deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

resolved merge conflict

Browse Source
This commit is contained in:
martyav 2019-08-19 12:38:47 -04:00
commit 773b95cfb5
511 changed files with 24461 additions and 24844 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
.openpublishing.redirection.json
View File

@ -1005,11 +1005,7 @@
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
@ -1611,12 +1607,22 @@
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preferences-setup",
"redirect_document_id": true
},
@ -1696,6 +1702,16 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/response-actions.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@ -1811,11 +1827,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-overview.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview",
"redirect_document_id": true
@ -12036,11 +12047,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md",
"redirect_url": "/windows/device-security/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies",
"redirect_document_id": true
@ -12191,11 +12197,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/restore-files-and-directories.md",
"redirect_url": "/windows/device-security/security-policy-settings/restore-files-and-directories",
"redirect_document_id": true
@ -14446,11 +14447,6 @@
"redirect_document_id": true
},
{
"source_path":"windows/security/threat-protection/windows-defender-atp/use-apis.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis",
"redirect_document_id": false
},
{
"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp",
"redirect_document_id": false
@ -14796,6 +14792,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started.md",
"redirect_url": "/windows/security/threat-protection/index.md",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
"redirect_document_id": false
@ -14956,11 +14957,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/incidents-queue",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
"redirect_document_id": false
@ -15041,6 +15037,31 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/incidents-queue",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp",
"redirect_document_id": true
},
{
"source_path":"windows/security/threat-protection/windows-defender-atp/use-apis.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user",
"source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md",
@ -15063,18 +15084,23 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md",
"redirect_url": "/windows/deployment/windows-10-subscription-activation",
"redirect_document_id": true
"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md",
"redirect_url": "/windows/deployment/windows-10-subscription-activation",
"redirect_document_id": true
},
{

5
browsers/edge/includes/allow-adobe-flash-include.md
View File

@ -3,7 +3,8 @@ author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
@ -34,7 +35,7 @@ ms.topic: include
#### MDM settings
- **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowflash)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash
- **Data type:** Integer
#### Registry settings

5
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -3,12 +3,13 @@ title: Deploy Microsoft Edge kiosk mode
description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
ms.assetid:
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
author: eavena
ms.author: eravena
ms.prod: edge
ms.sitesec: library
ms.topic: get-started-article
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/29/2018
---

3
browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
View File

@ -6,7 +6,8 @@ author: dansimp
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.author: dansimp
title: Collect data using Enterprise Site Discovery
ms.sitesec: library

3
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
View File

@ -7,7 +7,8 @@ author: lomayor
ms.prod: ie11
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.author: lomayor
title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
View File

@ -6,7 +6,7 @@ author: lomayor
ms.prod: ie11
ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
ms.reviewer:
audience: itpro manager: dansimp
manager: dansimp
ms.author: lomayor
title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
View File

@ -6,7 +6,7 @@ author: lomayor
ms.prod: ie11
ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
ms.reviewer:
audience: itpro manager: dansimp
manager: dansimp
ms.author: lomayor
title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library

2
browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
View File

@ -6,7 +6,7 @@ author: lomayor
ms.prod: ie11
ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
ms.reviewer:
audience: itpro manager: dansimp
manager: dansimp
ms.author: lomayor
title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library

45
devices/hololens/TOC.md
View File

@ -1,36 +1,45 @@
# [Microsoft HoloLens](index.md)
# [What's new in HoloLens](hololens-whats-new.md)
# [Set up HoloLens](hololens-setup.md)
# [HoloLens overview](index.md)
# [Hololens status](hololens-status.md)
# Deploy HoloLens in a commercial environment
# Get started with HoloLens (gen 1)
## [Start your HoloLens (1st gen) for the first time](hololens-start.md)
## [Install localized version of HoloLens](hololens-install-localized.md)
# Get started with HoloLens in commercial environments
## [Overview and deployment planning](hololens-requirements.md)
## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Set up ring based updates for HoloLens](hololens-updates.md)
## [Manage custom enterprise apps](hololens-install-apps.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
# Device Management
## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
## [Install localized version of HoloLens](hololens-install-localized.md)
## [Manage updates to HoloLens](hololens-updates.md)
## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
## [Use the HoloLens Clicker](hololens-clicker.md)
## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md)
# Navigating Windows Holographic
## [Windows Mixed Reality home](holographic-home.md)
## [Voice and Cortana](hololens-cortana.md)
## [Find and save files](hololens-find-and-save-files.md)
## [Create, share, and view photos and video](holographic-photos-and-video.md)
# Accessories and connectivity
## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md)
## [Restart or recover the HoloLens (1st gen) clicker](hololens-clicker-restart-recover.md)
## [Connect to a network](hololens-network.md)
## [Use HoloLens offline](hololens-offline.md)
# Application Management
## [Install apps on HoloLens](hololens-install-apps.md)
## [Share HoloLens with multiple people](hololens-multiple-users.md)
## [Cortana on HoloLens](hololens-cortana.md)
## [Get apps for HoloLens](hololens-get-apps.md)
## [Use apps on HoloLens](hololens-use-apps.md)
## [Use HoloLens offline](hololens-offline.md)
## [Spaces on HoloLens](hololens-spaces-on-hololens.md)
## [How HoloLens stores data for spaces](hololens-spaces.md)
# Recovery and troubleshooting
## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
# User/Access Management
## [Set up single application access](hololens-kiosk.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
## [How HoloLens stores data for spaces](hololens-spaces.md)
## [Find and save files](hololens-find-and-save-files.md)
# [Insider preview for Microsoft HoloLens](hololens-insider.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

11
devices/hololens/change-history-hololens.md
View File

@ -50,11 +50,6 @@ New or changed topic | Description
--- | ---
Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809)
## June 2018
New or changed topic | Description
--- | ---
[HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md#pin) | Added instructions for creating a sign-in PIN.
## May 2018
@ -86,12 +81,6 @@ New or changed topic | Description
--- | ---
[Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New
## May 2017
| New or changed topic | Description |
| --- | --- |
| [Microsoft HoloLens in the enterprise: requirements](hololens-requirements.md) | Changed title to **Microsoft HoloLens in the enterprise: requirements and FAQ**, added questions and answers in new [FAQ section](hololens-requirements.md#faq-for-hololens) |
## January 2017
| New or changed topic | Description |

90
devices/hololens/holographic-home.md Normal file
View File

@ -0,0 +1,90 @@
---
title: Navigate the Windows Mixed Reality home
description: Navigate the Windows Mixed Reality home in Windows Holographic.
ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c
ms.date: 08/07/2019
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
---
# Navigate the Windows Mixed Reality home
## [Navigating MR Home](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home)
## Use the Start menu
The **Start** menu on HoloLens is where you'll open apps and get to the HoloLens camera.
Wherever you are in HoloLens, you can always open the **Start** menu by using the [bloom gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) on HoloLens (1st gen) or tapping your wrist on HoloLens 2. Usually, you'll use it once to get to **Start**, but sometimes you might need to use it twice.
> [!TIP]
> When the **Start** menu is open, use the start gesture to hide it again.
At the top of the **Start** menu, you'll see status indicators for Wi-Fi, battery, and volume, plus a clock. The tiles are your pinned apps. To talk to Cortana, select her tile, or just say "Hey Cortana" from anywhere on HoloLens. At the bottom you'll find the photo and video icons, which open the camera app.
To see the rest of your apps, select **All apps**. To get back to **Start** from the **All apps** list, select **Pinned apps**.
## Use apps on HoloLens
Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see.
### Open apps
You'll find your apps either pinned to **Start** or in the **All apps** list. To get to the **All apps** list, use the bloom gesture to go to **Start**, then select **All apps**.
On **Start** or in the **All apps** list, select an app. It will open in a good position for viewing.
>[!NOTE]
>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active.
>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three.
>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info.
## Move, resize, and rotate apps
Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens-clicker.md). You can also rotate an app window in 3D space.
> [!TIP]
> Rearrange apps using your voice—gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move <*app name*> here."
### Move an app
Gaze at the app, and then do one of the following.
- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it.
- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**.
- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**.
> [!TIP]
> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze.
### Resize an app
Gaze at the app, and then do one of the following.
- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done.
- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**.
- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**.
> [!TIP]
> In Adjust mode, you can move or resize any hologram.
### Rotate an app
Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers.
## Close apps
To close an app that uses 2D view, gaze at it, then select **Close**.
To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**.
## Pin apps
Keep your favorite apps handy by pinning them to **Start**. In the **All apps** list, gaze at an app to highlight it. Tap and hold until the menu appears, then select **Pin**. To unpin an app, gaze at the app on **Start**, then tap and hold and select **Unpin**.

42
devices/hololens/holographic-photos-and-video.md Normal file
View File

@ -0,0 +1,42 @@
---
title: Create, share, and view photos and video
description: Create, share, and view photos and video
ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.localizationpriority: medium
ms.date: 8/12/19
ms.reviewer:
manager: jarrettr
appliesto:
- Hololens (1st gen)
---
# Create, share, and view photos and video
Use your HoloLens to take photos and videos that capture the holograms you've placed in your world.
To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**.
## Take a photo
Use the [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures) gesture to go to **Start**, then select **Photo**. Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.</p>
Want to snap a quick pic? Press the volume up and volume down buttons at the same time. [Where are the buttons?](https://support.microsoft.com/help/12649/hololens-whats-in-the-box)
## Take a video
Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app.
To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a 3-second countdown begins. To stop recording, tap both buttons.
> [!TIP]
> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md)
[Take + share photos and video with Mixed reality capture](https://docs.microsoft.com/en-us/windows/mixed-reality/mixed-reality-capture)
[Find and view your photos](https://docs.microsoft.com/en-us/windows/mixed-reality/see-your-photos)

2
devices/hololens/hololens-clicker-restart-recover.md
View File

@ -16,6 +16,8 @@ ms.localizationpriority: medium
# Restart or recover the HoloLens clicker
[Clicker recovery](https://support.microsoft.com/en-us/help/15555)
Here are some things to try if the HoloLens clicker is unresponsive or isnt working well.
## Restart the clicker

46
devices/hololens/hololens-connect-devices.md Normal file
View File

@ -0,0 +1,46 @@
---
title: Connect to Bluetooth and USB-C devices
description: This guide walks through connecting to Bluetooth and USB-C devices and accessories.
ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.localizationpriority: medium
ms.date: 8/12/19
manager: jarrettr
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Connect devices and accessories
## Pair Bluetooth devices
Pair a Bluetooth mouse and keyboard with HoloLens, then use them to interact with holograms and to type anywhere you'd use the holographic keyboard. Pair the HoloLens [clicker](hololens-clicker.md) for a different way to interact with HoloLens.
> [!NOTE]
> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported. [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660).
### Pair a Bluetooth keyboard or mouse
1. Turn on your keyboard or mouse and make it discoverable. The way you make it discoverable depends on the device. Check the device or visit the manufacturer's website to learn how.
1. Go to **Start**, then select **Settings**.
1. Select **Devices** and make sure Bluetooth is on. When you see the device name, select **Pair** and follow the instructions.
### Pair the clicker
1. Use the bloom gesture to go to **Start**, then select **Settings**.
1. Select **Devices** and make sure Bluetooth is on.
1. Use the tip of a pen to press and hold the clicker's pairing button until the status light blinks white. Make sure to hold the button down until the light starts blinking. [Where's the pairing button?](hololens-clicker.md)
1. On the pairing screen, select **Clicker** > **Pair**.
## Connect USB-C devices
## Connect to Miracast
> Applies to HoloLens 2 only.

56
devices/hololens/hololens-cortana.md
View File

@ -2,26 +2,63 @@
title: Cortana on HoloLens
description: Cortana can help you do all kinds of things on your HoloLens
ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
ms.date: 08/14/2019
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
manager: jarrettr
ms.localizationpriority: medium
---
# Cortana on HoloLens
# Use your voice with HoloLens
You can use your voice to do many of the same things you do with gestures on HoloLens, like taking a quick photo or opening an app.
## Voice commands
Get around HoloLens faster with these basic commands. If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use the following built-in voice commands.
**Select**. Use this instead of air tap. Gaze at a hologram, then say "Select."
**Go to start**. Say "Go to Start" anytime to bring up the **Start** menu. Or when you're in an immersive app, say "Go to Start" to get to the quick actions menu.
**Move this**. Instead of air tapping and dragging an app, say "Move this" and use gaze to move it.
**Face me**. Gaze at a hologram, and then say "Face me" to turn it your way.
**Bigger/Smaller**. Gaze at a hologram, and then say "Bigger" or "Smaller" to resize it.
Many buttons and other elements on HoloLens also respond to your voice&mdash;for example, **Adjust** and **Close** on the app bar. To find out if a button is voice-enabled, rest your gaze on it for a moment. If it is, you'll see a voice tip.
## Dictation mode
Tired of typing? Switch to dictation mode any time the holographic keyboard is active. Select the microphone icon to get started, or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that."
> [!NOTE]
> You need an Internet connection to use dictation mode.
HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**."
Here are the punctuation keywords you can use:
- Period, comma, question mark, exclamation point/exclamation mark
- New line/new paragraph
- Semicolon, colon
- Open quote(s), close quote(s)
- Hashtag, smiley/smiley face, frowny, winky
- Dollar, percent
Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com."
## Do more with Cortana
Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime.
![Hey Cortana!](images/cortana-on-hololens.png)
## What do I say to Cortana
Here are some things you can try saying (remember to say "Hey Cortana" first):
- What can I say?
@ -44,7 +81,8 @@ Here are some things you can try saying (remember to say "Hey Cortana" first):
- Tell me a joke.
>[!NOTE]
>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions.
>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
>
>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary among regions.
>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
>- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on.
>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place").
>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (such as "Select" and "Place").

3
devices/hololens/hololens-find-and-save-files.md
View File

@ -16,6 +16,9 @@ ms.localizationpriority: medium
# Find and save files on HoloLens
Add content from [Find and save files](https://docs.microsoft.com/en-us/windows/mixed-reality/saving-and-finding-your-files)
Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens.
## View files on HoloLens

15
devices/hololens/hololens-install-apps.md
View File

@ -1,16 +1,15 @@
---
title: Install apps on HoloLens (HoloLens)
title: Install apps on HoloLens
description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business.
ms.prod: hololens
ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.author: dansimp
author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/23/2018
ms.reviewer:
manager: dansimp
---
# Install apps on HoloLens
@ -74,7 +73,7 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft.
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb).
2. On a PC, connect to the HoloLens using [Wi-Fi](https://docs.microsoft.com/windows/mixed-reality/connecting-to-wi-fi-on-hololens) or USB.
3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up.
@ -88,9 +87,3 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft.
5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**.
6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens.

40
devices/hololens/hololens-network.md Normal file
View File

@ -0,0 +1,40 @@
---
title: Connect to a network
description: Connect to a wi-fi or ethernet network with HoloLens.
ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.localizationpriority: medium
ms.date: 8/12/19
manager: jarrettr
ms.reviewer:
appliesto:
- Hololens
- HoloLens (1st gen)
- HoloLens 2
---
# Connect to a network
You'll need to be connected to a network to do most things on your HoloLens. [What can I do offline](hololens-offline.md)?
## Connecting for the first time
The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks.
## Connecting to Wi-Fi after setup
1. Go to **Start**, then select **Settings**.
1. _HoloLens (1st gen) only_ - Use your gaze to position the Settings app, then air tap to place it, or say "Place."
1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list.
1. Select a network > **Connect**.
1. Type the network password if asked for one, then select **Next**.
Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens)

3
devices/hololens/hololens-offline.md
View File

@ -16,6 +16,9 @@ ms.localizationpriority: medium
# Use HoloLens offline
[Use offline](https://support.microsoft.com/en-us/help/12645)
To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how.
## HoloLens limitations

193
devices/hololens/hololens-requirements.md
View File

@ -1,32 +1,142 @@
---
title: HoloLens in the enterprise requirements and FAQ (HoloLens)
description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise.
title: Set up HoloLens in a commercial environment
description: Learn more about deploying and managing HoloLens in enterprise environments.
ms.prod: hololens
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001
author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
ms.date: 06/04/2018
ms.reviewer:
manager: dansimp
ms.date: 07/15/2019
---
# Microsoft HoloLens in the enterprise: requirements and FAQ
# Deploy HoloLens in a commercial environment
When you develop for HoloLens, there are [system requirements and tools](https://developer.microsoft.com/windows/mixed-reality/install_the_tools) that you need. In an enterprise environment, there are also a few requirements to use and manage HoloLens which are listed below.
TODO - [Commercial features](https://docs.microsoft.com/en-us/windows/mixed-reality/commercial-features)
## Requirements
Deploy and configure HoloLens at scale in a commercial setting.
### General use
- Microsoft account or Azure Active Directory (Azure AD) account
- Wi-Fi network to set up HoloLens
This article includes:
>[!NOTE]
>After you set up HoloLens, you can use it offline [with some limitations](https://support.microsoft.com/help/12645/hololens-use-hololens-offline).
- infrastructure requirements and recommendations for HoloLens management
- tools for provisioning HoloLens
- instructions for remote device management
- options for application deployment
This guide assumes basic familiarity with HoloLens. Follow the [get started guide](./hololens-setup.md) to set up HoloLens for the first time.
## Infrastructure for managing HoloLens
HoloLens are, at their core, a Windows mobile device integrated with Azure. They work best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
Critical cloud services include:
- Azure active directory (AAD)
- Windows Update (WU)
Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.
HoloLens does support a limited set of cloud disconnected experiences.
## Initial set up at scale
The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, picking your language and settings manually for each device gets tedious and limits scale.
This section:
1. introduces Windows provisioning using provisioning packages
1. walks through applying a provisioning package during first setup
### Create and apply a provisioning package
The best way to configure many new HoloLens devices is with Windows provisioning. Using Windows provisioning, you can specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes.
A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device.
### Upgrade to Windows Holographic for Business
- HoloLens Enterprise license XML file
Some of the HoloLens configurations that you can apply in a provisioning package:
- Apply certificates to the device
- Set up a Wi-Fi connection
- Pre-configure out of box questions like language and locale.
- (HoloLens 2) bulk enroll in mobile device management
- (HoloLens v1) Apply key to enable Windows Holographic for Business
Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens.
### Set up user identity and enroll in device management
The last step setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll:
1. Bulk enrollment with a security token in a provisioning package.
Pros: this is the most automated approach
Cons: takes initial server-side setup
1. Auto-enroll on user sign in
Pros: easiest approach
Cons: users will need to complete set up after the provisioning package has been applied
1. _not recommended_ - Manually enroll post-setup
Pros: possible to enroll after set up
Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled.
Learn more about MDM enrollment [here](hololens-enroll-mdm.md).
## Ongoing device management
Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.
This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens).
[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
### Push compliance policy via Intune
[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are not-compliant.
For example, you can create a policy that requires Bitlocker be enabled.
[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows).
### Manage updates
Intune includes a feature called update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.
Read more about [configuring update rings with Intune](https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure).
## Application management
Manage holoLens applications through:
1. Microsoft Store
The Microsoft Store is the best way to distribute and consume application on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/en-us/windows/uwp/publish/).
All applications in the store are available publicly to everyone, if that isn't acceptable, checkout the Microsoft Store for Business.
1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)
Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It lets you deploy apps that are specific to your commercial environment but not to the world.
1. Application deployment and management via Intune or another mobile device management solution
Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
1. _not recommended_ Device Portal
Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use device portal.
Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
## Get support
Get support through the Microsoft support site.
[File a support request](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
## Technical Reference
### Wireless network EAP support
### Supported wireless network EAP methods
- PEAP-MS-CHAPv2
- PEAP-TLS
- TLS
@ -35,54 +145,3 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
- TTLS-MS-CHAPv2
- TTLS-PAP
- TTLS-TLS
### Device management
- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4)
- Wi-Fi network
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
### Upgrade to Windows Holographic for Business
- HoloLens Enterprise license XML file
## FAQ for HoloLens
<span id="pin"/>
#### Is Windows Hello for Business supported on HoloLens?
Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**.
>[!NOTE]
>Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
#### Does the type of account change the sign-in behavior?
Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type.
- Microsoft account: signs in automatically
- Local account: always asks for password, not configurable in **Settings**
- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password.
>[!NOTE]
>Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy.
#### How do I remove a HoloLens device from the Intune dashboard?
You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
## Related resources
[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/)
[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)

57
devices/hololens/hololens-start.md Normal file
View File

@ -0,0 +1,57 @@
---
title: HoloLens (1st gen) first start
description: Go through the first start experience for HoloLens (1st gen).
ms.assetid: 0136188e-1305-43be-906e-151d70292e87
ms.prod: hololens
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.date: 8/12/19
manager: jarrettr
ms.topic: article
ms.localizationpriority: medium
---
# Set up HoloLens for the first time
The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience.
In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](holographic-home.md)
## Before you start
Before you get started, make sure you have the following available:
**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. After setup, you can [use your device offline](hololens-offline.md).
**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free.
**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661).
**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens).
> [!NOTE]
> [Cortana](hololens-cortana.md) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings.
## Set up your HoloLens
Set up your HoloLens and your user account.
1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks.
1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**.
- When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
1. Enter your organizational account information.
1. Accept the privacy statement.
1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page.
1. Continue with device setup.
- When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
1. Enter your Microsoft account information.
1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process.
1. The device sets your time zone based on information obtained from the Wi-Fi network.
1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu.
Congratulations! Setup is complete and you can begin using HoloLens.
## Next steps
- [Get started with HoloLens (1st gen)](holographic-home.md)

36
devices/hololens/hololens-status.md Normal file
View File

@ -0,0 +1,36 @@
---
title: HoloLens status
description: Shows the status of HoloLens online services.
author: todmccoy
ms.author: v-todmc
ms.reviewer: luoreill
manager: jarrettr
audience: Admin
ms.topic: article
ms.prod: hololens
localization_priority: Medium
ms.sitesec: library
---
# HoloLens status
✔️ **All services are active**
**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical
Area|HoloLens (1st gen)|HoloLens 2
----|:----:|:----:
[Azure services](https://status.azure.com/en-us/status)|✔️|✔️
[Store app](https://www.microsoft.com/en-us/store/collections/hlgettingstarted/hololens)|✔️|✔️
[Apps](https://www.microsoft.com/en-us/hololens/apps)|✔️|✔️
[MDM](https://docs.microsoft.com/en-us/hololens/hololens-enroll-mdm)|✔️|✔️
## Notes and related topics
[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/en-us/status/).
For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/en-us/windows/mixed-reality/hololens-known-issues).
Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/).

2
devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
View File

@ -2,8 +2,6 @@
title: General Data Privacy Regulation and Surface Hub
description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub.
ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186
ms.reviewer:
manager:
keywords: GDPR
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
View File

@ -2,8 +2,6 @@
title: What to do if the Connect app in Surface Hub exits unexpectedly
description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs.
ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec
ms.reviewer:
manager:
keywords: surface, hub, connect, input, displayport
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
View File

@ -2,8 +2,6 @@
title: Known issues and additional information about Microsoft Surface Hub
description: Outlines known issues with Microsoft Surface Hub.
ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7
ms.reviewer:
manager:
keywords: surface, hub, issues
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
View File

@ -2,8 +2,6 @@
title: Surface Hub may install updates and restart outside maintenance hours
description: troubleshooting information for Surface Hub regarding automatic updates
ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA
ms.reviewer:
manager:
keywords: surface hub, maintenance window, update
ms.prod: surface-hub
ms.sitesec: library

16
devices/surface-hub/surface-hub-start-menu.md
View File

@ -3,12 +3,12 @@ title: Configure Surface Hub Start menu
description: Use MDM to customize the Start menu on Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
author: levinec
ms.author: ellevin
author: robmazz
ms.author: robmazz
ms.topic: article
ms.date: 01/17/2018
ms.date: 08/15/2018
ms.reviewer:
manager: dansimp
manager: laurawi
ms.localizationpriority: medium
---
@ -107,7 +107,7 @@ There are a few key differences between Start menu customization for Surface Hub
<span id="edge" />
## Example: Start layout that includes a Microsoft Edge link
This example shows a link to a website and a link to a .pdf file.
This example shows a link to a website and a link to a .pdf file. The secondary tile for Microsoft Edge uses a 150 x 150 pixel icon.
```xml
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
@ -165,10 +165,10 @@ This example shows a link to a website and a link to a .pdf file.
TileID="6153963000"
DisplayName="cstrtqbiology.pdf"
Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
Square150x150LogoUri="ms-appx:///"
Square150x150LogoUri="ms-appx:///Assets/MicrosoftEdgeSquare150x150.png"
Wide310x150LogoUri="ms-appx:///"
ShowNameOnSquare150x150Logo="true"
ShowNameOnWide310x150Logo="true"
ShowNameOnWide310x150Logo="false"
BackgroundColor="#ff4e4248"
Size="4x2"
Row="4"
@ -181,8 +181,6 @@ This example shows a link to a website and a link to a .pdf file.
```
>[!NOTE]
>Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub.
>
>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark.
## More information

14
devices/surface-hub/surface-hub-update-history.md
View File

@ -2,8 +2,6 @@
title: Surface Hub update history
description: Surface Hub update history
ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34
ms.reviewer:
manager:
keywords:
ms.prod: surface-hub
ms.sitesec: library
@ -26,6 +24,18 @@ Please refer to the “[Surface Hub Important Information](https://support.micro
## Windows 10 Team Creators Update 1703
<details>
<summary>June 18, 2019—update for Team edition based on KB4503289* (OS Build 15063.1897)</summary>
This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
* Addresses an issue with log collection for Microsoft Surface Hub 2S.
* Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
*[KB4503289](https://support.microsoft.com/help/4503289)
</details>
<details>
<summary>May 28, 2019—update for Team edition based on KB4499162* (OS Build 15063.1835)</summary>

2
devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
View File

@ -2,8 +2,6 @@
title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f
ms.reviewer:
manager:
keywords:
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
View File

@ -2,8 +2,6 @@
title: How to use cloud recovery for BitLocker on a Surface Hub
description: How to use cloud recovery for BitLocker on a Surface Hub
ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d
ms.reviewer:
manager:
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
View File

@ -2,8 +2,6 @@
title: Using the Surface Hub Hardware Diagnostic Tool to test a device account
description: Using the Surface Hub Hardware Diagnostic Tool to test a device account
ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c
ms.reviewer:
manager:
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: surface-hub
ms.sitesec: library

5
devices/surface-hub/whiteboard-collaboration.md
View File

@ -34,7 +34,7 @@ To get Whiteboard to Whiteboard collaboration up and running, youll need to m
- Currently not utilizing Office 365 Germany or Office 365 operated by 21Vianet
- Surface Hub needs to be updated to Windows 10, version 1607 or newer
- Port 443 needs to be open since Whiteboard makes standard https requests
- Whiteboard.ms, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies
- Whiteboard.ms, whiteboard.microsoft.com, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies
>[!NOTE]
@ -68,4 +68,5 @@ After youre done, you can export a copy of the Whiteboard collaboration for y
## Related topics
- [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
- [Support documentation for Microsoft Whiteboard](https://support.office.com/en-us/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
- [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)

14
devices/surface/TOC.md
View File

@ -30,15 +30,16 @@
### [Surface System SKU reference](surface-system-sku-reference.md)
## Manage
### [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md)
### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
### [Battery Limit setting](battery-limit.md)
### [Surface Brightness Control](microsoft-surface-brightness-control.md)
### [Surface Asset Tag](assettag.md)
### [Surface firmware and driver updates](update.md)
### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
### [Surface Dock Updater](surface-dock-updater.md)
### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
## Secure
### [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
@ -46,12 +47,13 @@
### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
## Support
## Troubleshoot
### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md)
### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
#### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
#### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
#### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
### [Surface Data Eraser](microsoft-surface-data-eraser.md)
### [Top support solutions for Surface devices](support-solutions-surface.md)
### [Change history for Surface documentation](change-history-for-surface.md)

8
devices/surface/change-history-for-surface.md
View File

@ -15,6 +15,14 @@ ms.topic: article
This topic lists new and updated topics in the Surface documentation library.
## August 2019
| **New or changed topic** | **Description** |
| ------------------------ | --------------- |
| [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. |
| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. |
## July 2019
| **New or changed topic** | **Description** |

38
devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
View File

@ -1,5 +1,5 @@
---
title: Download the latest firmware and drivers for Surface devices (Surface)
title: Deploy the latest firmware and drivers for Surface devices (Surface)
description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
ms.reviewer:
@ -11,27 +11,43 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: dansimp
ms.date: 11/15/2018
ms.date: 08/13/2018
ms.author: dansimp
ms.topic: article
---
# Deploying the latest firmware and drivers for Surface devices
# Deploy the latest firmware and drivers for Surface devices
Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment.
## Downloading MSI files
## Download MSI files
To download MSI files, refer to the following Microsoft Support page:
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)<br>
Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
## Deploying MSI files
Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
Driver and firmware updates for Surface devices consisting of all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
The MSI file names contain useful information including the minimum supported Windows build number required to install the drivers and firmware. For example, to install the drivers contained in SurfaceBook_Win10_17763_19.080.2031.0.msi requires Windows 10 Fall Creators Update version 1709 or later installed on your Surface Book.
To view build numbers for each version, refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
### Surface MSI naming convention
Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build number and version number, and ending with the revision of version number. SurfacePro6_Win10_16299_1900307_0.msi is classified as follows:
Beginning in August 2019, MSI files use the following naming formula:
- Product > Windows release > Windows build number > Version number > Revision of version number (typically zero).
**Example:**
SurfacePro6_Win10_18362_19.073.44195_0.msi :
| Product | Windows release | Build | Version | Revision of version |
| --- | --- | --- | --- | --- |
| SurfacePro6 | Win10 | 18362 | 19.073.44195 | 0 |
| | | | Indicates key date and sequence information. | Indicates release history of the update. |
| | | | **19:** Signifies the year (2019).<br>**073**: Signifies the month (July) and week of the release (3). <br>**44195**: Signifies the minute of the month that the MSI file was created. |**0:** Signifies it's the first release of version 1907344195 and has not been re-released for any reason. |
### Legacy Surface MSI naming convention
Legacy MSI files prior to August 2019 followed the same overall naming formula but used a different method to derive the version number.
**Example:**
SurfacePro6_Win10_16299_1900307_0.msi :
@ -39,8 +55,8 @@ SurfacePro6_Win10_16299_1900307_0.msi :
| Product | Windows release | Build | Version | Revision of version |
| --- | --- | --- | --- | --- |
| SurfacePro6 | Win10 | 16299 | 1900307 | 0 |
| | | | Indicates key date and sequence information | Indicates release history of the MSI file |
| | | | **19:** Signifies the year (2019)<br>**003**: Signifies that its the third release of 2019<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
| | | | Indicates key date and sequence information. | Indicates release history of the MSI file. |
| | | | **19:** Signifies the year (2019)<br>**003**: Signifies that its the third release of 2019.<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
Look to the **version** number to determine the latest files that contain the most recent security updates. For example, you might need to install the newest file from the following list:
@ -60,9 +76,9 @@ There are no downloadable firmware or driver updates available for Surface devic
For more information about deploying Surface drivers and firmware, refer to:
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates).
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business).
- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business)
 

BIN
devices/surface/images/wifi-band.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
devices/surface/images/wifi-roaming.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

2
devices/surface/support-solutions-surface.md
View File

@ -25,7 +25,7 @@ These are the top Microsoft Support solutions for common issues experienced when
## Screen cracked or scratched issues
- [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged)
- [Contact Microsoft Support](https://support.microsoft.com/en-us/supportforbusiness/productselection)
## Device cover or keyboard issues

5
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -29,10 +29,9 @@ Before you run the diagnostic tool, make sure you have the latest Windows update
**To run the Surface Diagnostic Toolkit for Business:**
1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B).
2. Select Run and follow the on-screen instructions.
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. For more detailed information on Surface Diagnostic Toolkit for Business, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required.
# If you still need help
If the Surface Diagnostic Toolkit for Business didnt fix the problem, you can also:

84
devices/surface/surface-wireless-connect.md Normal file
View File

@ -0,0 +1,84 @@
---
title: Optimizing wireless connectivity for Surface devices
description: This topic provides guidance around recommended wireless connectivity settings for network admins and users.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 08/15/2019
ms.reviewer:
manager: dansimp
---
# Optimizing wireless connectivity for Surface devices
## Introduction
To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings.
In congested network environments, organizations can implement purpose-built wireless protocols across multiple network access points to facilitate roaming. This page highlights key wireless connectivity considerations in mobile scenarios utilizing Surface Pro 3 and later, Surface Book, Surface Laptop, and Surface Go.
## Prerequisites
This document assumes you have successfully deployed a wireless network that supports 802.11n (Wi-Fi 4) or later in accordance with best practice recommendations from leading equipment vendors.
## Configuring access points for optimal roaming capabilities
If youre managing a wireless network thats typically accessed by many different types of client devices, its recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/en-us/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols:
- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device.
- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization.
Surface Go devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs.
## Managing user settings
You can achieve optimal roaming capabilities through a well-designed network that supports 802.11r and 802.11k across all access points. Ensuring that your network is properly configured to provide users with the best wireless experience is the recommended approach versus attempting to manage user settings on individual devices. Moreover, in many corporate environments Surface device users wont be able to access advanced network adapter settings without explicit permissions or local admin rights. In other lightly managed networks, users can benefit by knowing how specific settings can impact their ability to remain connected.
### Recommended user settings and best practices
In certain situations, modifying advanced network adapter settings built into Surface devices may facilitate a more reliable connection. Keep in mind however that an inability to connect to wireless resources is more often due to an access point issue, networking design flaw, or environmental site issue.
> [!NOTE]
> How you hold your Surface Pro or Surface Go can also affect signal strength. If youre experiencing a loss of bandwidth, check that youre not holding the top of the display, where the Wi-Fi radio receiver is located. Although holding the top of the display does not block wireless signals, it can trigger the device driver to initiate changes that reduce connectivity.
### Keep default Auto setting for dual bandwidth capability
On most Surface devices, you can configure client network adapter settings to only connect to wireless APs over 5 gigahertz (GHz), only connect over 2.4 GHz, or let the operating system choose the best option (default Auto setting).
**To access network adapter settings go to:**
- **Start** > **Control panel** > **Network and Sharing Center** > **your Wi-Fi adapter** > **Properties** > **Configure** > **Advanced**.
![* wifi-band settings*](images/wifi-band.png) <br>
Keep in mind that 2.4 GHz has some advantages over 5 GHz: It extends further and more easily penetrates through walls or other solid objects. Unless you have a clear use case that warrants connecting to 5 GHz, its recommended to leave the Band setting in the default state to avoid possible adverse consequences. For example:
- Many hotspots found in hotels, coffee shops, and airports still only use 2.4 GHz, effectively blocking access to devices if Band is set to 5 GHz Only.
- Since Miracast wireless display connections require the initial handshake to be completed over 2.4 GHz channels, devices wont be able to connect at 5 GHz Only.
> [!NOTE]
> By default Surface devices will prefer connecting to 5 GHz if available. However, to preserve power in a low battery state, Surface will first look for a 2.4 GHz connection.
You can also toggle the band setting as needed to suit your environment. For example, users living in high density apartment buildings with multiple Wi-Fi hotspots — amid the presence of consumer devices all broadcasting via 2.4 GHz — will likely benefit by setting their Surface device to connect on 5 GHz only and then revert to Auto when needed.
### Roaming aggressiveness settings on Surface Go
Front-line workers using Surface Go may wish to select a signal strength threshold that prompts the device to search for a new access point when signal strength drops (roaming aggressiveness). By default, Surface devices attempt to roam to a new access point if the signal strength drops below **Medium** (50 percent signal strength). Note that whenever you increase roaming aggressiveness, you accelerate battery power consumption.
Leave the roaming aggressiveness setting in the default state unless youre encountering connectivity issues in specific mobile scenarios such as conducting environmental site inspections while also maintaining voice and video connectivity during a conference meeting. If you dont notice any improvement revert to the default **Medium** state.
**To enable roaming aggressiveness on Surface Go:**
1. Go to **Start > Control Panel** > **Network and Internet** > **Network and Sharing Center.**
2. Under **Connections** select **Wi-Fi** and then select **Properties.**
3. Select **Client for Microsoft Networks** and then select **Configure**
4. Select **Advanced** > **Roaming Aggressiveness** and choose ****your preferred value from the drop-down menu.
![* Roaming aggressiveness settings *](images/wifi-roaming.png) <br>
## Conclusion
Surface devices are designed with default settings for optimal wireless connectivity balanced alongside the need to preserve battery life. The most effective way of enabling reliable connectivity for Surface devices is through a well-designed network that supports 802.11r and 802.11k. Users can adjust network adapter settings or roaming aggressiveness but should only do so in response to specific environmental factors and revert to default state if theres no noticeable improvement.

321
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -103,39 +103,45 @@ The sample scripts include examples of how to set Surface UEFI settings and how
### Specify certificate and package names
The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates the names for the SEMM configuration package and SEMM reset package. The certificate and package names are specified on lines 56 through 67 in the ConfigureSEMM.ps1 script:
The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script:
```
56 $WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition
57 $packageRoot = "$WorkingDirPath\Config"
58
59 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot }
60 Copy-Item "$WorkingDirPath\FabrikamOwnerSigner.pfx" $packageRoot
61
62 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath "FabrikamOwnerSigner.pfx"
63 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamSignerProvisioningPackage.pkg"
64 $resetPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamUniversalResetPackage.pkg"
65
66 # If your PFX file requires a password then it can be set here, otherwise use a blank string.
67 $password = "1234"
58 $certName = "FabrikamSEMMSample.pfx"
59 $DllVersion = "2.26.136.0"
60
61 $certNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($certName)
62 $ProvisioningPackage = $certNameOnly + "ProvisioningPackage.pkg"
63 $ResetPackage = $certNameOnly + "ResetPackage.pkg"
64
65 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot }
66 Copy-Item "$WorkingDirPath\$certName" $packageRoot
67
68 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath $certName
69 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath $ProvisioningPackage
70 $resetPackageName = Join-Path -Path $packageRoot -ChildPath $ResetPackage
71
72 # If your PFX file requires a password then it can be set here, otherwise use a blank string.
73 $password = "1234"
```
Replace the **FabrikamOwnerSigner.pfx** value for the **$privateOwnerKey** variable with the name of your SEMM Certificate file on both lines 60 and 62. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
Replace the **FabrikamSignerProvisioningPackage.pkg** and **FabrikamUniversalResetPackage.pkg** values on lines 63 and 64 to define the **$ownerPackageName** and **$resetPackageName** variables with your desired names for the SEMM configuration and reset packages. These packages will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
On line 67, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
On line 73, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
>[!Note]
>The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 144-149, to accomplish this:
>The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this:
```
144 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
145 # For convenience we get the thumbprint here and present to the user.
146 $pw = ConvertTo-SecureString $password -AsPlainText -Force
147 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
148 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
149 Write-Host "Thumbprint =" $certPrint.Thumbprint
150 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
151 # For convenience we get the thumbprint here and present to the user.
152 $pw = ConvertTo-SecureString $password -AsPlainText -Force
153 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
154 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
155 Write-Host "Thumbprint =" $certPrint.Thumbprint
```
Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@ -153,46 +159,47 @@ Administrators with access to the certificate file (.pfx) can read the thumbprin
### Configure permissions
The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 202 in the sample script with the comment **# Configure Permissions** and continues to line 238. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
```
202 # Configure Permissions
203 foreach ($uefiV2 IN $surfaceDevices.Values) {
204 # Here we define which "identities" will be allowed to modify which settings
205 # PermissionSignerOwner = The primary SEMM enterprise owner identity
206 # PermissionLocal = The user when booting to the UEFI pre-boot GUI
207 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
208 # Additional user identities created so that the signer owner
209 # can delegate permission control for some settings.
210 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
211 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
212
213 # Make all permissions owner only by default
214 foreach ($setting IN $uefiV2.Settings.Values) {
215 $setting.ConfiguredPermissionFlags = $ownerOnly
216 }
217 # Allow the local user to change their own password
218 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
219
220 # Allow the local user to change the state of the TPM
221 $uefiV2.Settings["Trusted Platform Module (TPM)"].ConfiguredPermissionFlags = $ownerAndLocalUser
222
223 # Allow the local user to change the state of the Front and Rear cameras
224 $uefiV2.SettingsById[302].ConfiguredPermissionFlags = $ownerAndLocalUser
225 $uefiV2.SettingsById[304].ConfiguredPermissionFlags = $ownerAndLocalUser
226
227
228 # Create a unique package name based on family and LSV.
229 # We will choose a name that can be parsed by later scripts.
230 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
231 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
232
233 # Build and sign the Permission package then save it to a file.
234 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
235 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
236 $permissionPackageStream.CopyTo($permissionPackage)
237 $permissionPackage.Close()
238 }
210 # Configure Permissions
211 foreach ($uefiV2 IN $surfaceDevices.Values) {
212 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
213 Write-Host "Configuring permissions"
214 Write-Host $Device.Model
215 Write-Host "======================="
216
217 # Here we define which "identities" will be allowed to modify which settings
218 # PermissionSignerOwner = The primary SEMM enterprise owner identity
219 # PermissionLocal = The user when booting to the UEFI pre-boot GUI
220 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
221 # Additional user identities created so that the signer owner
222 # can delegate permission control for some settings.
223 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
224 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
225
226 # Make all permissions owner only by default
227 foreach ($setting IN $uefiV2.Settings.Values) {
228 $setting.ConfiguredPermissionFlags = $ownerOnly
229 }
230
231 # Allow the local user to change their own password
232 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
233
234 Write-Host ""
235
236 # Create a unique package name based on family and LSV.
237 # We will choose a name that can be parsed by later scripts.
238 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
239 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
240
241 # Build and sign the Permission package then save it to a file.
242 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
243 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
244 $permissionPackageStream.CopyTo($permissionPackage)
245 $permissionPackage.Close()
246 }
247 }
```
Each **$uefiV2** variable identifies a Surface UEFI setting by setting name or ID, and then configures the permissions to one of the following values:
@ -204,69 +211,169 @@ You can find information about the available settings names and IDs for Surface
### Configure settings
The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 282 through line 312 in the sample script. The region appears as follows:
The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows:
```
282 # Configure Settings
283 foreach ($uefiV2 IN $surfaceDevices.Values) {
284 # In this demo, we will start by setting every setting to the default factory setting.
285 # You may want to start by doing this in your scripts
286 # so that every setting gets set to a known state.
287 foreach ($setting IN $uefiV2.Settings.Values) {
288 $setting.ConfiguredValue = $setting.DefaultValue
289 }
290
291 # If you want to set something to a different value from the default,
292 # here are examples of how to accomplish this.
293 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = "Disabled"
294
295 # If you want to leave the setting unmodified, set it to $null
296 # PowerShell has issues setting things to $null so ClearConfiguredValue()
297 # is supplied to do this explicitly.
298 # Here is an example of leaving the UEFI administrator password as-is,
299 # even after we initially set it to factory default above.
300 $uefiV2.SettingsById[501].ClearConfiguredValue()
301
302 # Create a unique package name based on family and LSV.
303 # We will choose a name that can be parsed by later scripts.
304 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
305 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
306
307 # Build and sign the Settings package then save it to a file.
308 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
309 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
310 $settingsPackageStream.CopyTo($settingsPackage)
311 $settingsPackage.Close()
312 }
291 # Configure Settings
292 foreach ($uefiV2 IN $surfaceDevices.Values) {
293 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
294 Write-Host "Configuring settings"
295 Write-Host $Device.Model
296 Write-Host "===================="
297
298 # In this demo, we will start by setting every setting to the default factory setting.
299 # You may want to start by doing this in your scripts
300 # so that every setting gets set to a known state.
301 foreach ($setting IN $uefiV2.Settings.Values) {
302 $setting.ConfiguredValue = $setting.DefaultValue
303 }
304
305 $EnabledValue = "Enabled"
306 $DisabledValue = "Disabled"
307
308 # If you want to set something to a different value from the default,
309 # here are examples of how to accomplish this.
310 # This disables IPv6 PXE boot by name:
311 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = $DisabledValue
312
313 # This disables IPv6 PXE Boot by ID:
314 $uefiV2.SettingsById[400].ConfiguredValue = $DisabledValue
315
316 Write-Host ""
317
318 # If you want to leave the setting unmodified, set it to $null
319 # PowerShell has issues setting things to $null so ClearConfiguredValue()
320 # is supplied to do this explicitly.
321 # Here is an example of leaving the UEFI administrator password as-is,
322 # even after we initially set it to factory default above.
323 $uefiV2.SettingsById[501].ClearConfiguredValue()
324
325 # Create a unique package name based on family and LSV.
326 # We will choose a name that can be parsed by later scripts.
327 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
328 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
329
330 # Build and sign the Settings package then save it to a file.
331 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
332 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
333 $settingsPackageStream.CopyTo($settingsPackage)
334 $settingsPackage.Close()
335 }
```
Like the permissions set in the **Configure Permissions** section of the script, the configuration of each Surface UEFI setting is performed by defining the **$uefiV2** variable. For each line defining the **$uefiV2** variable, a Surface UEFI setting is identified by setting name or ID and the configured value is set to **Enabled** or **Disabled**.
If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 300 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 323 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section later in this article.
### Settings registry key
To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes a registry key that can be used to identify enrolled systems as having been installed with the SEMM configuration script. This key can be found at the following location:
To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location:
`HKLM\SOFTWARE\Microsoft\Surface\SEMM\Enabled_Version1000`
`HKLM\SOFTWARE\Microsoft\Surface\SEMM`
The following code fragment, found on lines 352-363, is used to write this registry key:
The following code fragment, found on lines 380-477, is used to write these registry keys:
```
352 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
353 New-RegKey $SurfaceRegKey
354 $SurfaceRegValue = Get-ItemProperty $SurfaceRegKey Enabled_Version1000 -ErrorAction SilentlyContinue
355
356 If ($SurfaceRegValue -eq $null)
357 {
358 New-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -PropertyType String -Value 1 | Out-Null
359 }
360 Else
361 {
362 Set-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -Value 1
363 }
380 # For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
381 $UTCDate = (Get-Date).ToUniversalTime().ToString()
382 $certIssuer = $certPrint.Issuer
383 $certSubject = $certPrint.Subject
384
385 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
386 New-RegKey $SurfaceRegKey
387 $LSVRegValue = Get-ItemProperty $SurfaceRegKey LSV -ErrorAction SilentlyContinue
388 $DateTimeRegValue = Get-ItemProperty $SurfaceRegKey LastConfiguredUTC -ErrorAction SilentlyContinue
389 $OwnershipSessionIdRegValue = Get-ItemProperty $SurfaceRegKey OwnershipSessionId -ErrorAction SilentlyContinue
390 $PermissionSessionIdRegValue = Get-ItemProperty $SurfaceRegKey PermissionSessionId -ErrorAction SilentlyContinue
391 $SettingsSessionIdRegValue = Get-ItemProperty $SurfaceRegKey SettingsSessionId -ErrorAction SilentlyContinue
392 $IsResetRegValue = Get-ItemProperty $SurfaceRegKey IsReset -ErrorAction SilentlyContinue
393 $certUsedRegValue = Get-ItemProperty $SurfaceRegKey CertName -ErrorAction SilentlyContinue
394 $certIssuerRegValue = Get-ItemProperty $SurfaceRegKey CertIssuer -ErrorAction SilentlyContinue
395 $certSubjectRegValue = Get-ItemProperty $SurfaceRegKey CertSubject -ErrorAction SilentlyContinue
396
397
398 If ($LSVRegValue -eq $null)
399 {
400 New-ItemProperty -Path $SurfaceRegKey -Name LSV -PropertyType DWORD -Value $lsv | Out-Null
401 }
402 Else
403 {
404 Set-ItemProperty -Path $SurfaceRegKey -Name LSV -Value $lsv
405 }
406
407 If ($DateTimeRegValue -eq $null)
408 {
409 New-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -PropertyType String -Value $UTCDate | Out-Null
410 }
411 Else
412 {
413 Set-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -Value $UTCDate
414 }
415
416 If ($OwnershipSessionIdRegValue -eq $null)
417 {
418 New-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -PropertyType String -Value $ownerSessionIdValue | Out-Null
419 }
420 Else
421 {
422 Set-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -Value $ownerSessionIdValue
423 }
424
425 If ($PermissionSessionIdRegValue -eq $null)
426 {
427 New-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -PropertyType String -Value $permissionSessionIdValue | Out-Null
428 }
429 Else
430 {
431 Set-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -Value $permissionSessionIdValue
432 }
433
434 If ($SettingsSessionIdRegValue -eq $null)
435 {
436 New-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -PropertyType String -Value $settingsSessionIdValue | Out-Null
437 }
438 Else
439 {
440 Set-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -Value $settingsSessionIdValue
441 }
442
443 If ($IsResetRegValue -eq $null)
444 {
445 New-ItemProperty -Path $SurfaceRegKey -Name IsReset -PropertyType DWORD -Value 0 | Out-Null
446 }
447 Else
448 {
449 Set-ItemProperty -Path $SurfaceRegKey -Name IsReset -Value 0
450 }
451
452 If ($certUsedRegValue -eq $null)
453 {
454 New-ItemProperty -Path $SurfaceRegKey -Name CertName -PropertyType String -Value $certName | Out-Null
455 }
456 Else
457 {
458 Set-ItemProperty -Path $SurfaceRegKey -Name CertName -Value $certName
459 }
460
461 If ($certIssuerRegValue -eq $null)
462 {
463 New-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -PropertyType String -Value $certIssuer | Out-Null
464 }
465 Else
466 {
467 Set-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -Value $certIssuer
468 }
469
470 If ($certSubjectRegValue -eq $null)
471 {
472 New-ItemProperty -Path $SurfaceRegKey -Name CertSubject -PropertyType String -Value $certSubject | Out-Null
473 }
474 Else
475 {
476 Set-ItemProperty -Path $SurfaceRegKey -Name CertSubject -Value $certSubject
477 }
```
### Settings names and IDs

1
education/docfx.json
View File

@ -28,6 +28,7 @@
"audience": "windows-education",
"ms.topic": "article",
"ms.technology": "windows",
"manager": "laurawi",
"audience": "ITPro",
"breadcrumb_path": "/education/breadcrumb/toc.json",
"ms.date": "05/09/2017",

2
education/get-started/get-started-with-microsoft-education.md
View File

@ -5,7 +5,7 @@ keywords: education, Microsoft Education, full cloud IT solution, school, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.topic: hero-article
ms.topic: article
ms.localizationpriority: medium
ms.pagetype: edu
author: levinec

2
education/get-started/set-up-windows-10-education-devices.md
View File

@ -26,6 +26,8 @@ We recommend using the latest build of Windows 10, version 1703 on your educatio
To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options and follow the link to watch the video or follow the step-by-step guide:
- **Option 1: [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app)** - You can use the app to create a setup file that you can use to quickly set up one or more Windows 10 devices.
- **Option 2: [Go through Windows OOBE and join the device to Azure AD](set-up-windows-education-devices.md)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device.
- **Option 3: [Bulk enrollment for Windows devices](https://docs.microsoft.com/en-us/intune/windows-bulk-enroll)**
- **Option 4: [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)**
> [!div class="step-by-step"]
> [<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)

4
education/get-started/use-intune-for-education.md
View File

@ -21,7 +21,7 @@ manager: dansimp
> [<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
> [Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the <a href="https://docs.microsoft.com/intune-education" target="_blank">Intune for Education documentation</a>.
Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 and iOS devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the <a href="https://docs.microsoft.com/intune-education" target="_blank">Intune for Education documentation</a>.
## Example - Set up Intune for Education, buy apps from the Store, and install the apps
In this walkthrough, we'll go through a sample scenario and walk you through the steps to:
@ -221,4 +221,4 @@ You're now done assigning apps to all users in your tenant. It's time to set up
## Related topic
[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
[Set up iOS device management](https://docs.microsoft.com/en-us/intune-education/setup-ios-device-management)

2
education/index.md
View File

@ -56,7 +56,7 @@ ms.prod: w10
</div>
<div class="cardText">
<h3>Deployment Guidance</h3>
<p>Dive right into the step-by-step process for the easiest deployment path to M365 EDU. We walk you through setting up cloud infrastructure, configuring and managing devices, and migrating on-premise servers for Sharepoint and Exchange to the cloud.</p>
<p>Learn the easiest path to deploy Microsoft 365 Education through our step-by-step process. We walk you through cloud deployment, device management,apps set up and configuration, and how to find deployment assistance.</p>
</div>
</div>
</div>

11
education/windows/set-up-school-pcs-whats-new.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
ms.localizationpriority: medium
author: mjcaparas
ms.author: macapara
ms.date: 06/03/2019
ms.date: 08/15/2019
ms.reviewer:
manager: dansimp
---
@ -17,6 +17,15 @@ manager: dansimp
# What's new in Set up School PCs
Learn whats new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases.
## Week of June 24, 2019
### Resumed support for Windows 10, version 1903 and later
The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app.
### Device rename made optional for Azure AD joined devices
When you set up your Azure AD join devices in the Set up School PCs app, you no longer need to rename your devices. Set up School PCs will let you keep existing device names.
## Week of May 23, 2019
### Suspended support for Windows 10, version 1903 and later

1
mdop/agpm/TOC.md
View File

@ -240,5 +240,6 @@
###### [AGPM Server Connection Settings](agpm-server-connection-settings.md)
###### [Feature Visibility Settings](feature-visibility-settings.md)
##### [Other Enhancements to the GPMC](other-enhancements-to-the-gpmc.md)
## [Troubleshooting AGPM Upgrades](troubleshooting-agpm40-upgrades.md)
## [Resources for AGPM](resources-for-agpm.md)

2
mdop/agpm/index.md
View File

@ -1,7 +1,7 @@
---
title: Advanced Group Policy Management
description: Advanced Group Policy Management
author: jamiejdt
author: dansimp
ms.assetid: 493ca3c3-c3d6-4bb1-9430-dc1e43c86bb0
ms.pagetype: mdop
ms.mktglfcycl: manage

12
mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
View File

@ -272,15 +272,17 @@ As an AGPM Administrator (Full Control), you designate the e-mail addresses of A
**To configure e-mail notification for AGPM**
1. In the details pane, click the **Domain Delegation** tab.
1. In **Group Policy Management Editor** , navigate to the **Change Control** folder
2. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
2. In the details pane, click the **Domain Delegation** tab.
3. In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role.
3. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
4. In the **SMTP server** field, type a valid SMTP mail server.
4. In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role.
5. In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**.
5. In the **SMTP server** field, type a valid SMTP mail server.
6. In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**.
### <a href="" id="bkmk-config5"></a>Step 5: Delegate access

41
mdop/agpm/troubleshooting-agpm40-upgrades.md Normal file
View File

@ -0,0 +1,41 @@
---
title: Troubleshooting AGPM Upgrades
description: Troubleshooting AGPM Upgrades
author: jedodson
ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d
ms.reviewer:
manager: dansimp
ms.author: jedodson
ms.pagetype: mdop
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
ms.date: 06/16/2016
---
# Troubleshooting AGPM Upgrades
This section lists common issues that you may encounter when you upgrade your Advanced Group Policy Management (AGPM) server to a newer version (e.g. AGPM 4.0 to AGPM 4.3). To diagnose issues not listed here, it may be helpful to view the [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) or for an AGPM Administrator (Full Control) to use logging and tracing. For more information, see [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md).
## What problems are you having?
- [Failed to generate a HTML GPO difference report (Error code 80004003)](#bkmk-error-80004003)
### <a href="" id="bkmk-error-80004003"></a>Failed to generate a HTML GPO difference report (Error code 80004003)
- **Cause**: You have installed the AGPM upgrade package with an incorrect account.
- **Solution**: You will need to be an AGPM administrator in order to fix this issue.
- Ensure you know the username & password of your **AGPM service account**.
- Log onto your AGPM server interactively as your AGPM service account.
- This is critically important, as the install will fail if you use a different account.
- Shutdown the AGPM service.
- Install the required hotfix.
- Connect to AGPM using an AGPM client to test that your difference reports are now functioning.

4
mdop/appv-v4/app-v-45-sp2-release-notes.md
View File

@ -73,11 +73,11 @@ When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.m
When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP2 Desktop Client:
**    msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
**msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
Alternatively, if you are installing or upgrading to the App-V 4.5 SP2 Client for Remote Desktop Services (formerly Terminal Services), use the following command:
**    msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
**msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
**Note**  
- The APPGUID parameter references the product code of the App-V Clients that you install or upgrade. The product code is unique for each Setup.msi. You can use the Orca Database Editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP2.

2
mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
View File

@ -156,7 +156,7 @@ Instead of changing the AppFS key FILENAME value every time that a new cache fil
3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled.
**     fsutil behavior set SymlinkEvaluation R2R:1**
**fsutil behavior set SymlinkEvaluation R2R:1**
**Note**  
On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**.

2
mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
View File

@ -167,7 +167,7 @@ Instead of modifying the AppFS key FILENAME value every time that a new cache fi
3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled.
**     fsutil behavior set SymlinkEvaluation R2R:1**
**fsutil behavior set SymlinkEvaluation R2R:1**
**Note**  
On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**.

34
mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
View File

@ -13,10 +13,8 @@ ms.prod: w10
ms.date: 08/30/2016
---
# How to Manually Install the Application Virtualization Client
There are two types of Application Virtualization Client components: the Application Virtualization Desktop Client, which is designed for installation on desktop computers, and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which you can install on Remote Desktop Session Host (RD Session Host) servers . Although the two client installer programs are different, you can use the following procedure to manually install either the Application Virtualization Desktop Client on a single desktop computer or the Application Virtualization Client for Remote Desktop Services on a single RD Session Host server. In a production environment, you most likely will install the Application Virtualization Desktop Client on multiple desktop computers with an automated scripted installation process. For information about how to install multiple clients by using a scripted installation process, see [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md).
**Note**
@ -24,13 +22,9 @@ There are two types of Application Virtualization Client components: the Applica
2. If you have any configuration on the users computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder.
**Note**
For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is installed in the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is installed in the Windows\\SysWOW64 directory.
**To manually install Application Virtualization Desktop Client**
1. After you have obtained the correct installer archive file and saved it to your computer, make sure you are logged on with an account having administrator rights on the computer and double-click the file to expand the archive.
@ -52,13 +46,9 @@ For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL
**Note**
For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see <https://go.microsoft.com/fwlink/?LinkId=150700> (https://go.microsoft.com/fwlink/?LinkId=150700).
For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [https://go.microsoft.com/fwlink/?LinkId=150700](https://go.microsoft.com/fwlink/?LinkId=150700).
~~~
If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully.
~~~
6. When the **Microsoft Application Virtualization Desktop Client InstallShield Wizard** is displayed, click **Next**.
@ -85,8 +75,6 @@ If prompted, click **Install**. Installation progress is displayed, and the stat
**Note**
This path must be different for every user, so it should include a user-specific environment variable or a mapped drive or something else that will resolve to a unique path for each user.
4. When you have finished making the changes, click **Next**.
13. On the **Cache Size Settings** screen, you can accept or change the default cache size. Click one of the following radio buttons to choose how to manage the cache space:
@ -98,11 +86,7 @@ If prompted, click **Install**. Installation progress is displayed, and the stat
**Important**
To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**.
~~~
Click **Next** to continue.
~~~
14. In the following sections of the **Runtime Package Policy Configuration** screen, you can change the parameters that affect how the Application Virtualization client behaves during runtime:
@ -117,11 +101,7 @@ Click **Next** to continue.
**Note**
When you install the App-V client to use with a read-only cache, for example, with a VDI server implementation, set **What applications to Auto Load** to **Do not automatically load applications** to prevent the client from trying to update applications in the read-only cache.
~~~
Click **Next** to continue.
~~~
15. On the **Publishing Server** screen, select the **Set up a Publishing Server now** check box if you want to define a publishing server, or click **Next** if you want to complete this later. To define a publishing server, specify the following information:
@ -144,20 +124,8 @@ Click **Next** to continue.
**Note**
If the installation fails for any reason, you might need to restart the computer before trying the install again.
## Related topics
[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md)
[Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md)

2
mdop/appv-v4/index.md
View File

@ -1,7 +1,7 @@
---
title: Application Virtualization 4
description: Application Virtualization 4
author: jamiejdt
author: dansimp
ms.assetid: 9da557bc-f433-47d3-8af7-68ec4ff9bd3f
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy

24
mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
View File

@ -76,7 +76,7 @@ This section is divided into two parts: (1) features in all versions of App-V an
Microsoft Error Reporting provides a service that allows you to report problems you may be having with App-V to Microsoft and to receive information that may help you avoid or solve such problems.
**Information Collected, Processed, or Transmitted: **
**Information Collected, Processed, or Transmitted:**
For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?linkid=50293>.
@ -84,7 +84,7 @@ For information about the information collected, processed, or transmitted by Mi
We use the error reporting data to solve customer problems and improve our software and services.
**Choice/Control: **
**Choice/Control:**
App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send Microsoft the information about the errors you encountered. When Microsoft needs additional data to analyze the problem, you will be prompted to review the data and choose whether or not to send it.  App-V will always respect your Microsoft Error Reporting settings.
@ -98,7 +98,7 @@ Enterprise customers can use Group Policy to configure how Microsoft Error Repor
Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?linkid=50142>.
**Choice/Control: **
**Choice/Control:**
If Microsoft Update is not enabled, you can opt-in during setup and subsequent checks for updates will follow the machine-wide schedule. You can update this option from the Microsoft Update Control Panel item.
@ -108,7 +108,7 @@ If Microsoft Update is not enabled, you can opt-in during setup and subsequent c
The product will collect various configuration items, including UserID, MachineID and SecurityGroup details, to be able to enforce settings on managed nodes. The data is stored in the App-V SQL database and transmitted across the App-V server and client components to enforce the configuration on the managed node.
**Information Collected, Processed, or Transmitted: **
**Information Collected, Processed, or Transmitted:**
User and machine information and configuration content
@ -116,7 +116,7 @@ User and machine information and configuration content
The information is used to enforce the application access configuration on the managed nodes within the enterprise. The information does not leave the enterprise.
**Choice/Control: **
**Choice/Control:**
By default, the product does not have any data. All data is entered and enabled by the admin and can be viewed in the Management console. The feature cannot be disabled as this is the product functionality. To disable this, App-V will need to be uninstalled.
@ -130,7 +130,7 @@ None of this information is sent out of the enterprise.
It captures package history and asset information as part of the package.
**Information Collected, Processed, or Transmitted: **
**Information Collected, Processed, or Transmitted:**
Information about the package and the sequencing environment is collected and stored in the package manifest during sequencing.
@ -138,7 +138,7 @@ Information about the package and the sequencing environment is collected and st
The information will be used by the admin to track the updates done to a package during its lifecycle. It will also be used by software deployment systems to track the package deployments within the organization.
**Choice/Control: **
**Choice/Control:**
This feature is always enabled and cannot be turned off.
@ -152,7 +152,7 @@ This administrator information will be stored in the package and can be viewed b
The product will collect a variety of reporting data points, including the username, to allow reporting on the usage of the product.
**Information Collected, Processed, or Transmitted: **
**Information Collected, Processed, or Transmitted:**
Information about the machine, package and application usage are collected from every machine that reporting is enabled on.
@ -160,7 +160,7 @@ Information about the machine, package and application usage are collected from
The information is used to report on application usage within the enterprise. The information does not leave the enterprise.
**Choice/Control: **
**Choice/Control:**
By default, the product does not have any data. Data is only collected once the reporting feature is enabled on the App-V Client. To disable the collection of reporting data, the reporting feature must be disabled on all clients.
@ -178,7 +178,7 @@ This section addresses specific features available in App-V 4.6 SP1 and later.
The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information.
**Information Collected, Processed, or Transmitted: **
**Information Collected, Processed, or Transmitted:**
For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
@ -186,7 +186,7 @@ For more information about the information collected, processed, or transmitted
We use this information to improve the quality, reliability, and performance of Microsoft software and services.
**Choice/Control: **
**Choice/Control:**
CEIP is optional and the opt-in status can be updated during install or post install from the GUI.  
@ -196,7 +196,7 @@ CEIP is optional and the opt-in status can be updated during install or post ins
Customers can use Application Package Accelerators to automatically package complex applications without installing the application. The App-V sequencer allows you to create package accelerators for each virtual package. You can then use these package accelerators to automatically re-create the same virtual package in the future. You may also use package accelerators released by Microsoft or other third parties to simplify and automate packaging of complex applications.
**Information Collected, Processed, or Transmitted: **
**Information Collected, Processed, or Transmitted:**
Application Package Accelerators may contain information such as computer names, user account information, and information about applications included in the Package Accelerator file.

4
mdop/appv-v4/planning-for-client-security.md
View File

@ -34,7 +34,7 @@ By default, at installation the App-V client is configured with the minimum perm
By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see <https://go.microsoft.com/fwlink/?LinkId=133278>.
**Security Note:  **
**Security Note:**
Starting with App-V version 4.6, the file type association is no longer created for OSD files during a new installation of the client, although the existing settings will be maintained during an upgrade from version 4.2 or 4.5 of the App-V client. If for any reason it is essential to create the file type association, you can create the following registry keys and set their values as shown:
@ -50,7 +50,7 @@ During installation, you can use the **RequireAuthorizationIfCached** parameter
Antivirus software running on an App-V Client computer can detect and report an infected file in the virtual environment. However, it cannot disinfect the file. If a virus is detected in the virtual environment, the antivirus software would perform the configured quarantine or repair operation in the cache, not in the actual package. Configure the antivirus software with an exception for the sftfs.fsd file. This file is the cache file that stores packages on the App-V Client.
**Security Note:  **
**Security Note:**
If a virus is detected in an application or package deployed in the production environment, replace the application or package with a virus-free version.

2
mdop/appv-v4/security-and-protection-overview.md
View File

@ -21,7 +21,7 @@ Microsoft Application Virtualization 4.5 provides the following enhanced securi
- Application Virtualization now supports Transport Layer Security (TLS) using X.509 V3 certificates. Provided that a server certificate has been provisioned to the planned Application Virtualization Management or Streaming Server, the installation will default to secure, using the RTSPS protocol over port 322. Using RTSPS ensures that communication between the Application Virtualization Servers and the Application Virtualization Clients is signed and encrypted. If no certificate is assigned to the server during the Application Virtualization Server installation, the communication will be set to RTSP over port 554.
**Security Note:  **
**Security Note:**
To help provide a secure setup of the server, you must make sure that RTSP ports are disabled even if you have all packages configured to use RTSPS.

4
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -222,7 +222,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
``` syntax
```xml
<Configuration>
<Add SourcePath= \\Server\Office2016” OfficeClientEdition="32" >
<Product ID="O365ProPlusRetail ">
@ -633,7 +633,7 @@ You may want to disable specific applications in your Office App-V package. For
5. Add the Office 2016 App-V Package with the new Deployment Configuration File.
``` syntax
```xml
<Application Id="[{AppVPackageRoot}]\office16\lync.exe" Enabled="true">
<VisualElements>
<Name>Lync 2016</Name>

