deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into comcontrol-7790977

Browse Source
This commit is contained in:
Meghan Stewart
2023-05-12 11:54:53 -07:00
parent f4e6fd64d2 fabbbda6ea
commit 74163a221b
206 changed files with 4731 additions and 2070 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/deployment/do/TOC.yml
View File

@ -27,10 +27,12 @@
href: delivery-optimization-test.md
- name: Microsoft Connected Cache
items:
- name: Microsoft Connected Cache overview
- name: What is Microsoft Connected Cache?
href: waas-microsoft-connected-cache.md
- name: MCC for Enterprise and Education
items:
- name: MCC for Enterprise and Education Overview
href: mcc-ent-edu-overview.md
- name: Requirements
href: mcc-enterprise-prerequisites.md
- name: Deploy Microsoft Connected Cache
@ -41,6 +43,8 @@
href: mcc-enterprise-appendix.md
- name: MCC for ISPs
items:
- name: MCC for ISPs Overview
href: mcc-isp-overview.md
- name: How-to guides
items:
- name: Operator sign up and service onboarding

BIN
windows/deployment/do/images/mcc-isp-bgp-diagram.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
windows/deployment/do/images/mcc-isp-bgp-route.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.2 KiB

72
windows/deployment/do/mcc-ent-edu-overview.md Normal file
View File

@ -0,0 +1,72 @@
---
title: MCC for Enterprise and Education Overview
manager: aaroncz
description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education.
ms.prod: windows-client
author: amymzhou
ms.author: amyzhou
ms.topic: article
ms.date: 05/09/2023
ms.technology: itpro-updates
ms.collection: tier3
---
# Microsoft Connected Cache for Enterprise and Education Overview
**Applies to**
- Windows 10
- Windows 11
> [!IMPORTANT]
> - Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
> - We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For information about Microsoft Connected Cache in Configuration Manager (generally available, starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
## Supported scenarios
Connected Cache (early preview) supports the following scenarios:
- Pre-provisioning of devices using Windows Autopilot
- Cloud-only devices, such as Intune-enrolled devices
## Supported content types
When clients download cloud-managed content, they use Delivery Optimization from the cache server installed on a Windows server or VM. Cloud-managed content includes the following types:
- Windows Update for Business: Windows feature and quality updates
- Office Click-to-Run apps: Microsoft 365 Apps and updates
- Client apps: Microsoft Store apps and updates
- Endpoint protection: Windows Defender definition updates
For the full list of content endpoints that Microsoft Connected Cache for Enterprise and Education supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
## How it works
MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It's built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC is a Linux IoT Edge module running on the Windows Host OS.
1. The Azure Management Portal is used to create MCC nodes.
1. The MCC container is deployed and provisioned to the server using the installer provided in the portal.
1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server.
1. Microsoft end-user devices make range requests for content from the MCC node.
1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
1. Subsequent requests from end-user devices for content will now come from cache.
1. If the MCC node is unavailable, the client pulls content from CDN to ensure uninterrupted service for your subscribers.
The following diagram displays an overview of how MCC functions:
:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of MCC." lightbox="./images/waas-mcc-diag-overview.png":::
## IoT Edge
Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs several functions important to manage MCC on your edge device:
1. Installs and updates MCC on your edge device.
1. Maintains Azure IoT Edge security standards on your edge device.
1. Ensures that MCC is always running.
1. Reports MCC health and usage to the cloud for remote monitoring.
For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge).

1
windows/deployment/do/mcc-enterprise-prerequisites.md
View File

@ -20,6 +20,7 @@ ms.collection: tier3
> [!NOTE]
> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
## Enterprise requirements for MCC
1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management) and IoT Hub resource. Both are free services.

