From d1ac15ba5752a11685ea46d97e42a6c5fc2206b9 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 21 Sep 2018 09:31:49 -0700 Subject: [PATCH 1/6] added info about new 30-month support policy --- windows/deployment/update/waas-overview.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 9b07031bb6..b664d9b508 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -8,7 +8,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.date: 09/07/2018 +ms.date: 09/072/2018 --- # Overview of Windows as a service @@ -121,7 +121,12 @@ Once the latest release went through pilot deployment and testing, you choose th When Microsoft officially releases a feature update for Windows 10, it is made available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools). -Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases, while after about 4 months, we will announce broad deployment readiness, indicating that Microsoft, independent software vendors (ISVs), partners, and customers believe that the release is ready for broad deployment. Each feature update release will be supported and updated for 18 months from the time of its release + +Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases. All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release. + +>[!NOTE] +All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise >and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. + >[!NOTE] >Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools. From 02140ea6ef81241e0b778d2cdd6d11733abf5590 Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Fri, 21 Sep 2018 13:50:28 -0700 Subject: [PATCH 2/6] Added quick scans run on usb by default. --- ...nfigure-advanced-scan-types-windows-defender-antivirus.md | 3 +++ .../run-scan-windows-defender-antivirus.md | 2 ++ .../scheduled-catch-up-scans-windows-defender-antivirus.md | 5 ++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md index 673fc41138..587b69b508 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md @@ -55,6 +55,9 @@ Scan removable drives during full scans only | Scan > Scan removable drives | Di Specify the level of subfolders within an archive folder to scan | Scan > Specify the maximum depth to scan archive files | 0 | Not available Specify the maximum CPU load (as a percentage) during a scan. Note: This is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on average. | Scan > Specify the maximum percentage of CPU utilization during a scan | 50 | `-ScanAvgCPULoadFactor` Specify the maximum size (in kilobytes) of archive files that should be scanned. The default, **0**, applies no limit | Scan > Specify the maximum size of archive files to be scanned | No limit | Not available + +>[!NOTE] +>By default, quick scans run on mounted removable devices, such as USB drives. **Use PowerShell to configure scanning options** diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md index 9a93cd3335..a8d4290775 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md @@ -33,6 +33,8 @@ In most instances, this means a quick scan is adequate to find malware that wasn A full scan can be useful on endpoints that have encountered a malware threat to identify if there are any inactive components that require a more thorough clean-up, and can be ideal when running on-demand scans. +>[!NOTE] +>By default, quick scans run on mounted removable devices, such as USB drives. **Use Configuration Manager to run a scan:** diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index 4bb34b0d77..bc6c620629 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -57,7 +57,10 @@ In most instances, this means a quick scan is adequate to find malware that wasn A full scan can be useful on endpoints that have encountered a malware threat to identify if there are any inactive components that require a more thorough clean-up. In this instance, you may want to use a full scan when running an [on-demand scan](run-scan-windows-defender-antivirus.md). -A custom scan allows you to specify the files and folders to scan, such as a USB drive. +A custom scan allows you to specify the files and folders to scan, such as a USB drive. + +>[!NOTE] +>By default, quick scans run on mounted removable devices, such as USB drives. ## Set up scheduled scans From 857e1a32a322281c1f3ebfd4c56480ba9b0d2793 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 24 Sep 2018 15:31:17 +0000 Subject: [PATCH 3/6] Merged PR 11542: issue 1656, issue 1605, + remove superfluous level in Configuration --- .openpublishing.redirection.json | 5 ++++ .../connect-to-remote-aadj-pc.md | 4 +-- windows/configuration/TOC.md | 23 +++++++------- .../guidelines-for-assigned-access-app.md | 2 +- windows/configuration/index.md | 4 ++- .../configuration/start-taskbar-lockscreen.md | 30 ------------------- 6 files changed, 22 insertions(+), 46 deletions(-) delete mode 100644 windows/configuration/start-taskbar-lockscreen.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 51c9ccf162..4e0efdcc9b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -6862,6 +6862,11 @@ "redirect_document_id": true }, { +"source_path": "windows/configuration/start-taskbar-lockscreen.md", +"redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies", +"redirect_document_id": true +}, +{ "source_path": "windows/configure/stop-employees-from-using-the-windows-store.md", "redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store", "redirect_document_id": true diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 920c37386e..1aa38eb7ba 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -33,11 +33,11 @@ From its release, Windows 10 has supported remote connections to PCs that are jo ![Allow remote connections to this computer](images/allow-rdp.png) - 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. + 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. >[!NOTE] >You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet: > - >`net localgroup "Remote Desktop Users" /add "AzureAD\FirstnameLastname"` + >`net localgroup "Remote Desktop Users" /add "AzureAD\FirstnameLastname"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD. > >In Windows 10, version 1709, the user does not have to sign in to the remote device first. > diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index b388b128cd..b434ae89f0 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -27,18 +27,17 @@ ### [Product IDs in Windows 10 Mobile](mobile-devices/product-ids-in-windows-10-mobile.md) ### [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md) ## [Configure cellular settings for tablets and PCs](provisioning-apn.md) -## [Configure Start, taskbar, and lock screen](start-taskbar-lockscreen.md) -### [Configure Windows Spotlight on the lock screen](windows-spotlight.md) -### [Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions](manage-tips-and-suggestions.md) -### [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -#### [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -#### [Customize and export Start layout](customize-and-export-start-layout.md) -#### [Add image for secondary tiles](start-secondary-tiles.md) -#### [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -#### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -#### [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -#### [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) -#### [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) +## [Configure Windows Spotlight on the lock screen](windows-spotlight.md) +## [Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions](manage-tips-and-suggestions.md) +## [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) +### [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) +### [Customize and export Start layout](customize-and-export-start-layout.md) +### [Add image for secondary tiles](start-secondary-tiles.md) +### [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) +### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) +### [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) +### [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) +### [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) ## [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) ### [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) #### [Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook](cortana-at-work/cortana-at-work-scenario-1.md) diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index 4c7f8bc3ee..92e0a97c03 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -46,7 +46,7 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t In Windows 10, version 1803, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. >[!NOTE] ->Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. +>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs. **Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education). diff --git a/windows/configuration/index.md b/windows/configuration/index.md index 11ec530a2c..b64b47fabf 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -26,7 +26,9 @@ Enterprises often need to apply custom configurations to devices for their users | [Configure kiosk and digital signage devices running Windows 10 desktop editions](kiosk-methods.md) | These topics help you configure Windows 10 devices to run as a kiosk device. | | [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) | These topics help you configure the features and apps and Start screen for a device running Windows 10 Mobile, as well as how to configure a kiosk device that runs a single app. | | [Configure cellular settings for tablets and PCs](provisioning-apn.md) | Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles. | -| [Configure Start, taskbar, and lock screen](start-taskbar-lockscreen.md) | A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default. | +| [Windows Spotlight on the lock screen](windows-spotlight.md) | Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.

