Merge branch 'main' into alexbuckgit/docutune-docs-link-absolute-autopr-20220826-145242-5163947

2025-06-16 10:53:43 +00:00 · 2022-08-26 11:53:48 -06:00
parent ed7536f092 103883d71d
commit 790444d3ff
50 changed files with 319 additions and 161 deletions
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@ -21,6 +21,7 @@
        "files": [
          "**/*.png",
          "**/*.jpg",
+          "**/*.svg",
          "**/*.gif"
        ],
        "exclude": [
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@ -21,6 +21,7 @@
        "files": [
          "**/*.png",
          "**/*.jpg",
+          "**/*.svg",
          "**/*.gif"
        ],
        "exclude": [
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@ -57,11 +57,13 @@ ms.date: 08/01/2022
 - [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>11</sup>
 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
 - [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
+- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) <sup>Insider</sup>
 - [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) <sup>Insider</sup>
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
 - [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) <sup>9</sup>
 - [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
+- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) <sup>Insider</sup>
 - [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) <sup>Insider</sup>
 - [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) <sup>Insider</sup>
 - [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) <sup>10</sup>
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@ -36,6 +36,9 @@ manager: aaroncz
  </dd>
  <dd>
    <a href="#mixedreality-configuremovingplatform">MixedReality/ConfigureMovingPlatform</a>
+  </dd>
+    <dd>
+    <a href="#mixedreality-configurentpclient">MixedReality/ConfigureNtpClient</a>
  </dd>
  <dd>
    <a href="#mixedreality-disablesisallownetworkconnectivitypassivepolling">MixedReality/DisallowNetworkConnectivityPassivePolling</a>
@ -52,6 +55,9 @@ manager: aaroncz
  <dd>
    <a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
  </dd>
+  <dd>
+    <a href="#mixedreality-ntpclientenabled">MixedReality/NtpClientEnabled</a>
+  </dd>
  <dd>
    <a href="#mixedreality-skipcalibrationduringsetup">MixedReality/SkipCalibrationDuringSetup</a>
  </dd>
@ -307,6 +313,71 @@ Supported value is Integer.
 <!--/Policy-->
 <hr/>

+<!--Policy-->
+<a href="" id="mixedreality-configurentpclient"></a>**MixedReality/ConfigureNtpClient**  
+
+<!--SupportedSKUs-->
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy.
+
+This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters.
+
+> [!NOTE]
+> This feature requires enabling[NtpClientEnabled](#mixedreality-ntpclientenabled) as well.
+
+- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureNtpClient`
+
+> [!NOTE]
+> Reboot is required for these policies to take effect.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+
+- Data Type: String
+- Value:
+
+```
+<enabled/><data id="W32TIME_NtpServer"
+value="time.windows.com,0x9"/><data id="W32TIME_Type"
+value="NTP"/><data id="W32TIME_CrossSiteSyncFlags"
+value="2"/><data id="W32TIME_ResolvePeerBackoffMinutes"
+value="15"/><data id="W32TIME_ResolvePeerBackoffMaxTimes"
+value="7"/><data id="W32TIME_SpecialPollInterval"
+value="1024"/><data id="W32TIME_NtpClientEventLogFlags"
+value="0"/>
+```
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
 <!--Policy-->
 <a href="" id="mixedreality-disablesisallownetworkconnectivitypassivepolling"></a>**MixedReality/DisallowNetworkConnectivityPassivePolling**  

@ -510,6 +581,48 @@ The following list shows the supported values:
 - 1 - True

 <!--/SupportedValues-->
+
+<!--Policy-->
+<a href="" id="mixedreality-ntpclientenabled"></a>**MixedReality/NtpClientEnabled**  
+
+<!--SupportedSKUs-->
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+> [!NOTE]
+> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
+This policy setting specifies whether the Windows NTP Client is enabled.
+
+- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/MixedReality/NtpClientEnabled`
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+- Data Type: String
+- Value `<enabled/>`
+
+<!--/SupportedValues-->
+
 <!--/Policy-->
 <hr/>

--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@ -21,6 +21,7 @@
        "files": [
          "**/*.png",
          "**/*.jpg",
+          "**/*.svg",
          "**/*.gif"
        ],
        "exclude": [
--- a/windows/deployment/update/update-compliance-v2-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md
@ -9,7 +9,7 @@ ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
-ms.date: 06/06/2022
+ms.date: 08/24/2022
 ---

 # Configuring Microsoft Endpoint Manager devices for Update Compliance (preview)
@ -29,48 +29,79 @@ This article is specifically targeted at configuring devices enrolled to [Micros

 ## Create a configuration profile

-Take the following steps to create a configuration profile that will set required policies for Update Compliance:
+Create a configuration profile that will set the required policies for Update Compliance. There are two profile types that can be used to create a configuration profile for Update Compliance:
+- The [settings catalog](#settings-catalog)
+- [Template](#custom-oma-uri-based-profile) for a custom OMA URI based profile

-1. Go to the Admin portal in Endpoint Manager and navigate to **Devices/Windows/Configuration profiles**.
-1. On the **Configuration profiles** view, select **Create a profile**.
+### Settings catalog
+
+1. Go to the Admin portal in Endpoint Manager and navigate to **Devices** > **Windows** > **Configuration profiles**.
+1. On the **Configuration profiles** view, select **Create profile**.
+1. Select **Platform**="Windows 10 and later" and **Profile type**="Settings Catalog", and then select **Create**.
+1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
+1. On the **Configuration settings** page, you'll be adding multiple settings from the **System** category. Using the **Settings picker**, select the **System** category, then add the following settings and values:
+    1. Required settings for Update Compliance: 
+        - **Setting**: Allow Commercial Data Pipeline
+        - **Value**: Enabled
+        - **Setting**: Allow Telemetry
+        - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
+        - **Setting**: Allow Update Compliance Processing
+        - **Value**: Enabled
+    1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
+        - **Setting**: Configure Telemetry Opt In Change Notification
+        - **Value**: Disable telemetry change notifications
+        - **Setting**: Configure Telemetry Opt In Settings Ux
+        - **Value**: Disable Telemetry opt-in Settings
+    1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Update Compliance:
+        - **Setting**: Allow device name to be sent in Windows diagnostic data
+        - **Value**: Allowed
+
+1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
+1. Review the settings and then select **Create**.
+
+### Custom OMA URI based profile
+
+1. Go to the Admin portal in Endpoint Manager and navigate to **Devices** > **Windows** > **Configuration profiles**.
+1. On the **Configuration profiles** view, select **Create profile**.
 1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
-1. For **Template name**, select **Custom**, and then press **Create**.
+1. For **Template name**, select **Custom**, and then select **Create**.
 1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
 1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md).
- 
+
+    1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
+        - **Name**: Allow commercial data pipeline
+        - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device.
+        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline`
+        - **Data type**: Integer
+        - **Value**: 1 
    1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
        - **Name**: Allow Telemetry
        - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry`
        - **Data type**: Integer
-        - **Value**: 1 (*all that is required is 1, but it can be safely set to a higher value*).
-    1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this isn't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
-        - **Name**: Disable Telemetry opt-in interface
-        - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
-        - **Data type**: Integer
-        - **Value**: 1
-    1. Add a setting to **Allow device name in diagnostic data**; otherwise, there will be no device name in Update Compliance:
-        - **Name**: Allow device name in Diagnostic Data
-        - **Description**: Allows device name in Diagnostic Data.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
-        - **Data type**: Integer
-        - **Value**: 1
+        - **Value**: 1 (*1 is the minimum value meaning basic, but it can be safely set to a higher value*).
    1. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance:
        - **Name**: Allow Update Compliance Processing
        - **Description**: Opts device data into Update Compliance processing. Required to see data.
        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing`
        - **Data type**: Integer
        - **Value**: 16
-    1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
-        - **Name**: Allow commercial data pipeline
-        - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline`
+    1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance: 
+        - **Name**: Disable Telemetry opt-in interface
+        - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
+        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
+        - **Data type**: Integer
+        - **Value**: 1
+    1. (*Recommended, but not required*) Add a setting to **Allow device name in diagnostic data**; otherwise, the device name won't be in Update Compliance:
+        - **Name**: Allow device name in Diagnostic Data
+        - **Description**: Allows device name in Diagnostic Data.
+        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
        - **Data type**: Integer
        - **Value**: 1

+
 1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
-1. Review and select **Create**.
+1. Review the settings and then select **Create**.

 ## Deploy the configuration script

--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@ -117,8 +117,8 @@ Since existing Windows 365 Cloud PCs already have an existing Azure AD device ID
 **To register devices with Windows Autopatch:**

 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
-2. Select **Windows Autopatch** from the left navigation menu.
-3. Select **Devices**.
+2. Select **Devices** from the left navigation menu.
+3. Under the **Windows Autopatch** section, select **Devices**.
 4. Select either the **Ready** or the **Not ready** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens.
 5. Add either devices through direct membership, or other Azure AD dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group.

@ -148,6 +148,7 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
 1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.

 For more information, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
+
 ### Contact support for device registration-related incidents

 Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
@ -46,7 +46,7 @@ Each deployment ring has a different set of update deployment policies to contro
 Also, during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md), Windows Autopatch assigns each device being registered to one of its deployment rings so that the service has the proper representation of the device diversity across the organization in each deployment ring. The deployment ring distribution is designed to release software update deployments to as few devices as possible to get the signals needed to make a quality evaluation of a given update deployment.

 > [!NOTE]
-> Windows Autopatch deployment rings only apply to Windows quality updates. Additionally, you can't create additional deployment rings or use your own for devices managed by the Windows Autopatch service.
+> You can't create additional deployment rings or use your own for devices managed by the Windows Autopatch service.

 ### Deployment ring calculation logic

--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@ -4,7 +4,7 @@ metadata:
  description: Answers to frequently asked questions about Windows Autopatch.
  ms.prod: w11
  ms.topic: faq
-  ms.date: 08/08/2022
+  ms.date: 08/26/2022
  audience: itpro
  ms.localizationpriority: medium
  manager: dougeby
@ -67,10 +67,10 @@ sections:
          No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
      - question: Do my Cloud PCs appear any differently in the Windows Autopatch admin center?
        answer: |
-          Cloud PC displays the model as the license type you have provisioned. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
+          Cloud PC displays the model as the license type you have provisioned. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
      - question: Can I run Autopatch on my Windows 365 Business Workloads?
        answer: |
-          No. Autopatch is only available on enterprise workloads. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
+          No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
  - name: Update Management
    questions: 
      - question: What systems does Windows Autopatch update?
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@ -21,6 +21,7 @@
        "files": [
          "**/*.png",
          "**/*.jpg",
+          "**/*.svg",
          "**/*.gif"
        ],
        "exclude": [
--- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 10/20/2021
+ms.date: 08/25/2022
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@ -31,6 +31,9 @@ The threat landscape is continually evolving. While hackers are busy developing

 Your environment must have the following hardware to run Microsoft Defender Application Guard.

+> [!NOTE]
+> Application Guard currently isn't supported on Windows 11 ARM64 devices.
+
 | Hardware | Description |
 |--------|-----------|
 | 64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).|
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@ -21,6 +21,7 @@
        "files": [
          "**/**/*.png",
          "**/**/*.jpg",
+          "**/*.svg",
          "**/**/*.gif"
        ],
        "exclude": [