26
windows/deployment/do/mcc-isp-create-provision-deploy.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: nidos
ms.author: nidos
ms.topic: article
ms.date: 12/31/2017
ms.date: 05/09/2023
ms.technology: itpro-updates
ms.collection: tier3
---
@ -18,7 +18,7 @@ ms.collection: tier3
- Windows 10
- Windows 11
This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node will require downloading an installer script that will be run on your cache server.
This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node requires downloading an installer script that will be run on your cache server.
> [!IMPORTANT]
> Before you can create your Microsoft Connected Cache, you will need to complete the [sign up process](mcc-isp-signup.md). You cannot proceed without signing up for our service.
@ -37,7 +37,7 @@ During the configuration of your cache node, there are many fields for you to co
### Client routing
Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you'll be able to route your clients to your cache node.
Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you're able to route your clients to your cache node.
Microsoft Connected Cache offers two ways for you to route your clients to your cache node. The first method of manual entry involves uploading a comma-separated list of CIDR blocks that represents the clients. The second method of setting BGP (Border Gateway Protocol) is more automatic and dynamic, which is set up by establishing neighborships with other ASNs. All routing methods are set up within Azure portal.
@ -53,6 +53,23 @@ You can manually upload a list of your CIDR blocks in Azure portal to enable man
BGP (Border Gateway Protocol) routing is another method offered for client routing. BGP dynamically retrieves CIDR ranges by exchanging information with routers to understand reachable networks. For an automatic method of routing traffic, you can choose to configure BGP routing in Azure portal.
Microsoft Connected Cache includes Bird BGP, which enables the cache node to:
- Establish iBGP peering sessions with routers, route servers, or route collectors within operator networks
- Act as a route collector
The operator starts the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then starts the session with the Microsoft Connected Cache node from the router.
In the example configuration below:
- The operator ASN is 65100
- The ASN of the Microsoft Connected Cache cache node is 65100 and the IP address is 192.168.8.99
- iBGP peering sessions are established from the portal for ASNs 65100, 65200, and 65300.
:::image type="content" source="images/mcc-isp-bgp-route.png" alt-text="Screenshot of a table entitled BGP route information showing how each ASN corresponds to a specific IP address." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::
:::image type="content" source="images/mcc-isp-bgp-diagram.png" alt-text="A diagram that shows the relationship between the cache node and other ASNs/routers when using BGP. BGP routing allows the cache node to route to other network providers with different ASNs." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::
To set up and enable BGP routing for your cache node, follow the steps below:
1. Navigate to **Settings** > **Cache nodes**. Select the cache node you wish to provision.
:::image type="content" source="images/mcc-isp-provision-cache-node-numbered.png" alt-text="Screenshot of the Azure portal depicting the cache node configuration page of a cache node. This screenshot shows all of the fields you can choose to configure the cache node." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::
@ -101,6 +118,9 @@ There are five IDs that the device provisioning script takes as input in order t
#### Provision your server
> [!IMPORTANT]
> Have you correctly mounted your disk? Your MCC will not be successfully installed without this important step. Before provisioning your server, ensure your disk is correctly mounted by following the instructions here: [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk).
:::image type="content" source="images/mcc-isp-deploy-cache-node-numbered.png" alt-text="Screenshot of the server provisioning tab within cache node configuration in Azure portal.":::
1. After completing cache node provisioning, navigate to the **Server provisioning** tab. Select **Download provisioning package** to download the installation package to your server.

2
windows/deployment/do/mcc-isp-faq.yml
View File

@ -85,6 +85,8 @@ sections:
answer: If a downstream customer deploys a Microsoft Connected Cache node, the cache controller will prefer the downstream ASN when handling that ASN's traffic.
- question: I signed up for Microsoft Connected Cache, but I'm not receiving the verification email. What should I do?
answer: First, check that the email under the NOC role is correct in your PeeringDB page. If the email associated with NOC role is correct, search for an email from the sender "microsoft-noreply@microsoft.com" with the email subject - "Here's your Microsoft Connected Cache verification code" in your Spam folders. Still can't find it? Ensure that your email admin rules allow emails from the sender "microsoft-noreply@microsoft.com".
- question: I noticed I can set up BGP for routing. How does BGP routing work for Microsoft Connected Cache?
answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing).
- question: I have an active MCC, but I'm noticing I hit the message limit for my IoT Hub each day. Does this affect my MCC performance and should I be concerned?
answer: Even when the quota of 8k messages is hit, the MCC functionality won't be affected. Your client devices will continue to download content as normal. You'll also not be charged above the 8k message limit, so you don't need to worry at all about getting a paid plan. MCC will always be a free service. So if functionality isn't impacted, what is? Instead, messages about the configuration or edge deployment would be impacted. This means that if there was a request to update your MCC and the daily quota was reached, your MCC might not update. In that case, you would just need to wait for the next day to update. This is only a limitation of the early preview and isn't an issue during public preview.
- question: What do I do if I need more support and have more questions even after reading this FAQ page?

