<br /><br />For the best experience, use this guide in tandem with the <a href="https://vlabs.holsystems.com/vlabs/technet?eng=VLabs&auth=none&src=vlabs&altadd=true&labid=20949&lod=true" target="_blank">TechNet Virtual Lab: IT Pro Try-It-Out</a>.</p>
</div>
</div></div>
## ![Deploy Windows 10 for education](images/windows.png) Upgrade
### ![Upgrade to Windows 10 for education](images/windows.png) Upgrade
<div class="side-by-side"> <div class="side-by-side-content">
<div class="side-by-side-content-left"><p><b>[Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md)</b><br />If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.</p></div>
<div class="side-by-side-content-right"><p></p>
</div>
</div>
## Windows 8.1
Follow these links to find step-by-step guidance on how to deploy Windows 8.1 in an academic environment.
<div class="side-by-side"> <div class="side-by-side-content">
<div class="side-by-side-content-left">
<p><b><a href="https://technet.microsoft.com/library/dn645509.aspx" target="_blank">Windows 8.1 deployment planning</a></b><br />Explore key considerations and questions that should be answered when planning for Windows 8.1 deployment.</p>
<p><b><a href="https://technet.microsoft.com/library/dn645528.aspx" target="_blank">Windows 8.1 deployment to PCs</a></b><br />Get an overview of Windows 8.1 deployment to PCs in an educational environment.</p>
<p><b><a href="https://technet.microsoft.com/library/dn645510.aspx" target="_blank">BYOD</a></b><br />Explore Bring Your Own Device (BYOD) considerations, including device types, infrastructure, and deployment models.</p>
<p><b><a href="https://technet.microsoft.com/library/dn645488.aspx" target="_blank">Deploying Windows RT 8.1</a></b><br />Get step-by-step instructions on how to configure and deploy Windows RT devices (like Surface and other tablets) in educational environments.</p>
</div>
<div class="side-by-side-content-right">
<p><b><a href="https://technet.microsoft.com/library/dn645483.aspx" target="_blank">Virtual Desktop Infrastructure</a></b><br />Learn how to address challenges related to BYOD scenarios using Virtual Desktop Infrastructure (VDI).</p>
<p><b><a href="https://technet.microsoft.com/library/dn645532.aspx" target="_blank">Windows Store apps</a></b><br />Explore Windows Store app deployment strategies and considerations for educational institutions running Windows 8.1.</p>
<p><b><a href="https://technet.microsoft.com/library/dn645486.aspx" target="_blank">Windows To Go</a></b><br />Learn about the benefits, limitations, and processes involved in deploying Windows To Go.</p>
</div>
</div></div>
## Related topics
- [Try it out: virtual labs and how-to videos for Windows 10 Education](https://technet.microsoft.com/en-us/windows/dn610356)
- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)

47
education/windows/school-get-minecraft.md
View File

@ -5,7 +5,7 @@ keywords: ["school"]
ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
author: trudyha
---
# For IT administrators - get Minecraft: Education Edition
@ -58,6 +58,51 @@ Qualified education institutions can purchase Minecraft: Education Edition licen
- Youll receive an email with a link to Windows Store for Business.
- Sign in to [Windows Store for Business](https://www.microsoft.com/business-store) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
## Minecraft: Education Edition payment options
You can pay for Minecraft: Education Edition with a debit or credit card, or with an invoice.
### Debit or credit cards
During the purchase, click **Get started! Add a way to pay.** Provide the info needed for your debit or credit card.
### Invoices
Invoices are now a supported payment method for Minecraft: Education Edition. There are a few requirements:
- Admins only (not supported for Teachers)
- $500 invoice minimum for your initial purchase
- $15,000 invoice maximum (for all invoices within your organization)
**To pay with an invoice**
1. During the purchase, click **Get started! Add a way to pay.**
![Buy page for an app, showing the link for Get started! Add a way to pay.](images/mcee-add-payment-method.png)
2. Select the Invoice option, and provide the info needed for an invoice. The **PO number** item allows you to add a tracking number or info that is meaningful to your organization.
![Invoice Details page showing items that need to be completed for an invoice. PO number is highlighted.](images/mcee-invoice-info.png)
### Find your invoice
After you've finished the purchase, you can find your invoice by checking **Minecraft: Education Edition** in your **Inventory**.
> **Note**: After you complete a purchase, it can take up to twenty-four hours for the app to appear in **Inventory**.
**To view your invoice**
1. In Windows Store for Business, click **Manage** and then click **Inventory**.
2. Click **Minecraft: Education Edition** in the list of apps.
3. On **Minecraft: Education Edition**, click **View Bills**.
![Minecraft: Education Edition app details page with view bills link highlighted](images/mcee-view-bills.png)
4. On **Invoice Bills**, click the invoice number to view and download your invoice. It downloads as a .pdf.
![Minecraft: Education Edition app details page with view bills link highlighted](images/mcee-invoice-bills.png)
The **Payment Instructions** section on the first page of the invoice has information on invoice amount, due date, and how to pay with electronic funds transfer, or with a check.
## <a href="" id="distribute-minecraft"></a>Distribute Minecraft
After Minecraft: Education Edition is added to your Windows Store for Business inventory, you have three options:

2
education/windows/set-up-school-pcs-technical.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Technical reference for the Set up School PCs app

2
education/windows/set-up-students-pcs-to-join-domain.md
View File

@ -5,7 +5,7 @@ keywords: ["shared cart", "shared PC", "school"]
ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
author: CelesteDG
---
# Set up student PCs to join domain

2
education/windows/set-up-students-pcs-with-apps.md
View File

@ -5,7 +5,7 @@ keywords: ["shared cart", "shared PC", "school"]
ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
author: CelesteDG
---
# Provision student PCs with apps

2
education/windows/set-up-windows-10.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Provisioning options for Windows 10

2
education/windows/take-a-test-app-technical.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Take a Test app technical reference

165
education/windows/take-a-test-multiple-pcs.md
View File

@ -6,10 +6,10 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Set up Take a Test on multiple PCs
# Set up Take a Test on multiple PCs
**Applies to:**
- Windows 10
@ -25,137 +25,120 @@ Many schools use online testing for formative and summative assessments. It's cr
- Students cant change settings, extend their display, see notifications, get updates, or use autofill features.
- Cortana is turned off.
## How to use Take a Test
![Set up and user flow for the Take a Test app](images/take_a_test_workflow.png)
## How you use Take a Test
![Use test account or test url in Take a Test](images/take-a-test-flow.png)
- **Use a test URL and a [dedicated testing account](#set-up-a-dedicated-test-account)** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
- **[Put a test URL with an included prefix](#provide-link-to-test) on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
- **Use an assessment URL and a [dedicated testing account](#set-up-a-dedicated-test-account)** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
- **[Put an assessment URL with an included prefix](#provide-link-to-test) on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
## Set up a dedicated test account
To configure a dedicated test account on multiple PCs, you can use:
- [Mobile device management (MDM) or Microsoft System Center Configuration Manager](#set-up-test-account-in-mdm-or-configuration-manager)
- [A provisioning package](#set-up-test-account-in-a-provisioning-package) created in Windows Imaging and Configuration Designer (ICD)
- [Group Policy](#set-up-test-account-in-group-policy) to deploy a scheduled task that runs a Powershell script
### Set up test account in MDM or Configuration Manager
- [Mobile device management (MDM) or Microsoft System Center Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager)
- [A provisioning package](#set-up-a-test-account-in-a-provisioning-package) created in Windows Imaging and Configuration Designer (ICD)
- [Group Policy](#set-up-a-test-account-in-group-policy) to deploy a scheduled task that runs a Powershell script
### Set up a test account in MDM or Configuration Manager
1. Launch your management console.
2. Create a policy to set up single app kiosk mode, using the following values:
- **Custom OMA-DM URI** = ./Vendor/MSFT/AssignedAccess/KioskModeApp
- **String value** = {"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}
> Account can be in one of the following formats:
> - username
> - domain\username
> - computer name\\username
> - username@tenant.com
Account can be in one of the following formats:
- username
- domain\username
- computer name\\username
- username@tenant.com
3. Create a policy to configure the assessment URL, using the following values:
- **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/LaunchURI
- **String value** = *assessment URL*
> See [Assessment URLs](#assessment-urls)
See [Assessment URLs](#assessment-urls) for more information.
4. Create a policy that associates the assessment URL to the account, using the following values:
- **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/TesterAccount
- **String value** = Enter the account that you specified in step 2, using the same account format.
5. To take the test, the student signs in to the test account.
### Set up test account in a provisioning package
### Set up a test account in a provisioning package
Prerequisite: You must first [download the Windows ADK](https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx) for Windows 10, Version 1607, and install Windows Imaging and Configuration Designer (ICD).
**Prerequisite:** You must first download the Windows ADK for Windows 10, Version 1607, and install Windows Imaging and Configuration Designer (ICD). For more info, see [Install Windows Imaging and Configuration Designer](https://technet.microsoft.com/en-us/itpro/windows/deploy/provisioning-install-icd).
**Create a provisioning package to set up a test account
**Create a provisioning package to set up a test account**
1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
2. Select **Advanced provisioning**.
3. Name your project, and click **Next**.
4. Select **All Windows desktop editions**, and click **Next**.
5. Click **Finish**.
6. Go to **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**.
6. Go to **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**.
7. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up, as shown in the following image.
![Enter account and app for Assigned Access Settings](images/test-account-icd.png)
> Account can be in one of the following formats:
> - username
> - domain\username
> - computer name\\username
> - username@tenant.com
Account can be in one of the following formats:
- username
- domain\username
- computer name\\username
- username@tenant.com
8. Go to **Runtime settings** > **TakeATest**.
9. Enter the test URL in **LaunchURI**.
9. Enter the assessment URL in **LaunchURI**.
10. Enter the test account from step 7 in **TesterAccount**.
On the **File** menu, select **Save.**
9. On the **Export** menu, select **Provisioning package**.
10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location.
Optionally, you can click **Browse** to change the default output location.
Optionally, you can click **Browse** to change the default output location.
13. Click **Next**.
14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
**Apply the provisioning package**
1. Select the provisioning package that you want to apply, double-click the file, and then allow admin privileges.
**Apply the provisioning package**
1. Select the provisioning package that you want to apply, double-click the file, and then allow admin privileges.
2. Consent to allow the package to be installed.
After you allow the package to be installed, the settings will be applied to the device
After you allow the package to be installed, the settings will be applied to the device. [Learn how to apply a provisioning package in audit mode or OOBE](https://go.microsoft.com/fwlink/p/?LinkID=692012).
[Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
### Set up a test account in Group Policy
To set up a test account using Group Policy, first create a Powershell script that configures the test account and assessment URL, and then create a scheduled task to run the script.
### Set up test account in Group Policy
To set up a test account using Group Policy, first create a Powershell script that configures the test account and test URL, and then create a scheduled task to run the script.
#### Create a Powershell script
This sample Powershell script configures the test account and the test URL. Edit the sample to:
#### Create a PowerShell script
This sample PowerShell script configures the test account and the assessment URL. Edit the sample to:
- Use your test account for **$obj.LaunchURI**
- Use your test URL for **$obj.TesterAccount**
- Use your test account for **-UserName**
- Use your assessment URL for **$obj.TesterAccount**
- Use your test account for **-UserName**
```
$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
$obj.LaunchURI='http://www.foo.com';
$obj.TesterAccount='TestAccount';
$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
$obj.LaunchURI='http://www.foo.com';
$obj.TesterAccount='TestAccount';
$obj.put()
Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount
```
#### Create a scheduled task in Group Policy
1. Open the Group Policy Management Console.
1. Open the Group Policy Management Console.
2. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click **Edit**.
3. In the console tree under **Computer Configuration** or **User Configuration**, go to **Preferences** > **Control Panel Settings**.
4. Right-click **Scheduled Tasks**, point to **New**, and select **Scheduled Task**.
@ -164,42 +147,36 @@ Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5
7. In the **Advanced** dialog box, click **Find Now**.
8. Select **System** in the search results
9. Go back to the **Properties** dialog box and select **Run with highest privileges** under **Security options**.
9. Specify the operating system in the **Configure for** field.
9. Navigate to the **Actions** tab.
9. Create a new **Action**.
9. Configure the action to **Start a program**.
9. In the **Program/script** field, enter **powershell**.
9. In the **Add arguments** field, enter **-file “<path to powershell script>”**.
9. Click **OK**.
9. Navigate to the **Triggers** tab and create a new trigger.
9. Specify the trigger to be **On a schedule**.
9. Specify the trigger to be **One time**.
9. Specify the time the trigger should start.
9. Click **OK**.
9. In the **Settings** tab, select **Run task as soon as possible after a scheduled start is missed**.
9. Click **OK**.
10. Specify the operating system in the **Configure for** field.
11. Navigate to the **Actions** tab.
12. Create a new **Action**.
13. Configure the action to **Start a program**.
14. In the **Program/script** field, enter **powershell**.
15. In the **Add arguments** field, enter **-file “<path to powershell script>”**.
16. Click **OK**.
17. Navigate to the **Triggers** tab and create a new trigger.
18. Specify the trigger to be **On a schedule**.
19. Specify the trigger to be **One time**.
20. Specify the time the trigger should start.
21. Click **OK**.
22. In the **Settings** tab, select **Run task as soon as possible after a scheduled start is missed**.
23. Click **OK**.
## Provide link to test
Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments.
Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments.
1. Create a link to the test URL. Use **ms-edu-secureassessment:** before the URL and **!enforceLockdown** after the URL.
```
ms-edu-secureassessment:<URL>!enforceLockdown
```
> **Note**: You may want to remove !enforceLockdown for tests that utilizes our lockdown API that checks for running processes before locking down. Removing !enforceLockdown will result in the app not locking down immediately which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
1. Create a link to the assessment URL. Use **ms-edu-secureassessment:** before the URL and **!enforceLockdown** after the URL.
```
ms-edu-secureassessment:<URL>!enforceLockdown
```
> [!NOTE]
> You may want to remove !enforceLockdown for tests that utilizes our lockdown API that checks for running processes before locking down. Removing !enforceLockdown will result in the app not locking down immediately which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
2. Distribute the link. You can use the web, email, OneNote, or any other method of your choosing.
3. To take the test, the student clicks on the link and provides user consent.
## Assessment URLs
This assessment URL uses our lockdown API:
- SBAC/AIR: [http://mobile.tds.airast.org/launchpad/](http://mobile.tds.airast.org/launchpad/).

44
education/windows/take-a-test-single-pc.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Set up Take a Test on a single PC
@ -26,50 +26,40 @@ The **Take a Test** app in Windows 10, Version 1607, creates the right environme
- Cortana is turned off.
> [!TIP]
> To exit **Take a Test**, press Ctrl+Alt+Delete.
> To exit **Take a Test**, press Ctrl+Alt+Delete.
## How you use Take a Test
## How to use Take a Test
![Use test account or test url in Take a Test](images/take-a-test-flow.png)
![Set up and user flow for the Take a Test app](images/take_a_test_workflow.png)
- **Use a test URL and a [dedicated testing account](#set-up-a-dedicated-test-account)** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
- **[Put a test URL with an included prefix](#provide-link-to-test) on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
- **Use an assessment URL and a [dedicated testing account](#set-up-a-dedicated-test-account)** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
- **[Put an assessment URL with an included prefix](#provide-a-link-to-the-test) on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
## Set up a dedicated test account
1. Sign into the device with an administrator account.
2. Go to **Settings** > **Accounts** > **Work or school access** > **Set up an account for taking tests**.
3. Select an existing account to use as the dedicated testing account.
> [!NOTE]
> If you don't have an account on the device, you can create a new account. To do this, go to **Settings** > **Accounts** > **Other Users** > **Add someone else to this PC** > **I dont have this persons sign-in information** > **Add a user without a Microsoft account**.
> [!NOTE]
> If you don't have an account on the device, you can create a new account. To do this, go to **Settings** > **Accounts** > **Other Users** > **Add someone else to this PC** > **I dont have this persons sign-in information** > **Add a user without a Microsoft account**.
4. Specify an assessment URL.
5. Click **Save**.
6. To take the test, the student signs in to the selected account.
## Provide link to test
## Provide a link to the test
Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments.
1. Create a link to the test URL. Use **ms-edu-secureassessment:** before the URL and **!enforceLockdown** after the URL.
```
ms-edu-secureassessment:<URL>!enforceLockdown
```
1. Create a link to the assessment URL. Use **ms-edu-secureassessment:** before the URL and **!enforceLockdown** after the URL.
```
ms-edu-secureassessment:<URL>!enforceLockdown
```
> [!NOTE]
> You may want to remove !enforceLockdown for tests that utilizes our lockdown API that checks for running processes before locking down. Removing !enforceLockdown will result in the app not locking down immediately which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
> You may want to remove !enforceLockdown for tests that utilizes our lockdown API that checks for running processes before locking down. Removing !enforceLockdown will result in the app not locking down immediately which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
2. Distribute the link. You can use the web, email, OneNote, or any other method of your choosing.
3. To take the test, the student clicks on the link and provides user consent.

19
education/windows/take-tests-in-windows-10.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Take tests in Windows 10
@ -27,18 +27,17 @@ Many schools use online testing for formative and summative assessments. It's cr
## How you use Take a Test
## How to use Take a Test
![Use test account or test url in Take a Test](images/take-a-test-flow.png)
- **Use a test URL and a dedicated testing account** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
- **Put a test URL with an included prefix on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
[Learn how to set up Take a Test on a single PC](take-a-test-single-pc.md)
[Learn how to set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
![Set up and user flow for the Take a Test app](images/take_a_test_workflow.png)
- **Use an assessment URL and a dedicated testing account** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
- **Put an assessment URL with an included prefix on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
## How to set up Take a Test on PCs
You can use Take a Test to set up a test for a single PC or multiple PCs. Follow these links to learn how:
- [Set up Take a Test on a single PC](take-a-test-single-pc.md)
- [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
## Related topics

2
education/windows/teacher-get-minecraft.md
View File

@ -5,7 +5,7 @@ keywords: ["school"]
ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
author: trudyha
---
# For teachers - get Minecraft: Education Edition

2
education/windows/use-set-up-school-pcs-app.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
author: CelesteDG
---
# Use the Set up School PCs app

166
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -81,10 +81,11 @@ Before you deploy Office by using App-V, review the following requirements.
<tbody>
<tr class="odd">
<td align="left"><p>Packaging</p></td>
<td align="left"><ul>
<td align="left">
<ul>
<li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li>
<li><p>In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li>
<li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project).</p></li>
<li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office).</p></li>
</ul></td>
</tr>
<tr class="even">
@ -102,12 +103,7 @@ Before you deploy Office by using App-V, review the following requirements.
<li><p>Project Pro for Office 365</p></li>
</ul></td>
<td align="left"><p>You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).</p>
<p>You dont use shared computer activation if youre deploying a volume licensed product, such as:</p>
<ul>
<li><p>Office Professional Plus 2016</p></li>
<li><p>Visio Professional 2016</p></li>
<li><p>Project Professional 2016</p></li>
</ul></td>
</td>
</tr>
</tbody>
</table>
@ -154,9 +150,7 @@ The following table describes the recommended methods for excluding specific Off
Complete the following steps to create an Office 2016 package for App-V 5.0 or later.
**Important**  
In App-V 5.0 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
>**Important**&nbsp;&nbsp;In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
@ -190,13 +184,12 @@ The computer on which you are installing the Office Deployment Tool must have:
</table>
**Note**  
In this topic, the term “Office 2016 App-V package” refers to subscription licensing and volume licensing.
>**Note**  In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
 
### Create Office 2016 App-V Packages Using Office Deployment Tool
You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Volume Licensing or Subscription Licensing.
You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing.
Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
@ -206,6 +199,7 @@ Office 2016 App-V Packages are created using the Office Deployment Tool, which g
1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
>**Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
Example: \\\\Server\\Office2016
@ -237,8 +231,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
</Configuration>
```
**Note**  
The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "<! - -" from the beginning of the line, and the "-- >" from the end of the line.
>**Note**  The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "<! - -" from the beginning of the line, and the "-- >" from the end of the line.
The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
@ -269,13 +262,14 @@ The XML file that is included in the Office Deployment Tool specifies the produc
</tr>
<tr class="odd">
<td align="left"><p>Product element</p></td>
<td align="left"><p>Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.</p></td>
<td align="left"><p>Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297)
</p></td>
<td align="left"><p><code>Product ID =&quot;O365ProPlusRetail &quot;</code></p>
<p><code>Product ID =&quot;VisioProRetail&quot;</code></p>
<p><code>Product ID =&quot;ProjectProRetail&quot;</code></p>
<p><code>Product ID =&quot;ProPlusVolume&quot;</code></p>
<p><code>Product ID =&quot;VisioProVolume&quot;</code></p>
<p><code>Product ID = &quot;ProjectProVolume&quot;</code></p></td>
</td>
</tr>
<tr class="even">
<td align="left"><p>Language element</p></td>
@ -286,7 +280,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
<td align="left"><p>Version (attribute of Add element)</p></td>
<td align="left"><p>Optional. Specifies a build to use for the package</p>
<p>Defaults to latest advertised build (as defined in v32.CAB at the Office source).</p></td>
<td align="left"><p><code>15.1.2.3</code></p></td>
<td align="left"><p><code>16.1.2.3</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>SourcePath (attribute of Add element)</p></td>
@ -303,7 +297,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with description of details:
2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
``` syntax
\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
@ -346,41 +340,35 @@ After you download the Office 2016 applications through the Office Deployment To
- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
- Create an Office App-V package for Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model youre using. The steps in the sections that follow the table will specify the exact entries you need to make.
>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Product ID</th>
<th align="left">Volume Licensing</th>
<th align="left">Subscription Licensing</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><strong>Office 2016</strong></p></td>
<td align="left"><p>ProPlusVolume</p></td>
<td align="left"><p>O365ProPlusRetail</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>Office 2016 with Visio 2016</strong></p></td>
<td align="left"><p>ProPlusVolume</p>
<p>VisioProVolume</p></td>
<td align="left"><p>O365ProPlusRetail</p>
<p>VisioProRetail</p></td>
</tr>
<tr class="odd">
<td align="left"><p><strong>Office 2016 with Visio 2016 and Project 2016</strong></p></td>
<td align="left"><p>ProPlusVolume</p>
<p>VisioProVolume</p>
<p>ProjectProVolume</p></td>
<td align="left"><p>O365ProPlusRetail</p>
<p>VisioProRetail</p>
<p>ProjectProRetail</p></td>
@ -412,9 +400,7 @@ After you download the Office 2016 applications through the Office Deployment To
</tr>
<tr class="even">
<td align="left"><p>ProductID</p></td>
<td align="left"><p>Specify the type of licensing, as shown in the following examples:</p>
<ul>
<li><p>Subscription Licensing</p>
<td align="left"><p>Specify Subscription licensing, as shown in the following example:</p>
<pre class="syntax" space="preserve"><code>&lt;Configuration&gt;
&lt;Add SourcePath= &quot;\\server\Office 2016&quot; OfficeClientEdition=&quot;32&quot; &gt;
&lt;Product ID=&quot;O365ProPlusRetail&quot;&gt;
@ -446,44 +432,7 @@ After you download the Office 2016 applications through the Office Deployment To
</tr>
</tbody>
</table>
<p> </p>
<p></p></li>
<li><p>Volume Licensing</p>
<pre class="syntax" space="preserve"><code>&lt;Configuration&gt;
&lt;Add SourcePath= &quot;\\Server\Office2016&quot; OfficeClientEdition=&quot;32&quot; &gt;
&lt;Product ID=&quot;ProPlusVolume&quot;&gt;
&lt;Language ID=&quot;en-us&quot; /&gt;
&lt;/Product&gt;
&lt;Product ID=&quot;VisioProVolume&quot;&gt;
&lt;Language ID=&quot;en-us&quot; /&gt;
&lt;/Product&gt;
&lt;/Add&gt;
&lt;/Configuration&gt;</code></pre>
<p>In this example, the following changes were made to create a package with Volume licensing:</p>
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><strong>SourcePath</strong></p></td>
<td align="left"><p>is the path, which was changed to point to the Office applications that were downloaded earlier.</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>Product ID</strong></p></td>
<td align="left"><p>for Office was changed to <code>ProPlusVolume</code>.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><strong>Product ID</strong></p></td>
<td align="left"><p>for Visio was changed to <code>VisioProVolume</code>.</p></td>
</tr>
</tbody>
</table>
<p> </p>
<p></p></li>
</ul></td>
</tr>
<p></p>
<tr class="odd">
<td align="left"><p>ExcludeApp (optional)</p></td>
<td align="left"><p>Lets you specify Office programs that you dont want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.</p></td>
@ -492,13 +441,8 @@ After you download the Office 2016 applications through the Office Deployment To
<td align="left"><p>PACKAGEGUID (optional)</p></td>
<td align="left"><p>By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.</p>
<p>An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.</p>
<div class="alert">
<strong>Note</strong>  
<p>Even if you use unique package IDs, you can still deploy only one App-V package to a single device.</p>
</div>
<div>
 
</div></td>
>**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
</td>
</tr>
</tbody>
</table>
@ -531,7 +475,7 @@ After you download the Office 2016 applications through the Office Deployment To
</tr>
<tr class="odd">
<td align="left"><p><strong>/packager</strong></p></td>
<td align="left"><p>creates the Office 2016 App-V package with Volume Licensing as specified in the customConfig.xml file.</p></td>
<td align="left"><p>creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>\\server\Office2016\Customconfig.xml</strong></p></td>
@ -552,8 +496,7 @@ After you download the Office 2016 applications through the Office Deployment To
- **WorkingDir**
**Note**  
To troubleshoot any issues, see the log files in the %temp% directory (default).
**Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
 
@ -563,7 +506,7 @@ After you download the Office 2016 applications through the Office Deployment To
2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
## <a href="" id="bkmk-pub-pkg-office"></a>Publishing the Office package for App-V 5.0
## <a href="" id="bkmk-pub-pkg-office"></a>Publishing the Office package for App-V
Use the following information to publish an Office package.
@ -629,8 +572,6 @@ To manage your Office App-V packages, use the same operations as you would for a
- [Managing Office 2016 package upgrades](#bkmk-manage-office-pkg-upgrd)
- [Managing Office 2016 licensing upgrades](#bkmk-manage-office-lic-upgrd)
- [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project)
### <a href="" id="bkmk-enable-office-plugins"></a>Enabling Office plug-ins by using connection groups
@ -641,16 +582,15 @@ Use the steps in this section to enable Office plug-ins with your Office package
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
2. Sequence your plug-ins using the App-V 5.0 Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
3. Create an App-V 5.0 package that includes the desired plug-ins.
3. Create an App-V package that includes the desired plug-ins.
4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet.
5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
**Important**  
The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
>**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
 
@ -672,8 +612,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
**Note**  
To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
>**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
 
**To disable an Office 2016 application**
@ -752,36 +691,17 @@ To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a
1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
**Note**  
Office App-V packages have two Version IDs:
- An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
- A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
>**Note** Office App-V packages have two Version IDs:
<ul>
<li>An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.</li>
<li>A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.</li>
</ul>
 
2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
### <a href="" id="bkmk-manage-office-lic-upgrd"></a>Managing Office 2016 licensing upgrades
If a new Office 2016 App-V Package has a different license than the Office 2016 App-V Package currently deployed. For instance, the Office 2016 package deployed is a subscription based Office 2016 and the new Office 2016 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
**How to upgrade an Office 2016 License**
1. Unpublish the already deployed Office 2016 Subscription Licensing App-V package.
2. Remove the unpublished Office 2016 Subscription Licensing App-V package.
3. Restart the computer.
4. Add the new Office 2016 App-V Package Volume Licensing.
5. Publish the added Office 2016 App-V Package with Volume Licensing.
An Office 2016 App-V Package with your chosen licensing will be successfully deployed.
### <a href="" id="bkmk-deploy-visio-project"></a>Deploying Visio 2016 and Project 2016 with Office
@ -802,7 +722,7 @@ The following table describes the requirements and options for deploying Visio 2
<tr class="odd">
<td align="left"><p>How do I package and publish Visio 2016 and Project 2016 with Office?</p></td>
<td align="left"><p>You must include Visio 2016 and Project 2016 in the same package with Office.</p>
<p>If you arent deploying Office, you can create a package that contains Visio and/or Project, as long as you follow [Deploying Microsoft Office 2010 by Using App-V](../appv-v5/deploying-microsoft-office-2010-by-using-app-v.md).</p></td>
<p>If you arent deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic.</p></td>
</tr>
<tr class="even">
<td align="left"><p>How can I deploy Visio 2016 and Project 2016 to specific users?</p></td>
@ -848,17 +768,11 @@ The following table describes the requirements and options for deploying Visio 2
## Additional resources
**Office 2016 App-V 5.0 Packages 5.0 Additional Resources**
[Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
**Office 2013 and Office 2010 App-V Packages**
[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md)
[Deploying Microsoft Office 2011 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md)
[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md)
[Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
**Connection Groups**
@ -868,7 +782,7 @@ The following table describes the requirements and options for deploying Visio 2
**Dynamic Configuration**
[About App-V 5.0 Dynamic Configuration](about-app-v-50-dynamic-configuration.md)
[About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md)
## Got a suggestion for App-V?

213
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
View File

@ -1,4 +1,4 @@
---
---
title: Deploying Microsoft Office 2016 by Using App-V
description: Deploying Microsoft Office 2016 by Using App-V
author: jamiejdt
@ -47,7 +47,7 @@ Use the following table to get information about supported versions of Office an
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>[Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md#bkmk-office-vers-supp-appv)</p></td>
<td align="left"><p>[Supported versions of Microsoft Office](planning-for-using-app-v-with-office.md#bkmk-office-vers-supp-appv)</p></td>
<td align="left"><ul>
<li><p>Supported versions of Office</p></li>
<li><p>Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)</p></li>
@ -55,13 +55,14 @@ Use the following table to get information about supported versions of Office an
</ul></td>
</tr>
<tr class="even">
<td align="left"><p>[Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md#bkmk-plan-coexisting)</p></td>
<td align="left"><p>[Planning for Using App-V with coexsiting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)</p></td>
<td align="left"><p>Considerations for installing different versions of Office on the same computer</p></td>
</tr>
</tbody>
</table>
 
### <a href="" id="bkmk-pkg-pub-reqs"></a>Packaging, publishing, and deployment requirements
Before you deploy Office by using App-V, review the following requirements.
@ -80,10 +81,11 @@ Before you deploy Office by using App-V, review the following requirements.
<tbody>
<tr class="odd">
<td align="left"><p>Packaging</p></td>
<td align="left"><ul>
<td align="left">
<ul>
<li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li>
<li><p>In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li>
<li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project).</p></li>
<li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office).</p></li>
</ul></td>
</tr>
<tr class="even">
@ -101,12 +103,7 @@ Before you deploy Office by using App-V, review the following requirements.
<li><p>Project Pro for Office 365</p></li>
</ul></td>
<td align="left"><p>You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).</p>
<p>You dont use shared computer activation if youre deploying a volume licensed product, such as:</p>
<ul>
<li><p>Office Professional Plus 2016</p></li>
<li><p>Visio Professional 2016</p></li>
<li><p>Project Professional 2016</p></li>
</ul></td>
</td>
</tr>
</tbody>
</table>
@ -153,10 +150,7 @@ The following table describes the recommended methods for excluding specific Off
Complete the following steps to create an Office 2016 package for App-V 5.1 or later.
**Important**  
In App-V 5.1 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
 
>**Important**&nbsp;&nbsp;In App-V 5.1 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
@ -182,23 +176,20 @@ The computer on which you are installing the Office Deployment Tool must have:
<td align="left"><p>Supported operating systems</p></td>
<td align="left"><ul>
<li><p>64-bit version of Windows 10</p></li>
<li><p>64-bit version of Windows 8 or later</p></li>
<li><p>64-bit version of Windows 8 or 8.1</p></li>
<li><p>64-bit version of Windows 7</p></li>
</ul></td>
</tr>
</tbody>
</table>
>**Note**  In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
 
**Note**  
In this topic, the term “Office 2016 App-V package” refers to subscription licensing and volume licensing.
### Create Office 2016 App-V Packages Using Office Deployment Tool
 
### Create Office 2013 App-V Packages Using Office Deployment Tool
You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Volume Licensing or Subscription Licensing.
You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing.
Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
@ -206,11 +197,9 @@ Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the
Office 2016 App-V Packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
1. Download the [Office 2-16 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
> [!NOTE]
> You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
>**Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
Example: \\\\Server\\Office2016
@ -242,12 +231,9 @@ The XML file that is included in the Office Deployment Tool specifies the produc
</Configuration>
```
**Note**  
The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "<! ---" from the beginning of the line, and the "-- >" from the end of the line.
>**Note**  The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "<! - -" from the beginning of the line, and the "-- >" from the end of the line.
 
The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
<table>
<colgroup>
@ -276,13 +262,14 @@ The XML file that is included in the Office Deployment Tool specifies the produc
</tr>
<tr class="odd">
<td align="left"><p>Product element</p></td>
<td align="left"><p>Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.</p></td>
<td align="left"><p><code>Product ID =&quot;O365ProPlusRetail&quot;</code></p>
<td align="left"><p>Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297)
</p></td>
<td align="left"><p><code>Product ID =&quot;O365ProPlusRetail &quot;</code></p>
<p><code>Product ID =&quot;VisioProRetail&quot;</code></p>
<p><code>Product ID =&quot;ProjectProRetail&quot;</code></p>
<p><code>Product ID =&quot;ProPlusVolume&quot;</code></p>
<p><code>Product ID =&quot;VisioProVolume&quot;</code></p>
<p><code>Product ID = &quot;ProjectProVolume&quot;</code></p></td>
</td>
</tr>
<tr class="even">
<td align="left"><p>Language element</p></td>
@ -298,21 +285,19 @@ The XML file that is included in the Office Deployment Tool specifies the produc
<tr class="even">
<td align="left"><p>SourcePath (attribute of Add element)</p></td>
<td align="left"><p>Specifies the location in which the applications will be saved to.</p></td>
<td align="left"><p><code>Sourcepath = "\\Server\Office2016"</code></p></td>
<td align="left"><p><code>Sourcepath = &quot;\\Server\Office2016</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>Branch (attribute of Add element)</p></td>
<td align="left"><p>Optional. Specifies the update branch for the product that you want to download or install.</p><p>For more information about update branches, see Overview of update branches for Office 365 ProPlus.</p></td>
<td align="left"><p>Optional. Specifies the update branch for the product that you want to download or install. </p><p>For more information about update branches, see Overview of update branches for Office 365 ProPlus.</p></td>
<td align="left"><p><code>Branch = "Business"</code></p></td>
</tr>
</tbody>
</table>
 
After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with description of details:
2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
``` syntax
\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
@ -355,41 +340,35 @@ After you download the Office 2016 applications through the Office Deployment To
- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
- Create an Office App-V package for Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model youre using. The steps in the sections that follow the table will specify the exact entries you need to make.
>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Product ID</th>
<th align="left">Volume Licensing</th>
<th align="left">Subscription Licensing</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><strong>Office 2016</strong></p></td>
<td align="left"><p>ProPlusVolume</p></td>
<td align="left"><p>O365ProPlusRetail</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>Office 2016 with Visio 2016</strong></p></td>
<td align="left"><p>ProPlusVolume</p>
<p>VisioProVolume</p></td>
<td align="left"><p>O365ProPlusRetail</p>
<p>VisioProRetail</p></td>
</tr>
<tr class="odd">
<td align="left"><p><strong>Office 2016 with Visio 2016 and Project 2016</strong></p></td>
<td align="left"><p>ProPlusVolume</p>
<p>VisioProVolume</p>
<p>ProjectProVolume</p></td>
<td align="left"><p>O365ProPlusRetail</p>
<p>VisioProRetail</p>
<p>ProjectProRetail</p></td>
@ -421,9 +400,7 @@ After you download the Office 2016 applications through the Office Deployment To
</tr>
<tr class="even">
<td align="left"><p>ProductID</p></td>
<td align="left"><p>Specify the type of licensing, as shown in the following examples:</p>
<ul>
<li><p>Subscription Licensing</p>
<td align="left"><p>Specify Subscription licensing, as shown in the following example:</p>
<pre class="syntax" space="preserve"><code>&lt;Configuration&gt;
&lt;Add SourcePath= &quot;\\server\Office 2016&quot; OfficeClientEdition=&quot;32&quot; &gt;
&lt;Product ID=&quot;O365ProPlusRetail&quot;&gt;
@ -455,59 +432,17 @@ After you download the Office 2016 applications through the Office Deployment To
</tr>
</tbody>
</table>
<p> </p>
<p></p></li>
<li><p>Volume Licensing</p>
<pre class="syntax" space="preserve"><code>&lt;Configuration&gt;
&lt;Add SourcePath= &quot;\\Server\Office2016&quot; OfficeClientEdition=&quot;32&quot; &gt;
&lt;Product ID=&quot;ProPlusVolume&quot;&gt;
&lt;Language ID=&quot;en-us&quot; /&gt;
&lt;/Product&gt;
&lt;Product ID=&quot;VisioProVolume&quot;&gt;
&lt;Language ID=&quot;en-us&quot; /&gt;
&lt;/Product&gt;
&lt;/Add&gt;
&lt;/Configuration&gt;</code></pre>
<p>In this example, the following changes were made to create a package with Volume licensing:</p>
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><strong>SourcePath</strong></p></td>
<td align="left"><p>is the path, which was changed to point to the Office applications that were downloaded earlier.</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>Product ID</strong></p></td>
<td align="left"><p>for Office was changed to <code>ProPlusVolume</code>.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><strong>Product ID</strong></p></td>
<td align="left"><p>for Visio was changed to <code>VisioProVolume</code>.</p></td>
</tr>
</tbody>
</table>
<p> </p>
<p></p></li>
</ul></td>
</tr>
<p></p>
<tr class="odd">
<td align="left"><p>ExcludeApp (optional)</p></td>
<td align="left"><p>Lets you specify Office programs that you dont want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access.</p></td>
<td align="left"><p>Lets you specify Office programs that you dont want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.</p></td>
</tr>
<tr class="even">
<td align="left"><p>PACKAGEGUID (optional)</p></td>
<td align="left"><p>By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.</p>
<p>An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.</p>
<div class="alert">
<strong>Note</strong>  
<p>Even if you use unique package IDs, you can still deploy only one App-V package to a single device.</p>
</div>
<div>
 
</div></td>
>**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
</td>
</tr>
</tbody>
</table>
@ -540,7 +475,7 @@ After you download the Office 2016 applications through the Office Deployment To
</tr>
<tr class="odd">
<td align="left"><p><strong>/packager</strong></p></td>
<td align="left"><p>creates the Office 2016 App-V package with Volume Licensing as specified in the customConfig.xml file.</p></td>
<td align="left"><p>creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>\\server\Office2016\Customconfig.xml</strong></p></td>
@ -553,14 +488,15 @@ After you download the Office 2016 applications through the Office Deployment To
</tbody>
</table>
After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
 
- **App-V Packages** contains an Office 2016 App-V package and two deployment configuration files.
After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
- **WorkingDir**
- **App-V Packages** contains an Office 2016 App-V package and two deployment configuration files.
**Note**  
To troubleshoot any issues, see the log files in the %temp% directory (default).
- **WorkingDir**
**Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
 
@ -570,7 +506,7 @@ After you download the Office 2016 applications through the Office Deployment To
2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
## <a href="" id="bkmk-pub-pkg-office"></a>Publishing the Office package for App-V 5.1
## <a href="" id="bkmk-pub-pkg-office"></a>Publishing the Office package for App-V
Use the following information to publish an Office package.
@ -636,8 +572,6 @@ To manage your Office App-V packages, use the same operations as you would for a
- [Managing Office 2016 package upgrades](#bkmk-manage-office-pkg-upgrd)
- [Managing Office 2016 licensing upgrades](#bkmk-manage-office-lic-upgrd)
- [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project)
### <a href="" id="bkmk-enable-office-plugins"></a>Enabling Office plug-ins by using connection groups
@ -648,16 +582,15 @@ Use the steps in this section to enable Office plug-ins with your Office package
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
2. Sequence your plug-ins using the App-V 5.1 Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
3. Create an App-V 5.1 package that includes the desired plug-ins.
3. Create an App-V package that includes the desired plug-ins.
4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet.
5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
**Important**  
The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
>**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
 
@ -677,11 +610,9 @@ Use the steps in this section to enable Office plug-ins with your Office package
### <a href="" id="bkmk-disable-office-apps"></a>Disabling Office 2016 applications
You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
**Note**  
To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
>**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
 
**To disable an Office 2016 application**
@ -734,11 +665,11 @@ You may want to disable shortcuts for certain Office applications instead of unp
<Extension Category="AppV.Shortcut">
<Shortcut>
<File>[{Common Programs}]\Microsoft Office 2016\Access 2016.lnk</File>
<Target>[{AppvPackageRoot}])office15\MSACCESS.EXE</Target>
<Target>[{AppvPackageRoot}])office16\MSACCESS.EXE</Target>
<Icon>[{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico</Icon>
<Arguments />
<WorkingDirectory />
<AppuserModelId>Microsoft.Office.MSACCESS.EXE.16</AppUserModelId>
<AppuserModelId>Microsoft.Office.MSACCESS.EXE.15</AppUserModelId>
<AppUsermodelExcludeFroeShowInNewInstall>true</AppUsermodelExcludeFroeShowInNewInstall>
<Description>Build a professional app quickly to manage data.</Description>
<ShowCommand>l</ShowCommand>
@ -760,36 +691,17 @@ To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a
1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
**Note**  
Office App-V packages have two Version IDs:
- An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
- A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
>**Note** Office App-V packages have two Version IDs:
<ul>
<li>An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.</li>
<li>A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.</li>
</ul>
 
2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
### <a href="" id="bkmk-manage-office-lic-upgrd"></a>Managing Office 2016 licensing upgrades
If a new Office 2016 App-V Package has a different license than the Office 2016 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2016 and the new Office 2016 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
**How to upgrade an Office 2016 License**
1. Unpublish the already deployed Office 2016 Subscription Licensing App-V package.
2. Remove the unpublished Office 2016 Subscription Licensing App-V package.
3. Restart the computer.
4. Add the new Office 2016 App-V Package Volume Licensing.
5. Publish the added Office 2016 App-V Package with Volume Licensing.
An Office 2016 App-V Package with your chosen licensing will be successfully deployed.
### <a href="" id="bkmk-deploy-visio-project"></a>Deploying Visio 2016 and Project 2016 with Office
@ -851,28 +763,21 @@ The following table describes the requirements and options for deploying Visio 2
</tbody>
</table>
 
## Additional resources
**Office 2016 App-V Packages Additional Resources**
[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md)
[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md)
[Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
**Office 2013 and Office 2010 App-V Packages**
[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v51.md)
[Deploying Microsoft Office 2011 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md)
**Connection Groups**
[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
[Managing Connection Groups](managing-connection-groups51.md)
[Managing Connection Groups](managing-connection-groups.md)
**Dynamic Configuration**

5
mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
View File

@ -29,7 +29,10 @@ Use the following procedure to view and configure default package extensions.
5. To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process.
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
>**Note** If the upload fails and the size of your configuration file is above 4MB, you will need to increase the maximum file size allowed by the server. This can be done by adding the maxRequestLength attribute with a value greater than the size of your configuration file (in KB) to the httpRuntime element on line 26 of C:\Program Files\Microsoft Application Virtualization Server\ManagementService\Web.config. For example, changing'<httpRuntime targetFramework="4.5"/> ' to '<httpRuntime targetFramework="4.5" maxRequestLength="8192"/>' will increase the maximum size to 8MB
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics

47
mdop/mbam-v25/mbam-25-supported-configurations.md
View File

@ -287,11 +287,6 @@ MBAM supports the following versions of Configuration Manager.
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft System Center 2012 R2 Configuration Manager</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft System Center 2012 Configuration Manager</p></td>
<td align="left"><p>SP1</p></td>
@ -301,13 +296,9 @@ MBAM supports the following versions of Configuration Manager.
<td align="left"><p>Microsoft System Center Configuration Manager 2007 R2 or later</p></td>
<td align="left"><p>SP1 or later</p></td>
<td align="left"><p>64-bit</p>
<div class="alert">
<strong>Note</strong>  
<p>Although Configuration Manager 2007 R2 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.</p>
</div>
<div>
 
</div></td>
>**Note** Although Configuration Manager 2007 R2 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.
</td>
</tr>
</tbody>
</table>
@ -338,34 +329,26 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** coll
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2012</p></td>
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2012</p></td>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2012</p></td>
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
<td align="left"><p>SP3</p></td>
<td align="left"><p>64-bit</p></td>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2008 R2</p></td>
<td align="left"><p>Standard or Enterprise</p></td>
<td align="left"><p>SP1, SP2, SP3</p></td>
<td align="left"><p>SP3</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
@ -567,7 +550,11 @@ The following table lists the operating systems that are supported for MBAM Grou
</tbody>
</table>
 
## MBAM In Azure IaaS
The MBAM server can be deployed in Azure Infrastructure as a Service (IaaS) on any of the supported OS versions listed above, connecting to an Active Directory hosted on premises or an Active Directory also hosted in Azure IaaS. Documentation for setting up and configuring Active Directory on Azure IaaS is [here](https://msdn.microsoft.com/en-us/library/azure/jj156090.aspx).
The MBAM client is not supported on virtual machines and is also not supported on Azure IaaS.
## Got a suggestion for MBAM?

20
mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
View File

@ -76,7 +76,7 @@ Before you proceed, make sure your environment includes these requirements for r
<td align="left"><p>.NET Framework 4 or higher</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Windows 8 and Windows 8.1</p></td>
<td align="left"><p>Windows 8.1</p></td>
<td align="left"><p>Enterprise or Pro</p></td>
<td align="left"><p>None</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
@ -91,10 +91,26 @@ Before you proceed, make sure your environment includes these requirements for r
<td align="left"><p>Windows PowerShell 3.0 or higher</p></td>
<td align="left"><p>.NET Framework 4.5</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Windows 10, pre-1607 verison</p></td>
<td align="left"><p>Enterprise or Pro</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
<td align="left"><p>Windows PowerShell 3.0 or higher</p></td>
<td align="left"><p>.NET Framework 4.5</p></td>
</tr>
<tr class="even">
<td align="left"><p>Windows Server 2016</p></td>
<td align="left"><p>Standard or Datacenter</p></td>
<td align="left"><p>None</p></td>
<td align="left"><p>64-bit</p></td>
<td align="left"><p>Windows PowerShell 3.0 or higher</p></td>
<td align="left"><p>.NET Framework 4.5</p></td>
</tr>
</tbody>
</table>
 
**Note:** Starting with Windows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack
Also…

27
mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
View File

@ -45,7 +45,7 @@ This workflow diagram provides a high-level understanding of a UE-V deployment a
![deploymentworkflow](images/deploymentworkflow.png)
<a href="" id="planning"></a>**Planning a UE-V deployment:** First, you want to do a little bit of planning so that you can determine which UE-V components youll be deploying. Planning a UE-V deployment involves these things:
**Planning a UE-V deployment:** First, you want to do a little bit of planning so that you can determine which UE-V components youll be deploying. Planning a UE-V deployment involves these things:
- [Decide whether to synchronize settings for custom applications](#deciding)
@ -597,15 +597,19 @@ The UE-V settings storage location and settings template catalog support storing
- Format the storage volume with an NTFS file system.
- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsofts Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991).
- The share can use Distributed File System (DFS) but there are restrictions.
Specifically, Distributed File System Replication (DFS-R) single target configuration with or without a Distributed File System Namespace (DFS-N) is supported.
Likewise, only single target configuration is supported with DFS-N.
For detailed information, see [Microsofts Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991)
and also [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009).
In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
In addition, because SYSVOL uses DFS-R for replication, SYSVOL cannot be used for UE-V data file replication.
- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the Settings Storage Location for UE-V 2.x](http://technet.microsoft.com/library/dn458891.aspx#ssl).
- Use file server clustering along with the UE-V Agent to provide access to copies of user state data in the event of communications failures.
- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFS-N shares, or on both.
### <a href="" id="clocksync"></a>Synchronize computer clocks for UE-V settings synchronization
@ -663,10 +667,10 @@ Before you proceed, make sure your environment includes these requirements for r
<td align="left"><p>.NET Framework 4.5 or higher</p></td>
</tr>
<tr class="even">
<td align="left"><p>Windows 10</p>
<td align="left"><p>Windows 10, pre-1607 version</p>
<div class="alert">
<strong>Note</strong>  
<p>Only UE-V 2.1 SP1 supports Windows 10</p>
<p>Only UE-V 2.1 SP1 supports Windows 10, pre-1607 version</p>
</div>
<div>
 
@ -685,6 +689,14 @@ Before you proceed, make sure your environment includes these requirements for r
<td align="left"><p>Windows PowerShell 3.0 or higher</p></td>
<td align="left"><p>.NET Framework 4.5 or higher</p></td>
</tr>
<tr class="even">
<td align="left"><p>Windows Server 2016</p></td>
<td align="left"><p>Standard or Datacenter</p></td>
<td align="left"><p>None</p></td>
<td align="left"><p>64-bit</p></td>
<td align="left"><p>Windows PowerShell 3.0 or higher</p></td>
<td align="left"><p>.NET Framework 4.6 or higher</p></td>
</tr>
</tbody>
</table>
@ -697,6 +709,9 @@ Also…
- **Administrative Credentials** for any computer on which youll be installing
**Note**  
- Starting with WIndows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack.
- The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
- Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.

26
windows/deploy/TOC.md
View File

@ -5,12 +5,17 @@
### [Upgrade Analytics requirements](upgrade-analytics-requirements.md)
### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
#### [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md)
### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
#### [Prepare your environment](upgrade-analytics-prepare-your-environment.md)
#### [Resolve application and driver issues](upgrade-analytics-resolve-issues.md)
#### [Deploy Windows](upgrade-analytics-deploy-windows.md)
#### [Review site discovery](upgrade-analytics-review-site-discovery.md)
#### [Upgrade overview](upgrade-analytics-upgrade-overview.md)
#### [Step 1: Identify apps](upgrade-analytics-identify-apps.md)
#### [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md)
#### [Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md)
#### [Additional insights](upgrade-analytics-additional-insights.md)
### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
## [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
#### [Key features in MDT 2013 Update 2](key-features-in-mdt-2013.md)
@ -50,8 +55,17 @@
## [Windows 10 upgrade paths](windows-10-upgrade-paths.md)
## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)
## [Provisioning packages for Windows 10](provisioning-packages.md)
### [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
### [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md)
### [How provisioning works in Windows 10](provisioning-how-it-works.md)
### [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
### [Create a provisioning package](provisioning-create-package.md)
### [Apply a provisioning package](provisioning-apply-package.md)
### [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
### [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
### [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
### [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
### [NFC-based device provisioning](provisioning-nfc.md)
### [Windows ICD command-line interface (reference)](provisioning-command-line.md)
### [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
## [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md)
## [Sideload apps in Windows 10](sideload-apps-in-windows-10.md)

33
windows/deploy/change-history-for-deploy-windows-10.md
View File

@ -11,6 +11,39 @@ author: greg-lindsay
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## February 2017
| New or changed topic | Description |
|----------------------|-------------|
| [USMT Requirements](usmt-requirements.md) | Updated: Vista support removed and other minor changes |
| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated structure and content |
| [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) | Added as a separate page from get started |
| [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md) | Updated with links to new content and information about the target OS setting |
| [Upgrade Analytics - Upgrade overview](upgrade-analytics-upgrade-overview.md) | New |
| [Upgrade Analytics - Step 1: Identify important apps](upgrade-analytics-identify-apps.md) | Updated topic title and content |
| [Upgrade Analytics - Step 2: Resolve app and driver issues](upgrade-analytics-resolve-issues.md) | New |
| [Upgrade Analytics - Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md) | New |
| [Upgrade Analytics - Additional insights](upgrade-analytics-additional-insights.md) | New |
## January 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) | New |
| [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) | New |
| [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) | New |
| [Apply a provisioning package](provisioning-apply-package.md) | New (previously published in other topics) |
| [Create a provisioning package for Windows 10](provisioning-create-package.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Create a provisioning package with multivariant settings](provisioning-multivariant.md) | New (previously published in Hardware Dev Center on MSDN) |
| [How provisioning works in Windows 10](provisioning-how-it-works.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md) | New (previously published in Hardware Dev Center on MSDN) |
| [NFC-based device provisioning](provisioning-nfc.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Windows ICD command-line interface (reference)](provisioning-command-line.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog |
| [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](provisioning-apply-package.md) |
| [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](provisioning-apply-package.md) |
## October 2016
| New or changed topic | Description |
|----------------------|-------------|

3
windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
View File

@ -163,6 +163,9 @@ ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi
```
>[!TIP]
>If you start the PXE boot process, but receive the error that "The boot configuration data for your PC is missing or contains errors" then verify that \\boot directory is installed under the correct TFTP server root directory. In the example used here the name of this directory is TFTPRoot, but your TFTP server might be different.
## PXE boot process summary
The following summarizes the PXE client boot process.

BIN
windows/deploy/images/ISE.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
windows/deploy/images/PoC-big.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 95 KiB

BIN
windows/deploy/images/PoC.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 136 KiB

BIN
windows/deploy/images/deploy-finish.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/deploy/images/disk2vhd-convert.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
windows/deploy/images/disk2vhd-gen2.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
windows/deploy/images/disk2vhd.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/deploy/images/disk2vhd4.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/deploy/images/five.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 429 B

BIN
windows/deploy/images/four.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 470 B

BIN
windows/deploy/images/icd-create-options.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
windows/deploy/images/icd-export-menu.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

BIN
windows/deploy/images/icd-install.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

BIN
windows/deploy/images/icd-multi-target-true.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/deploy/images/icd-multi-targetstate-true.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
windows/deploy/images/icd-runtime.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
windows/deploy/images/icd-script1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
windows/deploy/images/icd-script2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/deploy/images/icd-setting-help.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 98 KiB

BIN
windows/deploy/images/icd-settings.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
windows/deploy/images/icd-step1.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.2 KiB

BIN
windows/deploy/images/icd-step2.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

Some files were not shown because too many files have changed in this diff Show More