**Note:** You can also use the [Personalization CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/personalization-csp) settings to set lock screen and desktop background images. | +| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](manage-tips-and-suggestions.md) | Options to manage the tips, tricks, and suggestions offered by Windows and Microsoft Store. | +| [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Pro, Enterprise, or Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. | | [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) | The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. | | [Configure access to Microsoft Store](stop-employees-from-using-the-windows-store.md) | IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. | | [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) | Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. This topic helps IT administrators learn about built-in accessibility features. | diff --git a/windows/configuration/start-taskbar-lockscreen.md b/windows/configuration/start-taskbar-lockscreen.md deleted file mode 100644 index 083777bcdd..0000000000 --- a/windows/configuration/start-taskbar-lockscreen.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Configure Start layout, taskbar, and lock screen for Windows 10 PCs (Windows 10) -description: -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: jdeckerms -ms.author: jdecker -ms.topic: article -ms.date: 07/27/2017 ---- - -# Configure Start layout, taskbar, and lock screen for Windows 10 PCs - - - -## In this section - -| Topic | Description | -| --- | --- | -| [Windows Spotlight on the lock screen](windows-spotlight.md) | Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.

**Note:** You can also use the [Personalization CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/personalization-csp) settings to set lock screen and desktop background images. | -| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](manage-tips-and-suggestions.md) | Options to manage the tips, tricks, and suggestions offered by Windows and Microsoft Store. | -| [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Pro, Enterprise, or Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. | - - -## Related topics - -- [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) \ No newline at end of file From 9f5fe1473259c0a3ea8b7d33c0ce364bae7ac045 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 24 Sep 2018 09:21:19 -0700 Subject: [PATCH 4/6] fixing typos --- windows/deployment/update/waas-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index b664d9b508..9cfb7ab6bf 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -8,7 +8,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.date: 09/072/2018 +ms.date: 09/24/2018 --- # Overview of Windows as a service @@ -125,7 +125,7 @@ When Microsoft officially releases a feature update for Windows 10, it is made a Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases. All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release. >[!NOTE] -All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise >and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. +All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. >[!NOTE] From 308bd1e320d4573d28ffd9865596c62f70c9be29 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 24 Sep 2018 09:48:11 -0700 Subject: [PATCH 5/6] changed DO/Configuration Manager intersection in table to green check mark --- windows/deployment/update/waas-optimize-windows-10-updates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index 831d0da5ff..8446553143 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -7,7 +7,7 @@ ms.sitesec: library author: DaniHalfin ms.localizationpriority: medium ms.author: daniha -ms.date: 07/27/2017 +ms.date: 09/24/2018 --- # Optimize Windows 10 update delivery @@ -38,7 +38,7 @@ Two methods of peer-to-peer content distribution are available in Windows 10. | Method | Windows Update | Windows Update for Business | WSUS | Configuration Manager | | --- | --- | --- | --- | --- | -| Delivery Optimization | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![no](images/crossmark.png) | +| Delivery Optimization | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | | BranchCache | ![no](images/crossmark.png) | ![no](images/crossmark.png) |![yes](images/checkmark.png) | ![yes](images/checkmark.png) | >[!NOTE] From c8c3ffbf9ef9eee6d6656949491adb8c9ecd7075 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 25 Sep 2018 15:18:32 +0000 Subject: [PATCH 6/6] Merged PR 11581: add link to XML ref + format fix --- .../configuration/lock-down-windows-10-to-specific-apps.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 7793d23b83..c9b58fc2da 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -100,7 +100,7 @@ Let's start by looking at the basic structure of the XML file. ![profile = app and config = account](images/profile-config.png) -You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. +You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. You can see a full sample version in the [Assigned access XML reference.](kiosk-xml.md) ```xml @@ -309,7 +309,7 @@ On domain-joined devices, local user accounts aren't shown on the sign-in screen ``` >[!IMPORTANT] ->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows}(https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). +>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). ##### Config for individual accounts