40
windows/deployment/do/mcc-isp-overview.md Normal file
View File

@ -0,0 +1,40 @@
---
title: MCC for ISPs Overview
manager: aaroncz
description: Overview for Microsoft Connected Cache for ISPs
ms.prod: windows-client
author: amymzhou
ms.author: amyzhou
ms.topic: article
ms.date: 05/09/2023
ms.technology: itpro-updates
ms.collection: tier3
---
# Microsoft Connected Cache for ISPs Overview
**Applies to**
- Windows 10
- Windows 11
Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a software-only caching solution that delivers Microsoft content. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
## Supported scenarios
Microsoft Connected Cache (preview) supports the following scenarios:
- Internet service provider that provides content downloads for end customers
- Network service providers that provide transit for other service providers
## Supported content
Microsoft Connected Cache uses Delivery Optimization as the backbone for Microsoft content delivery. Microsoft Connected Cache caches the following types:
- Windows Update for Business: Windows feature and quality updates
- Office Click-to-Run apps: Microsoft 365 Apps and updates
- Client apps: Microsoft Store apps and updates
- Endpoint protection: Windows Defender definition updates
- Xbox: Xbox Game Pass (PC only)
For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).

2
windows/deployment/do/mcc-isp-signup.md
View File

@ -21,7 +21,7 @@ ms.collection: tier3
This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview).
> [!NOTE]
> Microsoft Connected Cache is now in public review. Instead of submitting a survey, you can directly onboard by following the instructions in this article.
> Microsoft Connected Cache is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in this article.
## Prerequisites

43
windows/deployment/do/waas-microsoft-connected-cache.md
View File

@ -8,11 +8,11 @@ ms.localizationpriority: medium
ms.author: carmenf
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 05/09/2023
ms.collection: tier3
---
# Microsoft Connected Cache overview
# What is Microsoft Connected Cache?
**Applies to**
@ -31,47 +31,20 @@ Both products are created and managed in the cloud portal.
## Microsoft Connected Cache for ISPs (preview)
> [!NOTE]
> Microsoft Connected Cache for Internet Service Providers is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article.
> Microsoft Connected Cache for Internet Service Providers is now in public preview. To onboard, follow the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article.
Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. Learn more at [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md).
## Microsoft Connected Cache for Enterprise and Education (early preview)
> [!NOTE]
> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md).
MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. Its built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS.
## IoT Edge
Both of Microsoft Connected Cache product offerings use Azure IoT Edge. Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs several functions important to manage MCC on your edge device:
1. Installs and updates MCC on your edge device.
1. Maintains Azure IoT Edge security standards on your edge device.
1. Ensures that MCC is always running.
1. Reports MCC health and usage to the cloud for remote monitoring.
To deploy a functional MCC to your device, you must obtain the necessary keys to provision the Connected Cache instance that communicates with Delivery Optimization services, and enable the device to cache and deliver content. The architecture of MCC is described below.
For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge).
## How MCC Works
1. The Azure Management Portal is used to create MCC nodes.
1. The MCC container is deployed and provisioned to the server using the installer provided in the portal.
1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server.
1. Microsoft end-user devices make range requests for content from the MCC node.
1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
1. Subsequent requests from end-user devices for content will now come from cache.
1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers.
The following diagram displays and overview of how MCC functions:
:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of MCC." lightbox="./images/waas-mcc-diag-overview.png":::
Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache)
## Next steps
- [Microsoft Connected Cache for Enterprise and Education](mcc-enterprise-prerequisites.md)
- [Microsoft Connected Cache for ISPs](mcc-isp-signup.md)
- [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md)
- [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md)

2
windows/deployment/update/WIP4Biz-intro.md
View File

@ -44,7 +44,7 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op
|Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
|Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. |
|Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)<br> - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications<br> - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. |
|Feedback | - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organizations domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) |
|Feedback | - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organizations domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback) |
## Validate Insider Preview builds
Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits:

2
windows/deployment/update/eval-infra-tools.md
View File

@ -45,7 +45,7 @@ Keep security baselines current to help ensure that your environment is secure a
There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591).
- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593).
- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.

