From f88e7e9e51dad1f5a265a7b3ad626edb5519121f Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Wed, 4 Mar 2020 14:58:04 -0800 Subject: [PATCH 01/11] Update wufb-compliancedeadlines.md I have updated to clarify that the change is for version 1709 and above *note* for 1903 and above. I have changed all instances of this in the document (or at least tried to). @jaimeo can you approve? --- .../update/wufb-compliancedeadlines.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index df08dd3caa..6d43d7c97d 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -16,15 +16,15 @@ ms.topic: article Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions. -The compliance options have changed with the release of Windows 10, version 1903: +The compliance options have changed for devices on Windows 10, version 1709 and above: -- [Starting with Windows 10, version 1903](#starting-with-windows-10-version-1903) -- [Prior to Windows 10, version 1903](#prior-to-windows-10-version-1903) +- [For Windows 10, version 1709 and above](#for-windows-10-version-1709-and-above) +- [For prior to Windows 10, version 1709](#prior-to-windows-10-version-1709) -## Starting with Windows 10, version 1903 +## For Windows 10, version 1709 and above -With a current version of Windows 10, it's best to use the new policy introduced in Windows 10, version 1903: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings: +With a current version of Windows 10, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and above: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings: - Update/ConfigureDeadlineForFeatureUpdates - Update/ConfigureDeadlineForQualityUpdates @@ -43,7 +43,7 @@ Further, the policy includes the option to opt out of automatic restarts until t |Policy|Description | |-|-| -| (starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. | +| (For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. | @@ -51,9 +51,9 @@ Further, the policy includes the option to opt out of automatic restarts until t |Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days| |-|-|-|-|-| -|(starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 | +|(For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 | -When **Specify deadlines for automatic updates and restarts** is set (starting in Windows 10, version 1903): +When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and above): **While restart is pending, before the deadline occurs:** - For the first few days, the user receives a toast notification @@ -75,7 +75,7 @@ When **Specify deadlines for automatic updates and restarts** is set (starting i -## Prior to Windows 10, version 1903 +## Prior to Windows 10, version 1709 Two compliance flows are available: From 4c7b5d1203883663b0d4667b7ebf611b89f5c32d Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Wed, 4 Mar 2020 15:22:43 -0800 Subject: [PATCH 02/11] Update command-line-arguments-windows-defender-antivirus.md --- .../command-line-arguments-windows-defender-antivirus.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 17897257a2..cbcf1227ad 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -30,6 +30,9 @@ You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. +> +> If you're running with an updated Windows Defender Platform version, please run MpCmdRun from below location: +> **C:\ProgramData\Microsoft\Windows Defender\Platform\** The utility has the following commands: @@ -44,7 +47,7 @@ MpCmdRun.exe -scan -2 | Command | Description | |:----|:----| | `-?` **or** `-h` | Displays all available options for this tool | -| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. | +| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. | | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-GetFiles` | Collects support information | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder | From e5487aa068fa582f53c39f9e1539aa3ee010e562 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 5 Mar 2020 08:12:53 -0800 Subject: [PATCH 03/11] Update windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md Thanks @illfated Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../command-line-arguments-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index cbcf1227ad..9c01591c7c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -31,7 +31,7 @@ You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. > -> If you're running with an updated Windows Defender Platform version, please run MpCmdRun from below location: +> If you're running an updated Windows Defender Platform version, please run MpCmdRun from the location below: > **C:\ProgramData\Microsoft\Windows Defender\Platform\** The utility has the following commands: From 219661338ec82e86bf3b3178a8e695a4c291f631 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 5 Mar 2020 08:15:51 -0800 Subject: [PATCH 04/11] Update command-line-arguments-windows-defender-antivirus.md --- ...mmand-line-arguments-windows-defender-antivirus.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 9c01591c7c..163a11cade 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.reviewer: +ms.reviewer: ksarens manager: dansimp --- @@ -22,17 +22,12 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. - -This utility can be useful when you want to automate Windows Defender Antivirus use. - -You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You must run it from a command prompt. +You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt. > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. > -> If you're running an updated Windows Defender Platform version, please run MpCmdRun from the location below: -> **C:\ProgramData\Microsoft\Windows Defender\Platform\** +> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\`. The utility has the following commands: From cf9c175dfb117d2c4164c0f4d9d9c06753ffb611 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 5 Mar 2020 08:16:59 -0800 Subject: [PATCH 05/11] Update command-line-arguments-windows-defender-antivirus.md --- .../command-line-arguments-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 163a11cade..b42e1c8729 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -46,7 +46,7 @@ MpCmdRun.exe -scan -2 | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-GetFiles` | Collects support information | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder | -| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set | +| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set | | `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence | | `-RemoveDefinitions [-Engine]` | Restores