4
mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md
View File

@ -43,9 +43,7 @@ You must configure the package converter to always save the package ingredients
Import-Module AppVPkgConverter
```
3.
The following cmdlets are available:
3. The following cmdlets are available:
- Test-AppvLegacyPackage This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.

2
mdop/appv-v5/index.md
View File

@ -1,7 +1,7 @@
---
title: Application Virtualization 5
description: Application Virtualization 5
author: jamiejdt
author: dansimp
ms.assetid: e82eb44b-9ccd-41aa-923b-71400230ad23
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy

2
mdop/dart-v10/index.md
View File

@ -1,7 +1,7 @@
---
title: Diagnostics and Recovery Toolset 10
description: Diagnostics and Recovery Toolset 10
author: jamiejdt
author: dansimp
ms.assetid: 64403eca-ff05-4327-ac33-bdcc96e706c8
ms.pagetype: mdop
ms.mktglfcycl: support

2
mdop/dart-v7/index.md
View File

@ -1,7 +1,7 @@
---
title: Diagnostics and Recovery Toolset 7 Administrator's Guide
description: Diagnostics and Recovery Toolset 7 Administrator's Guide
author: jamiejdt
author: dansimp
ms.assetid: bf89eccd-fc03-48ff-9019-a8640e11dd99
ms.pagetype: mdop
ms.mktglfcycl: support

2
mdop/dart-v8/index.md
View File

@ -1,7 +1,7 @@
---
title: Diagnostics and Recovery Toolset 8 Administrator's Guide
description: Diagnostics and Recovery Toolset 8 Administrator's Guide
author: jamiejdt
author: dansimp
ms.assetid: 33685dd7-844f-4864-b504-3ef384ef01de
ms.pagetype: mdop
ms.mktglfcycl: support

3
mdop/docfx.json
View File

@ -27,6 +27,9 @@
"ms.technology": "windows",
"audience": "ITPro",
"manager": "dansimp",
"ms.prod": "w10",
"ms.author": "dansimp",
"author": "dansimp",
"ms.sitesec": "library",
"ms.topic": "article",
"ms.date": "04/05/2017",

2
mdop/index.md
View File

@ -2,7 +2,7 @@
title: MDOP Information Experience
description: MDOP Information Experience
ms.assetid: 12b8ab56-3267-450d-bb22-1c7e44cb8e52
author: jamiejdt
author: dansimp
ms.pagetype: mdop
ms.mktglfcycl: manage
ms.sitesec: library

68
mdop/mbam-v1/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
description: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
author: jamiejdt
author: dansimp
ms.assetid: 4086e721-db24-4439-bdcd-ac5ef901811f
ms.pagetype: mdop, security
ms.mktglfcycl: manage
@ -10,46 +10,36 @@ ms.prod: w10
ms.date: 04/19/2017
---
# Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface that you can use to manage BitLocker drive encryption. With MBAM, you can select BitLocker encryption policy options that are appropriate to your enterprise and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the entire enterprise. In addition, you can access recovery key information when users forget their PIN or password, or when their BIOS or boot record changes.
<a href="" id="getting-started-with-mbam-1-0"></a>[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
[About MBAM 1.0](about-mbam-10.md)**|**[Evaluating MBAM 1.0](evaluating-mbam-10.md)**|**[High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md)**|**[Accessibility for MBAM 1.0](accessibility-for-mbam-10.md)**|**[Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md)
<a href="" id="planning-for-mbam-1-0"></a>[Planning for MBAM 1.0](planning-for-mbam-10.md)
[Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)**|**[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)**|**[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md)**|**[MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)**|**[MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md)
<a href="" id="deploying-mbam-1-0"></a>[Deploying MBAM 1.0](deploying-mbam-10.md)
[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)**|**[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)**|**[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)**|**[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)**|**[MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md)
<a href="" id="operations-for-mbam-1-0"></a>[Operations for MBAM 1.0](operations-for-mbam-10.md)
[Administering MBAM 1.0 Features](administering-mbam-10-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)**|**[Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md)
<a href="" id="troubleshooting-mbam-1-0"></a>[Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md)
### More Information
<a href="" id="release-notes-for-mbam-1-0"></a>[Release Notes for MBAM 1.0](release-notes-for-mbam-10.md)
View updated product information and known issues for MBAM 1.0.
<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 
- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)
- [About MBAM 1.0](about-mbam-10.md)
- [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md)
- [Evaluating MBAM 1.0](evaluating-mbam-10.md)
- [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md)
- [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md)
- [Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md)
- [Planning for MBAM 1.0](planning-for-mbam-10.md)
- [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)
- [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)
- [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md)
- [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)
- [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md)
- [Deploying MBAM 1.0](deploying-mbam-10.md)
- [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
- [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)
- [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
- [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)
- [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md)
- [Operations for MBAM 1.0](operations-for-mbam-10.md)
- [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
- [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)
- [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
- [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md)
- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md)
## More Information
- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies.

62
mdop/mbam-v2/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
description: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
author: jamiejdt
author: dansimp
ms.assetid: fdb43f62-960a-4811-8802-50efdf04b4af
ms.pagetype: mdop, security
ms.mktglfcycl: manage
@ -10,43 +10,47 @@ ms.prod: w10
ms.date: 04/19/2017
---
# Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface that you can use to manage BitLocker drive encryption. In BitLocker Administration and Monitoring 2.0, you can select BitLocker drive encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.
<a href="" id="getting-started-with-mbam-2-0"></a>[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
[About MBAM 2.0](about-mbam-20-mbam-2.md)**|**[Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)**|**[About MBAM 2.0 SP1](about-mbam-20-sp1.md)**|**[Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)**|**[Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)**|**[High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md)**|**[Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md)
<a href="" id="planning-for-mbam-2-0"></a>[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md)
[Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)**|**[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)**|**[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md)**|**[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)**|**[MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md)
<a href="" id="deploying-mbam-2-0"></a>[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)
[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)**|**[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)**|**[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)**|**[MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md)**|**[Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md)
<a href="" id="operations-for-mbam-2-0"></a>[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)
[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)**|**[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)**|**[Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)**|**[Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)**|** [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md)
<a href="" id="troubleshooting-mbam-2-0"></a>[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md)
### More Information
## Outline
- [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
- [About MBAM 2.0](about-mbam-20-mbam-2.md)
- [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)
- [About MBAM 2.0 SP1](about-mbam-20-sp1.md)
- [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)
- [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)
- [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md)
- [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md)
- [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md)
- [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)
- [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
- [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md)
- [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
- [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md)
- [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)
- [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
- [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)
- [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
- [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md)
- [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md)
- [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)
- [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)
- [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)
- [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)
- [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
- [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)
- [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)
- [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md)
- [Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md)
View updated product information and known issues for MBAM 2.0.
## More Information
- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
- [MDOP Information Experience](index.md)
Learn about the latest MDOP information and resources.
- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
Find documentation, videos, and other resources for MDOP technologies.
 

2
mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
View File

@ -19,7 +19,7 @@ author: shortpatti
This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1
### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1
[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=57157)
[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=58345)
#### Steps to update the MBAM Server for existing MBAM environment
1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features).

88
mdop/mbam-v25/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft BitLocker Administration and Monitoring 2.5
description: Microsoft BitLocker Administration and Monitoring 2.5
author: jamiejdt
author: dansimp
ms.assetid: fd81d7de-b166-47e8-b6c7-d984830762b6
ms.pagetype: mdop, security
ms.mktglfcycl: manage
@ -10,49 +10,56 @@ ms.prod: w10
ms.date: 04/19/2017
---
# Microsoft BitLocker Administration and Monitoring 2.5
Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md).
To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
To obtain MBAM, see [How Do I Get MDOP](index.md#how-to-get-mdop).
<a href="" id="getting-started-with-mbam-2-5"></a>[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
[About MBAM 2.5](about-mbam-25.md)**|**[Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)**|**[About MBAM 2.5 SP1](about-mbam-25-sp1.md)**|**[Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)**|**[Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)**|**[High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)**|**[Accessibility for MBAM 2.5](accessibility-for-mbam-25.md)
<a href="" id="planning-for-mbam-2-5"></a>[Planning for MBAM 2.5](planning-for-mbam-25.md)
[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)**|**[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)**|**[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)**|**[Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)**|**[Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)**|**[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)**|**[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)**|**[Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)**|**[MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)**|**[MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md)
<a href="" id="deploying-mbam-2-5"></a>[Deploying MBAM 2.5](deploying-mbam-25.md)
[Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)**|**[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)**|**[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)**|**[MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)**|**[Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)**|**[Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md)
<a href="" id="operations-for-mbam-2-5"></a>[Operations for MBAM 2.5](operations-for-mbam-25.md)
[Administering MBAM 2.5 Features](administering-mbam-25-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)**|**[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)**|**[Maintaining MBAM 2.5](maintaining-mbam-25.md)**|**[Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
<a href="" id="troubleshooting-mbam-2-5"></a>[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
<a href="" id="technical-reference-for-mbam-2-5"></a>[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
[Client Event Logs](client-event-logs.md)**|**[Server Event Logs](server-event-logs.md)
### More Information
## Outline
- <a href="" id="getting-started-with-mbam-2-5"></a>[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
- [About MBAM 2.5](about-mbam-25.md)
- [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)
- [About MBAM 2.5 SP1](about-mbam-25-sp1.md)
- [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)
- [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)
- [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
- [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md)
- <a href="" id="planning-for-mbam-2-5"></a>[Planning for MBAM 2.5](planning-for-mbam-25.md)
- [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)
- [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)
- [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)
- [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)
- [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)
- [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)
- [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
- [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)
- [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)
- [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md)
- <a href="" id="deploying-mbam-2-5"></a>[Deploying MBAM 2.5](deploying-mbam-25.md)
- [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)
- [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)
- [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
- [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)
- [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)
- [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md)
- <a href="" id="operations-for-mbam-2-5"></a>[Operations for MBAM 2.5](operations-for-mbam-25.md)
- [Administering MBAM 2.5 Features](administering-mbam-25-features.md)
- [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)
- [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
- [Maintaining MBAM 2.5](maintaining-mbam-25.md)
- [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
- <a href="" id="troubleshooting-mbam-2-5"></a>[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
- <a href="" id="technical-reference-for-mbam-2-5"></a>[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
- [Client Event Logs](client-event-logs.md)
- [Server Event Logs](server-event-logs.md)
View updated product information and known issues for MBAM 2.5.
## More Information
- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
- [MDOP Information Experience](index.md)
Learn about the latest MDOP information and resources.
- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
Find documentation, videos, and other resources for MDOP technologies.
- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398)
@ -61,16 +68,3 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin
- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md)
Guide of how to apply MBAM 2.5 SP1 Server hotfixes
## Got a suggestion for MBAM?
- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
 
 

2
mdop/medv-v1/configuring-med-v-for-remote-networks.md
View File

@ -53,7 +53,7 @@ When applying new settings, the service must be restarted.
- You can change the IIS authentication scheme to one of the following: BASIC, DIGEST, NTLM, or NEGOTIATE. The default is NEGOTIATE and uses the following entry:
``` syntax
```xml
<ImageDistribution>
<!-- The authentication used for image download. Basic and digest authentication should be used only under SSL.-->
<!-- The line below can be one of the following: -->

12
mdop/medv-v1/how-to-configure-image-pre-staging.md
View File

@ -72,17 +72,17 @@ Image pre-staging is useful only for the initial image download. It is not suppo
**NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)**
**                                READ\_CONTROL**
**READ\_CONTROL**
**                                                                                SYNCHRONIZE**
**SYNCHRONIZE**
**                                                                                FILE\_GENERIC\_READ**
**FILE\_GENERIC\_READ**
**                                                                                                FILE\_READ\_DATA**
**FILE\_READ\_DATA**
**                                                                                FILE\_READ\_EA**
**FILE\_READ\_EA**
**                                                                                FILE\_READ\_ATTRIBUTES**
**FILE\_READ\_ATTRIBUTES**
**NT AUTHORITY\\SYSTEM:(OI)(CI)F**

2
mdop/medv-v1/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide
description: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide
author: jamiejdt
author: dansimp
ms.assetid: 7bc3e120-df77-4f4c-bc8e-7aaa4c2a6525
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy

2
mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md
View File

@ -32,7 +32,7 @@ You can configure which folders are indexed on the host as part of the Trim Tran
When applying new settings, the service must be restarted.
``` syntax
```xml
<HostIndexingXP type="System.String[]">
- <ArrayOfString>
<string>%WINDIR%</string>

2
mdop/medv-v2/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Enterprise Desktop Virtualization 2.0
description: Microsoft Enterprise Desktop Virtualization 2.0
author: jamiejdt
author: dansimp
ms.assetid: 84109be0-4613-42e9-85fc-fcda8de6e4c4
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy

2
mdop/solutions/index.md
View File

@ -1,7 +1,7 @@
---
title: MDOP Solutions and Scenarios
description: MDOP Solutions and Scenarios
author: jamiejdt
author: dansimp
ms.assetid: 1cb18bef-fbae-4e96-a4f1-90cf111c3b5f
ms.pagetype: mdop
ms.mktglfcycl: deploy

2
mdop/uev-v1/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft User Experience Virtualization (UE-V) 1.0
description: Microsoft User Experience Virtualization (UE-V) 1.0
author: jamiejdt
author: dansimp
ms.assetid: 7c2b59f6-bbe9-4373-8b08-c1738665a37b
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy

2
mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
View File

@ -193,7 +193,7 @@ Youll need to deploy a settings storage location, a standard network share wh
**Security Note:  **
**Security Note:**
If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:

2
mdop/uev-v2/index.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft User Experience Virtualization (UE-V) 2.x
description: Microsoft User Experience Virtualization (UE-V) 2.x
author: jamiejdt
author: dansimp
ms.assetid: b860fed0-b846-415d-bdd6-ba60231a64be
ms.pagetype: mdop, virtualization
ms.mktglfcycl: deploy

8
windows/application-management/remove-provisioned-apps-during-update.md
View File

@ -162,10 +162,14 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe]
```
[Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
[Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
[Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage)