36
windows/deployment/update/media-dynamic-update.md
View File

@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 05/09/2023
ms.reviewer: stevedia
---
@ -77,6 +77,7 @@ This table shows the correct sequence for applying the various tasks to the file
|Add Safe OS Dynamic Update | 6 | | |
|Add Setup Dynamic Update | | | | 26
|Add setup.exe from WinPE | | | | 27
|Add boot manager from WinPE | | | | 28
|Add latest cumulative update | | 15 | 21 |
|Clean up the image | 7 | 16 | 22 |
|Add Optional Components | | | 23 |
@ -300,7 +301,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim
### Update WinPE
This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, it adds font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save the serviced boot manager files for later use in the script. Finally, the script cleans and exports Boot.wim, and copies it back to the new media.
```powershell
#
@ -416,9 +417,15 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
Write-Output "$(Get-TS): Performing image cleanup on WinPE"
DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
# If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
if ($IMAGE.ImageIndex -eq "2") {
# Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null
# Save serviced boot manager files later copy to the root media.
Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -ErrorAction stop | Out-Null
Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -ErrorAction stop | Out-Null
}
# Dismount
@ -532,7 +539,7 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc
### Update remaining media files
This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe using the previously saved version from WinPE.
This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings in updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
```powershell
#
@ -544,8 +551,29 @@ Write-Output "$(Get-TS): Adding package $SETUP_DU_PATH"
cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null
# Copy setup.exe from boot.wim, saved earlier.
Write-Output "$(Get-TS): Copying $WORKING_PATH\setup.exe to $MEDIA_NEW_PATH\sources\setup.exe"
Copy-Item -Path $WORKING_PATH"\setup.exe" -Destination $MEDIA_NEW_PATH"\sources\setup.exe" -Force -ErrorAction stop | Out-Null
# Copy bootmgr files from boot.wim, saved earlier.
$MEDIA_NEW_FILES = Get-ChildItem $MEDIA_NEW_PATH -Force -Recurse -Filter b*.efi
Foreach ($File in $MEDIA_NEW_FILES){
if (($File.Name -ieq "bootmgfw.efi") -or `
($File.Name -ieq "bootx64.efi") -or `
($File.Name -ieq "bootia32.efi") -or `
($File.Name -ieq "bootaa64.efi"))
{
Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)"
Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
}
elseif ($File.Name -ieq "bootmgr.efi")
{
Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)"
Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
}
}
```
### Finish up

6
windows/deployment/update/waas-servicing-channels-windows-10-updates.md
View File

@ -48,10 +48,10 @@ The General Availability Channel is the default servicing channel for all Window
To get started with the Windows Insider Program for Business, follows these steps:
1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/).
2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
1. On the [Windows Insider](https://www.microsoft.com/windowsinsider/for-business) website, select **Register** to register your organizational Azure AD account.
2. Follow the prompts to register your tenant.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register.
3. Make sure the **Allow Telemetry** setting is set to **2** or higher.
4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery:
4. For Windows devices, set policies to manage preview builds and their delivery:
The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*

7
windows/deployment/update/wufb-compliancedeadlines.md
View File

@ -8,13 +8,13 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 05/12/2023
---
# Enforcing compliance deadlines for updates
**Applies to**
- Windows 10
- Windows 10
- Windows 11
Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
@ -43,3 +43,6 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10
For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.)
For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
> [!NOTE]
> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.

2
windows/deployment/update/wufb-reports-do.md
View File

@ -92,7 +92,7 @@ There are several calculated values that appear on the Delivery Optimization rep
In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of original to encoded GroupIDs using the following PowerShell example:
```powershell
$text = "<myEncodedGroupID>" ;
$text = "<myEncodedGroupID>`0"; (the null-terminator (`0) must be included in the string hash)
$hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64"
```

1
windows/deployment/upgrade/windows-10-edition-upgrades.md
View File

@ -22,7 +22,6 @@ ms.date: 10/28/2022
With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer.

2
windows/deployment/volume-activation/volume-activation-windows-10.md
View File

@ -27,7 +27,7 @@ ms.technology: itpro-fundamentals
> [!TIP]
> Are you looking for volume licensing information?
>
> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104)
> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://www.microsoft.com/download/details.aspx?id=11091)
> [!TIP]
> Are you looking for information on retail activation?

7
windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
View File

@ -1,7 +1,7 @@
---
title: Device registration overview
description: This article provides an overview on how to register devices in Autopatch
ms.date: 05/02/2023
ms.date: 05/08/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -141,6 +141,9 @@ If your Autopatch groups have more than five deployment rings, and you must move