the previous installed engine | | `-SignatureUpdate [-UNC \| -MMPC]` | Checks for new Security intelligence updates | From 05393efdaac9ae53cf81c940e86af6f3b8b901ea Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 5 Mar 2020 10:13:48 -0800 Subject: [PATCH 06/11] Add insider-slow channel --- .../microsoft-defender-atp/linux-install-manually.md | 6 +++--- .../microsoft-defender-atp/linux-install-with-ansible.md | 6 +++--- .../microsoft-defender-atp/linux-install-with-puppet.md | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index d78e94da0e..7c7b87e9e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -37,11 +37,11 @@ Before you get started, see [Microsoft Defender ATP for Linux](microsoft-defende ## Configure the Linux software repository -Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below. +Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast*, *insider-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below. -The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*. +The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* and *insider-slow* can try out new features before devices in *prod*. -In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel. +In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insider-fast* or *insider-slow*. ### RHEL and variants (CentOS and Oracle EL) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 6dca87169e..141dfa33e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -129,11 +129,11 @@ Create subtask or role files that contribute to an actual task. Create the follo - Add the Microsoft Defender ATP repository and key. - Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository. + Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast*, *insider-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. - The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*. + The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* and *insider-slow* can try out new features before devices in *prod*. - In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel. + In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insider-fast* or *insider-slow*. Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 2e2db11bae..c70f5834c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -78,11 +78,11 @@ install_mdatp ### Contents of `install_mdatp/manifests/init.pp` -Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository. +Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast*, *insider-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. -The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*. +The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* and *insider-slow* can try out new features before devices in *prod*. -In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel. +In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insider-fast* or *insider-slow*. Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. From 64c16762732f9d96953192809388f255e441cc81 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 5 Mar 2020 10:24:48 -0800 Subject: [PATCH 07/11] fix typo and add details about USB SkipWimSplit --- .../deploy-a-windows-10-image-using-mdt.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index f9bbb31cba..13ae466693 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -94,7 +94,7 @@ The steps for creating the deployment share for production are the same as when ### Configure permissions for the production deployment share -To read files in the deployment share, you need to assign NTSF and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTProduction** folder +To read files in the deployment share, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTProduction** folder On **MDT01**: @@ -727,6 +727,9 @@ On **MDT01**: The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.) +>[!TIP] +>In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. To resolve this issue, you must split the .wim file. This can be done using DISM: Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800. Windows Setup automatically installs from this file, so long as you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm. To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\True\), so this must be changed and the offline media content updated. + Follow these steps to create a bootable USB stick from the offline media content: 1. On a physical machine running Windows 7 or later, insert the USB stick you want to use. From 3b8e3ebca390716a1bc9df5b09a6d2ca3708fd00 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 5 Mar 2020 10:33:18 -0800 Subject: [PATCH 08/11] Clarification --- .../microsoft-defender-atp/linux-install-manually.md | 12 ++++++------ .../linux-install-with-ansible.md | 6 +++--- .../linux-install-with-puppet.md | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 7c7b87e9e8..7353351968 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -37,11 +37,11 @@ Before you get started, see [Microsoft Defender ATP for Linux](microsoft-defende ## Configure the Linux software repository -Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast*, *insider-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below. +Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below. -The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* and *insider-slow* can try out new features before devices in *prod*. +The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*. -In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insider-fast* or *insider-slow*. +In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*. ### RHEL and variants (CentOS and Oracle EL) @@ -56,7 +56,7 @@ In order to preview new features and provide early feedback, it is recommended t sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/[distro]/[version]/[channel].repo ``` - For example, if you are running CentOS 7 and wish to deploy MDATP for Linux from the *insider-fast* channel: + For example, if you are running CentOS 7 and wish to deploy MDATP for Linux from the *insiders-fast* channel: ```bash sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/insiders-fast.repo @@ -94,7 +94,7 @@ In order to preview new features and provide early feedback, it is recommended t sudo zypper addrepo -c -f -n microsoft-[channel] https://packages.microsoft.com/config/[distro]/[version]/[channel].repo ``` - For example, if you are running SLES 12 and wish to deploy MDATP for Linux from the *insider-fast* channel: + For example, if you are running SLES 12 and wish to deploy MDATP for Linux from the *insiders-fast* channel: ```bash sudo zypper addrepo -c -f -n microsoft-insiders-fast https://packages.microsoft.com/config/sles/12/insiders-fast.repo @@ -132,7 +132,7 @@ In order to preview new features and provide early feedback, it is recommended t curl -o microsoft.list https://packages.microsoft.com/config/[distro]/[version]/[channel].list ``` - For example, if you are running Ubuntu 18.04 and wish to deploy MDATP for Linux from the *insider-fast* channel: + For example, if you are running Ubuntu 18.04 and wish to deploy MDATP for Linux from the *insiders-fast* channel: ```bash curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/insiders-fast.list diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 141dfa33e7..bdba284676 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -129,11 +129,11 @@ Create subtask or role files that contribute to an actual task. Create the follo - Add the Microsoft Defender ATP repository and key. - Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast*, *insider-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. + Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. - The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* and *insider-slow* can try out new features before devices in *prod*. + The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*. - In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insider-fast* or *insider-slow*. + In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*. Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index c70f5834c8..177ef802de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -78,11 +78,11 @@ install_mdatp ### Contents of `install_mdatp/manifests/init.pp` -Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast*, *insider-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. +Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. -The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* and *insider-slow* can try out new features before devices in *prod*. +The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*. -In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insider-fast* or *insider-slow*. +In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*. Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. From aaa6d00b277f5a41e0846b1b6b0278dd6bc85bc9 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 5 Mar 2020 11:07:24 -0800 Subject: [PATCH 09/11] fix typo and add details about USB SkipWimSplit --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 13ae466693..7e06abfeb3 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -728,7 +728,7 @@ On **MDT01**: The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.) >[!TIP] ->In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. To resolve this issue, you must split the .wim file. This can be done using DISM: Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800. Windows Setup automatically installs from this file, so long as you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm. To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\True\), so this must be changed and the offline media content updated. +>In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. This means you must split the .wim file, which can be done using DISM:
 
Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800.
 
Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
 
To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\True\), so this must be changed and the offline media content updated. Follow these steps to create a bootable USB stick from the offline media content: From 6d2509762eab1caf18316f7d9a8d2606b1852376 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 5 Mar 2020 14:10:23 -0800 Subject: [PATCH 10/11] Fixing layout of list items. --- .../update/wufb-compliancedeadlines.md | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 6d43d7c97d..2262091944 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -55,24 +55,27 @@ Further, the policy includes the option to opt out of automatic restarts until t When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and above): -**While restart is pending, before the deadline occurs:** -- For the first few days, the user receives a toast notification -- After this period, the user receives this dialog: + - **While restart is pending, before the deadline occurs:** -![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png) -- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur: + - For the first few days, the user receives a toast notification + + - After this period, the user receives this dialog: + + ![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png) + + - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur: ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) -**If the restart is still pending after the deadline passes:** -- Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching: + - **If the restart is still pending after the deadline passes:** + + - Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching: -![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png) -- Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification: - -![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png) + ![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png) + - Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification: + ![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png) ## Prior to Windows 10, version 1709 From 8343c2a696a8f5b65425a52fd8e4000e2ef6324e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 5 Mar 2020 14:33:58 -0800 Subject: [PATCH 11/11] Indented additional content, added white space --- windows/deployment/update/wufb-compliancedeadlines.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 2262091944..41edd21e70 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -65,7 +65,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur: -![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) + ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) - **If the restart is still pending after the deadline passes:** @@ -122,9 +122,11 @@ Once the device is in the pending restart state, it will attempt to restart the #### Notification experience for deadline Notification users get for a quality update deadline: + ![The notification users get for an impending quality update deadline](images/wufb-quality-notification.png) Notification users get for a feature update deadline: + ![The notification users get for an impending feature update deadline](images/wufb-feature-notification.png) ### Deadline with user engagement