3
windows/application-management/sideload-apps-in-windows-10.md
View File

@ -19,6 +19,9 @@ ms.date: 05/20/2019
- Windows 10
- Windows 10 Mobile
> [!NOTE]
> As of Windows Insider Build 18956, sideloading is enabled by default. Now, you can deploy a signed package onto a device without a special configuration.
"Line-of-Business" (LOB) apps are present in a wide range of businesses and organizations. Organizations value these apps because they solve problems unique to each business.
When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1

2
windows/client-management/advanced-troubleshooting-802-authentication.md
View File

@ -17,7 +17,7 @@ ms.topic: troubleshooting
## Overview
This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or wwitches, it won't be an end-to-end Microsoft solution.
This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution.
## Scenarios

1
windows/client-management/docfx.json
View File

@ -35,6 +35,7 @@
"ms.technology": "windows",
"audience": "ITPro",
"ms.topic": "article",
"manager": "dansimp",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",

26
windows/client-management/mdm/applocker-csp.md
View File

@ -156,22 +156,8 @@ Each of the previous nodes contains one or more of the following leaf nodes:
<tr class="odd">
<td><p><strong>Policy</strong></p></td>
<td><p>Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.</p>
<p>Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.</p>
<p>For CodeIntegrity/Policy, you can use the <a href="https://go.microsoft.com/fwlink/p/?LinkId=724364" data-raw-source="[certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364)">certutil -encode</a> command line tool to encode the data to base-64.</p>
<p>Here is a sample certutil invocation:</p>
```
certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
```
<p>An alternative to using certutil would be to use the following PowerShell invocation:</p>
```
[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
```
<p>If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.</p>
<p>Data type is string. Supported operations are Get, Add, Delete, and Replace.</p></td>
<p>For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace.</p>
<p>For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace.</td>
</tr>
<tr class="even">
<td><p><strong>EnforcementMode</strong></p></td>
@ -186,6 +172,8 @@ certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
</tbody>
</table>
> [!NOTE]
> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
## <a href="" id="productname"></a>Find publisher and product name of apps
@ -842,7 +830,7 @@ The following list shows the apps that may be included in the inbox.
The following example disables the calendar application.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
@ -866,7 +854,7 @@ The following example disables the calendar application.
The following example blocks the usage of the map application.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
@ -1406,7 +1394,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
## Example for Windows 10 Holographic for Business
The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable to enable a working device, as well as Settings.
``` syntax
```xml
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
Name="Whitelist BackgroundTaskHost"

2
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -653,7 +653,7 @@ An alert is send to the MDM server in DM package\#1.
Here's an example.
``` syntax
```xml
<SyncBody>
<Alert>
<CmdID>1</CmdID>

4
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -372,7 +372,7 @@ Data type is string.
Enroll a client certificate through SCEP.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Atomic>
@ -571,7 +571,7 @@ Enroll a client certificate through SCEP.
Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate fro "My" store.
``` syntax
```xml
<SyncML>
<SyncBody>
<Delete>

2
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -90,7 +90,7 @@ Specifies the username used to connect to the proxy.
To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection.
``` syntax
```xml
<wap-provisioningdoc>
<characteristic type="CM_ProxyEntries">
<nocharacteristic type="GPRS_Proxy"/>

2
windows/client-management/mdm/defender-csp.md
View File

@ -215,7 +215,7 @@ Supported product status values:
Example:
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncBody>
<Get>

2
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -73,7 +73,7 @@ When the PC is already enrolled in MDM, you can remotely collect logs from the P
Example: Enable the Debug channel logging
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>

2
windows/client-management/mdm/dmacc-csp.md
View File

@ -262,7 +262,7 @@ Stores specifies which certificate stores the DM client will search to find the
Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
``` syntax
```xml
<parm name="SSLCLIENTCERTSEARCHCRITERIA"
value="Subject=CN%3DTester,O%3DMicrosoft&amp;Stores=My%5CUser" />
```

10
windows/client-management/mdm/eap-configuration.md
View File

@ -56,7 +56,7 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
9. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
``` syntax
```powershell
Get-VpnConnection -Name Test
```
@ -80,17 +80,17 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
IdleDisconnectSeconds : 0
```
``` syntax
```powershell
$a = Get-VpnConnection -Name Test
```
``` syntax
```powershell
$a.EapConfigXmlStream.InnerXml
```
Here is an example output
``` syntax
```xml
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.co
m/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorTy
pe xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisi
@ -158,7 +158,7 @@ The following XML sample explains the properties for the EAP TLS XML including c
 
``` syntax
```xml
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<EapMethod>
<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>

5
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
View File

@ -24,13 +24,16 @@ Summary of steps to enable a policy:
- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
- Create the data payload for the SyncML.
See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) for a walk-through using Intune.
See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX-Backed policies using Microsoft Intune](https://blogs.technet.microsoft.com/senthilkumar/2018/05/21/intune-deploying-admx-backed-policies-using-microsoft-intune/) for a walk-through using Intune.
>[!TIP]
>Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](https://docs.microsoft.com/intune/administrative-templates-windows)
## Enable a policy
> [!NOTE]
> See [Understanding ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies).
1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description.
- GP English name
- GP name

11
windows/client-management/mdm/healthattestation-csp.md
View File

@ -314,7 +314,7 @@ For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint nod
The following example shows a sample call that instructs a managed device to communicate with an enterprise managed DHA-Service.
``` syntax
```xml
<Replace>
<CmdID>1</CmdID>
<Item>
@ -334,7 +334,7 @@ Send a SyncML call to start collection of the DHA-Data.
The following example shows a sample call that triggers collection and verification of health attestation data from a managed device.
``` syntax
```xml
<Exec>
<CmdID>1</CmdID>
<Item>
@ -364,7 +364,7 @@ After the client receives the health attestation request, it sends a response. T
Here is a sample alert that is issued by DHA_CSP:
``` syntax
```xml
<Alert>
<CmdID>1</CmdID>
<Data>1226</Data>
@ -389,7 +389,7 @@ Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and
Here is an example:
``` syntax
```xml
<Replace>
<CmdID>1</CmdID>
<Item>
@ -417,7 +417,6 @@ Here is an example:
</Target>
</Item>
</Get>
```
## <a href="" id="forward-data-to-has"></a>**Step 6: Forward device health attestation data to DHA-service**
@ -1019,7 +1018,7 @@ Each of these are described in further detail in the following sections, along w
## DHA-Report V3 schema
``` syntax
```xml
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v3"

63
windows/client-management/mdm/policy-csp-deviceinstallation.md
View File

@ -12,7 +12,6 @@ author: manikadhiman
# Policy CSP - DeviceInstallation
<hr/>
<!--Policies-->
@ -111,13 +110,6 @@ ADMX Info:
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
To enable this policy, use the following SyncML. This example allows Windows to install compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use `&#xF000;` as a delimiter.
@ -148,6 +140,11 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS]
```
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
@ -222,13 +219,6 @@ ADMX Info:
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
To enable this policy, use the following SyncML. This example allows Windows to install:
- Floppy Disks, ClassGUID = {4d36e980-e325-11ce-bfc1-08002be10318}
@ -266,6 +256,11 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS]
```
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
@ -311,8 +306,6 @@ If you enable this policy setting, Windows does not retrieve device metadata for
If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
@ -340,8 +333,6 @@ ADMX Info:
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
@ -386,7 +377,6 @@ If you enable this policy setting, Windows is prevented from installing or updat
If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
@ -407,13 +397,6 @@ ADMX Info:
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
To enable this policy, use the following SyncML. This example prevents Windows from installing devices that are not specifically described by any other policy setting.
@ -448,7 +431,11 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
You can also block installation by using a custom profile in Intune.
![Custom profile](images/custom-profile-prevent-other-devices.png)
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
@ -512,9 +499,10 @@ ADMX Info:
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<hr/>
To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use <code>&amp;#xF000;</code> as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true.
@ -552,6 +540,11 @@ You can also block installation and usage of prohibited peripherals by using a c
For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USB\Composite" and "USB\Class_FF", and applies to USB devices with matching hardware IDs that are already installed.
![Custom profile](images/custom-profile-prevent-device-ids.png)
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<!--Policy-->
@ -614,9 +607,10 @@ ADMX Info:
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
To enable this policy, use the following SyncML. This example prevents Windows from installing:
- Floppy Disks, ClassGUID = {4d36e980-e325-11ce-bfc1-08002be10318}
@ -653,6 +647,12 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< Section end 2018/11/15 12:26:41.751
<<< [Exit status: SUCCESS]
```
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
Footnote:
@ -664,4 +664,3 @@ Footnote:
- 6 - Added in the next major release of Windows 10.
<!--/Policies-->

2
windows/client-management/mdm/policy-csp-remotemanagement.md
View File

@ -365,7 +365,7 @@ If you disable or do not configure this policy setting, the WinRM service will n
The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.
You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.

6
windows/client-management/mdm/policy-csp-update.md
View File

@ -1053,7 +1053,7 @@ Supported values:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
<!--/Description-->
<!--ADMXMapped-->
@ -1072,7 +1072,7 @@ The following list shows the supported values:
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903)
<!--/SupportedValues-->
<!--/Policy-->
@ -3874,7 +3874,7 @@ The following list shows the supported values:
<!--Example-->
Example
``` syntax
```xml
<Replace>
<CmdID>$CmdID$</CmdID>
<Item>

4
windows/client-management/mdm/remotelock-csp.md
View File

@ -117,7 +117,7 @@ A Get operation on this node must follow an Exec operation on the /RemoteLock/Lo
Initiate a remote lock of the device.
``` syntax
```xml
<Exec>
<CmdID>1</CmdID>
<Item>
@ -130,7 +130,7 @@ Initiate a remote lock of the device.
Initiate a remote lock and PIN reset of the device. To successfully retrieve the new device-generated PIN, the commands must be executed together and in the proper sequence as shown below.
``` syntax
```xml
<Sequence>
<CmdID>1</CmdID>
<Exec>

2
windows/client-management/mdm/remotering-csp.md
View File

@ -31,7 +31,7 @@ The supported operation is Exec.
The following sample shows how to initiate a remote ring on the device.
``` syntax
```xml
<Exec>
<CmdID>5</CmdID>
<Item>

4
windows/client-management/mdm/reporting-csp.md
View File

@ -81,7 +81,7 @@ Supported operations are Get and Replace.
Retrieve all available Windows Information Protection (formerly known as Enterprise Data Protection) logs starting from the specified StartTime.
``` syntax
```xml
<SyncML>
<SyncBody>
<Replace>
@ -104,7 +104,7 @@ Retrieve all available Windows Information Protection (formerly known as Enterpr
Retrieve a specified number of security auditing logs starting from the specified StartTime.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>

Some files were not shown because too many files have changed in this diff Show More