diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md index 2cd07840b0..cc4aa9686d 100644 --- a/store-for-business/microsoft-store-for-business-education-powershell-module.md +++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md @@ -9,7 +9,7 @@ author: cmcatee-MSFT manager: scotv ms.topic: conceptual ms.localizationpriority: medium -ms.custom: has-azure-ad-ps-ref +ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done ms.date: 05/24/2023 ms.reviewer: --- @@ -36,7 +36,7 @@ You can use the PowerShell module to: - Perform bulk operations with .csv files - automates license management for customers with larger numbers of licenses >[!NOTE] ->Assigning apps to groups is not supported via this module. Instead, we recommend leveraging the Microsoft Entra ID Or MSOnline Modules to save members of a group to a CSV file and follow instructions below on how to use CSV file to manage assignments. +>Assigning apps to groups is not supported via this module. Instead, we recommend leveraging the Microsoft Entra ID or [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview) Modules to save members of a group to a CSV file and follow instructions below on how to use CSV file to manage assignments. ## Requirements To use the Microsoft Store for Business and Education PowerShell module, you'll need: @@ -77,7 +77,7 @@ To authorize the PowerShell module, run this command. You'll need to sign-in wit Grant-MSStoreClientAppAccess ``` -You will be prompted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Azure PowerShell cmdlets are loaded and ready to be used. +You will be prompted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Microsoft Graph PowerShell cmdlets are loaded and ready to be used. ## View items in Products and Services Service management should encounter no breaking changes as a result of the separation of Azure Service Management and **Microsoft Store for Business and Education PowerShell** preview. diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/lock-down-windows-11-to-specific-apps.md index b2c6c66985..e8f41d7572 100644 --- a/windows/configuration/lock-down-windows-11-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-11-to-specific-apps.md @@ -15,7 +15,7 @@ ms.topic: how-to **Applies to** -- Windows 11 Pro, Enterprise, and Education +- Windows 11 Pro, Enterprise, IoT Enterprise and Education > [!NOTE] > The use of multiple monitors is supported for multi-app kiosk mode in Windows 11. @@ -35,8 +35,12 @@ See the table below for the different methods to configure a multi-app kiosk in |Configuration Method|Availability| |--------------------|------------| |[MDM WMI Bridge Provider](#configure-a-kiosk-using-wmi-bridge) | Available May 2023| + + > [!NOTE] > For WMI Bridge/PowerShell and Provisioning package methods, you will need to create your own multi-app kiosk XML file as specified below. @@ -319,42 +323,69 @@ Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/ Here's an example of how to set AssignedAccess configuration: 1. Download the [psexec tool](/sysinternals/downloads/psexec). -2. Run `psexec.exe -i -s cmd.exe`. -3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. -4. Run the following script replacing the placeholder "your XML here, with the [XML](#create-the-xml-file) you created above. +1. Using an elevated command prompt, run `psexec.exe -i -s cmd.exe`. +1. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. +1. Save the following Powershell excerpt as a PowerShell script (.ps1), replacing the placeholder "your XML here" with the [Sample Assigned Access XML](#sample-assigned-access-xml) then run the script at the Powershell prompt from the previous step. -```xml -$nameSpaceName="root\cimv2\mdm\dmmap" +```powershell +$eventLogFilterHashTable = @{ + ProviderName = "Microsoft-Windows-AssignedAccess"; + StartTime = Get-Date -Millisecond 0 +} + +$namespaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Add-Type -AssemblyName System.Web -$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@" +$obj.Configuration = [System.Net.WebUtility]::HtmlEncode(@" "@) -Set-CimInstance -CimInstance $obj +$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue +if($cimSetError) { + Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n" + Write-Error -ErrorRecord $cimSetError[0] + + $timeout = New-TimeSpan -Seconds 30 + $stopwatch = [System.Diagnostics.Stopwatch]::StartNew() + do{ + $events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore + } until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available + + if($events.Count) { + $events | ForEach-Object { + Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")" + } + } else { + Write-Warning "Timed-out attempting to retrieve event logs..." + } + + Exit 1 +} + +Write-Output "Successfully applied Assigned Access configuration" ``` + ## Sample Assigned Access XML -Compare the below to your XML file to check for correct formatting. +This section contains a predefined XML file which can be used as a quickstart to get familiar with the Assigned Access multi-app kiosk feature on Windows 11. ```xml + xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" + xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config"> - - - - - + + + + @@ -362,11 +393,10 @@ Compare the below to your XML file to check for correct formatting. { "pinnedList":[ {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}, {"packagedAppId":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App"}, - {"packagedAppId":"Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic"}, - {"packagedAppId":"Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo"}, {"packagedAppId":"Microsoft.BingWeather_8wekyb3d8bbwe!App"}, - {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Paint.lnk"}, - {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Notepad.lnk"} + {"desktopAppLink":"C:\\Users\\MultiAppKioskUser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"}, + {"desktopAppLink":"C:\\Users\\MultiAppKioskUser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk"}, + {"desktopAppLink":"C:\\Users\\MultiAppKioskUser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk"} ] } ]]> @@ -379,5 +409,5 @@ Compare the below to your XML file to check for correct formatting. - + ``` diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 58d36aae43..b3fa2680c5 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -27,7 +27,7 @@ Windows Update for Business product family has three elements: - [Windows Update for Business reports](wufb-reports-overview.md) to monitor update deployment - Deployment service APIs to approve and schedule specific updates for deployment, which are available through the Microsoft Graph and associated SDKs (including PowerShell) -The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the[Windows Update for Business reports workbook](wufb-reports-workbook.md). +The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the [Windows Update for Business reports workbook](wufb-reports-workbook.md). :::image type="content" source="media/7512398-deployment-service-overview.png" alt-text="Diagram displaying the three elements that are parts of the Windows Update for Business family."::: diff --git a/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md index b0da2402b2..b1bfa3ebb1 100644 --- a/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md +++ b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md @@ -121,7 +121,7 @@ Figure 2 illustrates the Measured Boot and remote attestation process. *Figure 2. Measured Boot proves the PC's health to a remote server*: -Windows includes the application programming interfaces to support Measured Boot. However, to take advanted of it, you need non-Microsoft tools to implement a remote attestation client and trusted attestation server. For example, see the following tools from Microsoft Research: +Windows includes the application programming interfaces to support Measured Boot. However, to take advantage of it, you need non-Microsoft tools to implement a remote attestation client and trusted attestation server. For example, see the following tools from Microsoft Research: - [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487) - [TSS.MSR](https://github.com/microsoft/TSS.MSR#tssmsr)