If you want to move devices to different deployment rings (either service or software update-based), after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the**Registered**tab.
> [!IMPORTANT]
> You can only move devices in between deployment rings within the **same** Autopatch group. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you'll receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
**To move devices in between deployment rings:**
> [!NOTE]
@ -150,7 +153,7 @@ If you want to move devices to different deployment rings (either service or sof
1. In the**Windows Autopatch**section, select**Devices**.
1. In the**Registered**tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
1. Select**Device actions**from the menu.
1. Select**Assign device group**. A fly-in opens.
1. Select**Assign ring**. A fly-in opens.
1. Use the dropdown menu to select the deployment ring to move devices to, and then selectSave. TheRing assigned bycolumn will change toPending.
1. When the assignment is complete, the**Ring assigned by**column changes toAdmin(which indicates that you made the change) and the**Ring** column shows the new deployment ring assignment.

21
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
View File

@ -1,7 +1,7 @@
---
title: Manage Windows Autopatch groups
description: This article explains how to manage Autopatch groups
ms.date: 05/05/2023
ms.date: 05/11/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -127,7 +127,7 @@ You **cant** delete the Default Autopatch group. However, you can delete a Cu
> [!IMPORTANT]
> The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected.
> Fore more information on what to expect for this scenario during public preview, see [Known issues](#known-issues).
> For more information on what to expect for this scenario during public preview, see [Known issues](#known-issues).
Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups.
@ -188,7 +188,13 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be
- Default to Custom Autopatch device conflict detection and resolution.
- Device conflict detection and resolution within an Autopatch group.
- Custom to Cstom Autopatch group device conflict detection.
- Custom to Custom Autopatch group device conflict detection.
> [!TIP]
> Use the following two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
>
> - Review your software update deployment requirements thoroughly. If your deployment requirements allow, try using the Default Autopatch group as much as possible, instead of start creating Custom Autopatch groups. You can customize the Default Autopatch to have up to 15 deployment rings, and you can use your existing device-based Azure AD groups with custom update deployment cadences.
> - If creating Custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with Windows Autopatch, and already belong to the Default Autopatch group.
### Autopatch group Azure AD group remediator
@ -213,3 +219,12 @@ The Windows Autopatch team is currently developing the Autopatch group Azure AD
> - Modern Workplace Devices-Windows Autopatch-Broad
>
> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups).
### Rename an Autopatch group
- **Status: Active**
You can't rename an Autopatch group yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group. Windows Autopatch is currently developing the rename feature.
> [!IMPORTANT]
> During the public preview, if you try to rename either the [Update rings](/mem/intune/protect/windows-10-update-rings) or [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies directly in the Microsoft Intune end-user experience, the policy names are reverted back to the name defined by the Autopatch group end-user experience interface.

6
windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
View File

@ -58,12 +58,12 @@ Alert resolutions are provided through the Windows Update service and provide th
| `DeviceRegistrationInvalidGlobalDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Global Device ID. |The Windows Update service has reported that the MSA Service may be disabled preventing Global Device ID assignment.<p>Check that the MSA Service is running or able to run on device.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DeviceRegistrationIssue` | The device isn't able to register or authenticate properly with Windows Update. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DeviceRegistrationNoTrustType` | The device isn't able to register or authenticate properly with Windows Update because it can't establish Trust. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65#:~:text=Here%E2%80%99s%20how%20to%20get%20more%20storage%20space%20on,to%20Windows%20needs%20space%20to%20update.%20More%20items).</p> |
| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](https://support.microsoft.com/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65).</p> |
| `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service has reported an issue with your update server. Validate your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
| `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service has reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service (BITS) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service ([BITS](/windows/win32/bits/about-bits)) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadIssue` | There was an issue downloading the update. | The Windows Update service has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/security-updates/WindowsUpdateServices/18127392).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/windows/win32/bits/about-bits).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service has reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
| `EndOfService` | The device is on a version of Windows that has passed its end of service date. | Windows Update service has reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
| `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |