deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

merging new files into branch

Browse Source
This commit is contained in:
Celeste de Guzman 2017-03-02 11:23:27 -08:00
commit 7a915de5a7
154 changed files with 3218 additions and 1338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
browsers/edge/available-policies.md
View File

@ -5,87 +5,109 @@ author: eross-msft
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
title: Available policies for Microsoft Edge (Microsoft Edge for IT Pros)
title: Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge (Microsoft Edge for IT Pros)
localizationpriority: high
---
# Available policies for Microsoft Edge
# Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge
**Applies to:**
- Windows 10
- Windows 10 Mobile
- Windows 10, Windows Insider Program
- Windows 10 Mobile, Windows Insider Program
Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
> **Note**<br>
> For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
> [!NOTE]
> For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
## Group Policy settings
Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
|Policy name|Supported versions|Description|Options|
|-------------|------------|-------------|--------|
|Allow Address bar drop-down list suggestions|Windows 10, Windows Insider Program|This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.<p>**Note**<br>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.<p>If you enable or don't configure this setting, employees can see the Address bar drop-down functionality in Microsoft Edge.<p>If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type".|**Enabled or not configured (default):** Employees can see the Address bar drop-down functionality in Microsoft Edge.<p>**Disabled:** Employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type".|
|Allow Adobe Flash|Windows 10 or later|This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.<p>If you enable or don't configure this setting, employees can use Adobe Flash.<p>If you disable this setting, employees can't use Adobe Flash.|**Enabled or not configured (default):** Employees use Adobe Flash in Microsoft Edge.<p>**Disabled:** Employees cant use Adobe Flash.|
|Allow clearing browsing data on exit|Windows 10, Windows Insider Program|This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.<p>If you enable this policy setting, clearing browsing history on exit is turned on.<p>If you disable or don't configure this policy setting, it can be turned on and configured by the employee in the Clear browsing data options area, under Settings.|**Enabled:** Turns on the automatic clearing of browsing data when Microsoft Edge closes.<p>**Disabled or not configured (default):** Employees can turn on and configure whether to automatically clear browsing data when Microsoft Edge closes in the Clear browsing data options area under Settings.|
|Allow Developer Tools|Windows 10, Version 1511 or later|This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.<p>If you enable or dont configure this setting, the F12 Developer Tools are available in Microsoft Edge.<p>If you disable this setting, the F12 Developer Tools arent available in Microsoft Edge.|**Enabled or not configured (default):** Shows the F12 Developer Tools on Microsoft Edge.<p>**Disabled:** Hides the F12 Developer Tools on Microsoft Edge.|
|Allow Extensions|Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can use Edge Extensions.<p>If you enable or dont configure this setting, employees can use Edge Extensions.<p>If you disable this setting, employees cant use Edge Extensions.|**Enabled or not configured:** Lets employees use Edge Extensions.<p>**Disabled:** Stops employees from using Edge Extensions.|
|Allow InPrivate browsing|Windows 10, Version 1511 or later|This policy setting lets you decide whether employees can browse using InPrivate website browsing.<p>If you enable or dont configure this setting, employees can use InPrivate website browsing.<p>If you disable this setting, employees cant use InPrivate website browsing.|**Enabled or not configured (default):** Lets employees use InPrivate website browsing.<p>**Disabled:** Stops employees from using InPrivate website browsing.|
|Allow Microsoft Compatibility List|Windows 10, Version 1607 or later|This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat.<p>If you enable or dont configure this setting, Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though its in whatever version of IE is necessary for it to appear properly.<p>If you disable this setting, the Microsoft Compatibility List isnt used during browser navigation.|**Enabled or not configured (default):** Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though its in whatever version of IE is necessary for it to appear properly.<p>**Disabled:** Microsoft Edge doesnt use the Microsoft Compatibility List during browser navigation.|
|Allow search engine customization|Windows 10, Windows Insider Program|This policy setting lets you decide whether users can change their search engine.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable or don't configure this policy, users can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.<p>If you disable this setting, users can't add search engines or change the default used in the address bar.|**Enabled or not configured (default):** Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.<p>**Disabled:** Employees can't add search engines or change the default used in the Address bar.|
|Allow web content on New Tab page|Windows 10 or later|This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cant change it.<p>If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.<p>If you disable this setting, Microsoft Edge opens a new tab with a blank page.<p>If you dont configure this setting, employees can choose how new tabs appears.|**Not configured (default):** Employees see web content on New Tab page, but can change it.<p>**Enabled:** Employees see web content on New Tab page.<p>**Disabled:** Employees always see an empty new tab.|
|Configure additional search engines|Windows 10, Windows Insider Program|This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link(s) you wish to add:<br>`<https://fabrikam.com/opensearch.xml>https://www.contoso.com/opensearch.xml`<p>If you disable this setting, any added search engines are removed from your employee's devices.<p>If you don't configure this setting, the search engine list is set to what is specified in App settings.|**Enabled:** Add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine.<p>**Disabled (default):** Any additional search engines are removed from your employee's devices.<p>**Not configured:** Search engine list is set to what is specified in App settings.|
|Configure Autofill|Windows 10 or later|This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill.<p>If you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge.<p>If you disable this setting, employees cant use Autofill to automatically fill in forms while using Microsoft Edge.<p>If you dont configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge.|**Not configured (default):** Employees can choose to turn Autofill on or off.<p>**Enabled:** Employees can use Autofill to complete form fields.<p>**Disabled:** Employees cant use Autofill to complete form fields.|
|Configure cookies|Windows 10 or later|This setting lets you configure how to work with cookies.<p>If you enable this setting, you must also decide whether to:<br><ul><li>**Allow all cookies (default):** Allows all cookies from all websites.</li><li>**Block all cookies:** Blocks all cookies from all websites.</li><li>**Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites.</li></ul><p>If you disable or don't configure this setting, all cookies are allowed from all sites.|**Enabled:** Lets you decide how your company treats cookies.<br>If you use this option, you must also choose whether to:<br><ul><li>**Allow all cookies (default):** Allows all cookies from all websites.</li><li>**Block all cookies:** Blocks all cookies from all websites.</li><li>**Block only 3rd-party cookies:** Blocks only cookies from 3rd-party websites.</li></ul><p>**Disabled or not configured:** All cookies are allowed from all sites.|
|Configure Do Not Track|Windows 10 or later|This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests arent sent, but employees can choose to turn on and send requests.<p>If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info.<p>If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info.<p>If you dont configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tracking info.|**Not configured (default):** Employees can choose to send Do Not Track headers on or off.<p>**Enabled:** Employees can send Do Not Track requests to websites requesting tracking info.<p>**Disabled:** Employees cant send Do Not Track requests to websites requesting tracking info.|
|Allow Extensions |Windows 10, Version 1607 or later |This policy setting lets you decide whether employees can use Edge Extensions.<p>If you enable or dont configure this setting, employees can use Edge Extensions.<p>If you disable this setting, employees cant use Edge Extensions. |**Enabled or not configured:** Lets employees use Edge Extensions.<p>**Disabled:** Stops employees from using Edge Extensions. |
|Configure Favorites|Windows 10, Version 1511 or later|This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time.<p>If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.<p>If you disable or dont configure this setting, employees will see the Favorites that they set in the Favorites hub.|**Enabled:** Configure the default list of Favorites for your employees. If you use this option, you must also add the URLs to the sites.<p>**Disabled or not configured:** Uses the Favorites list and URLs specified in the Favorites hub.|
|Configure Home pages |Windows 10, Version 1511 or later |This policy setting lets you configure one or more Home pages. for domain-joined devices. Your employees won't be able to change this after you set it.<p>If you enable this setting, you can configure one or more Home pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format: <br>`<support.contoso.com><support.microsoft.com>`<p>If you disable or dont configure this setting, your default Home page is the webpage specified in App settings. |**Enabled:** Configure your Home pages. If you use this option, you must also include site URLs.<p>**Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings. |
|Configure Password Manager|Windows 10 or later|This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.<p>If you enable this setting, employees can use Password Manager to save their passwords locally.<p>If you disable this setting, employees cant use Password Manager to save their passwords locally.<p>If you dont configure this setting, employees can choose whether to use Password Manager to save their passwords locally.|**Not configured:** Employees can choose whether to use Password Manager.<p>**Enabled (default):** Employees can use Password Manager to save passwords locally.<p>**Disabled:** Employees can't use Password Manager to save passwords locally.|
|Configure Pop-up Blocker|Windows 10 or later|This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.<p>If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.<p>If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear.<p>If you dont configure this setting, employees can choose whether to use Pop-up Blocker.|**Enabled or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows.<p>**Disabled:** Turns off Pop-up Blocker, allowing pop-up windows.|
|Configure search suggestions in Address bar|Windows 10 or later|This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.<p>If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge.<p>If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge.<p>If you dont configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.|**Not configured (default):** Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.<p>**Enabled:** Employees can see search suggestions in the Address bar of Microsoft Edge.<p>**Disabled:** Employees cant see search suggestions in the Address bar of Microsoft Edge.|
|Configure SmartScreen Filter |Windows 10 or later |This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, SmartScreen Filter is turned on.<p>If you enable this setting, SmartScreen Filter is turned on and employees cant turn it off.<p>If you disable this setting, SmartScreen Filter is turned off and employees cant turn it on.<p>If you dont configure this setting, employees can choose whether to use SmartScreen Filter. |**Not configured (default):** Employees can choose whether to use SmartScreen Filter.<p>**Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.<p>**Disabled:** Turns off SmartScreen Filter. |
|Configure Start pages|Windows 10, Version 1511 or later|This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees won't be able to change this after you set it.<p>If you enable this setting, you can configure one or more Start pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format: <br>`<support.contoso.com><support.microsoft.com>`<p>If you disable or dont configure this setting, your default Start page is the webpage specified in App settings.|**Enabled:** Configure your Start pages. If you use this option, you must also include site URLs.<p>**Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings.|
|Configure the Adobe Flash Click-to-Run setting|Windows 10, Windows Insider Program|This policy setting lets you decide whether employees must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.<p>If you enable or dont configure the Adobe Flash Click-to-Run setting, an employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.<p>**Important**<br>Sites are put on the auto-allowed list based on how frequently employees load and run the content.<p>If you disable this setting, Adobe Flash content is automatically loaded and run by Microsoft Edge.|**Enabled or not configured:** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.<p>**Disabled:** Adobe Flash content is automatically loaded and run by Microsoft Edge.|
|Configure the Enterprise Mode Site List|Windows 10 or later|This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.<p>If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.<p>If you disable or dont configure this setting, Microsoft Edge wont use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.<p>**Note**<br>If theres an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If youre already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.|**Enabled:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if its configured.<p>If you use this option, you must also add the location to your site list in the `{URI}` box. When configured, any site on the list will always open in Internet Explorer 11.<p>**Disabled or not configured (default):** You won't be able to use the Enterprise Mode Site List.|
|Configure Windows Defender SmartScreen|Windows 10 or later|This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.<p>If you enable this setting, Windows Defender SmartScreen is turned on and employees cant turn it off.<p>If you disable this setting, Windows Defender SmartScreen is turned off and employees cant turn it on.<p>If you dont configure this setting, employees can choose whether to use Windows Defender SmartScreen.|**Not configured (default):** Employees can choose whether to use Windows Defender SmartScreen.<p>**Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.<p>**Disabled:** Turns off Windows Defender SmartScreen.|
|Disable lockdown of Start pages|Windows 10, Windows Insider Program|This policy setting lets you disable the lock down of Start pages, letting employees modify the Start pages when the "Configure Start pages" setting is in effect.<p>**Note**<br>This setting only applies when you're using the “Configure Start pages" setting.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means that employees can modify them.<p>If you disable or don't configure this setting, employees can't change any Start pages configured using the "Configure Start pages" setting, thereby locking down the Start pages.|**Enabled:** Youre unable to lock down any Start pages that are configured using the "Configure Start pages" setting, which means that your employees can modify them.<p>**Disabled or not configured (default):** Employees can't change any Start pages configured using the "Configure Start pages" setting.|
|Keep favorites in sync between Internet Explorer and Microsoft Edge|Windows 10, Windows Insider Program|This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge.<p>If you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge.<p>If you disable or don't configure this setting, employees cant sync their favorites between Internet Explorer and Microsoft Edge.|**Enabled:** Employees can sync their Favorites between Internet Explorer and Microsoft Edge.<p>**Disabled or not configured (default):** Employees cant sync their Favorites between Internet Explorer and Microsoft Edge.|
|Prevent access to the about:flags page|Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.<p>If you enable this policy setting, employees cant access the about:flags page.<p>If you disable or dont configure this setting, employees can access the about:flags page.|**Enabled:** Stops employees from using the about:flags page.<p>**Disabled or not configured (default):** Lets employees use the about:flags page.|
|Prevent bypassing SmartScreen prompts for files |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unverified files.<p>If you enable this setting, employees cant ignore SmartScreen Filter warnings and theyre blocked from downloading the unverified files.<p>If you disable or dont configure this setting, employees can ignore SmartScreen Filter warnings and continue the download process. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about unverified files.<p>**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about unverified files and lets them continue the download process. |
|Prevent bypassing SmartScreen prompts for sites |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites.<p>If you enable this setting, employees cant ignore SmartScreen Filter warnings and theyre blocked from continuing to the site.<p>If you disable or dont configure this setting, employees can ignore SmartScreen Filter warnings and continue to the site. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about potentially malicious sites.<p>**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about potentially malicious sites and continue to the site. |
|Prevent bypassing Windows Defender SmartScreen prompts for files|Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.<p>If you enable this setting, employees cant ignore Windows Defender SmartScreen warnings and theyre blocked from downloading the unverified files.<p>If you disable or dont configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download process.|**Enabled:** Stops employees from ignoring the Windows Defender SmartScreen warnings about unverified files.<p>**Disabled or not configured (default):** Lets employees ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.|
|Prevent bypassing Windows Defender SmartScreen prompts for sites|Windows 10, Version 1511 or later|This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.<p>If you enable this setting, employees cant ignore Windows Defender SmartScreen warnings and theyre blocked from continuing to the site.<p>If you disable or dont configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.|**Enabled:** Stops employees from ignoring the Windows Defender SmartScreen warnings about potentially malicious sites.<p>**Disabled or not configured (default):** Lets employees ignore the Windows Defender SmartScreen warnings about potentially malicious sites and continue to the site.|
|Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start|Windows 10, Windows Insider Program|This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.<p>If you enable this setting, Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.<p>If you disable or don't configure this setting, Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.|**Enabled:** Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.<p>**Disabled or not configured (default):** Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.|
|Prevent the First Run webpage from opening on Microsoft Edge|Windows 10, Windows Insider Program|This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.<p>If you enable this setting, employees won't see the First Run page when opening Microsoft Edge for the first time.<p>If you disable or don't configure this setting, employees will see the First Run page when opening Microsoft Edge for the first time.|**Enabled:** Employees won't see the First Run page when opening Microsoft Edge for the first time.<p>**Disabled or not configured (default):** Employees will see the First Run page when opening Microsoft Edge for the first time.|
|Prevent using Localhost IP address for WebRTC|Windows 10, Version 1511 or later|This policy setting lets you decide whether an employees Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.<p>If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.<p>If you disable or dont configure this setting, Localhost IP addresses are shown while making calls using the WebRTC protocol.|**Enabled:** Hides the Localhost IP address during calls using the WebRTC protocol.<p>**Disabled or not configured (default):** Shows the Localhost IP address during phone calls using the WebRTC protocol.|
|Send all intranet sites to Internet Explorer 11|Windows 10 or later|This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.<p>If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.<p>If you disable or dont configure this setting, all websites, including intranet sites, are automatically opened using Microsoft Edge.|**Enabled:** Automatically opens all intranet sites using Internet Explorer 11.<p>**Disabled or not configured (default):** Automatically opens all websites, including intranet sites, using Microsoft Edge.|
|Set default search engine|Windows 10, Windows Insider Program|This policy setting lets you configure the default search engine for your employees. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes.<p>**Important**<br>This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).<p>If you enable this setting, you can choose a default search engine for your employees. If this setting is enabled, you must also add the default engine to the “Set default search engine” setting, by adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link you wish to add:<br>`https://fabrikam.com/opensearch.xml`<p>**Note**<br>If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.<p>If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.<p>If you don't configure this setting, the default search engine is set to the one specified in App settings.|**Enabled:** You can choose a default search engine for your employees.<p>**Disabled:** The policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.<p>**Not configured (default):** The default search engine is set to the one specified in App settings.|
|Show message when opening sites in Internet Explorer|Windows 10, Version 1607 and later|This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you disable or dont configure this setting, the default app behavior occurs and no additional page appears.|**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>**Disabled or not configured (default):** Doesnt show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.|
## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
> **Note**<br>
> [!NOTE]
> The **Supports** column uses these options:
- **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
- **Mobile.** Supports Windows 10 Mobile devices only.
- **Both.** Supports both desktop and mobile devices.
> - **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
> - **Mobile.** Supports Windows 10 Mobile devices only.
> - **Both.** Supports both desktop and mobile devices.
All devices must be enrolled with Intune if you want to use the Windows Custom URI Policy.
|Policy name|Supported versions|Supported device|Details|
|-------------|-------------------|-----------------|--------|
|AllowAutofill|Windows 10 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Autofill to complete form fields.</li><li>**1 (default).** Employees can use Autofill to complete form fields.</li></ul></li></ul>
|AllowAddressBarDropdown|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."</li><li>**1 (default).** Allowed. Address bar drop-down is enabled.</li></ul></li></ul>|
|AllowAutofill|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Autofill to complete form fields.</li><li>**1 (default).** Employees can use Autofill to complete form fields.</li></ul></li></ul>|
|AllowBrowser|Windows 10 or later|Mobile|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowBrowser</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Microsoft Edge.</li><li>**1 (default).** Employees can use Microsoft Edge.</li></ul></li></ul>|
|AllowCookies|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Allows all cookies from all sites.</li><li>**1.** Blocks only cookies from 3rd party websites</li><li>**2.** Blocks all cookies from all sites.</li></ul></li></ul>|
|AllowDeveloperTools|Windows 10, Version 1511 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools</li><li>**Data type:** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees can't use the F12 Developer Tools</li><li>**1 (default).** Employees can use the F12 Developer Tools</li></ul></li></ul>|
|AllowDoNotTrack|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Stops employees from sending Do Not Track headers to websites requesting tracking info.</li><li>**1.** Employees can send Do Not Track headers to websites requesting tracking info.</li></ul></li></ul>|
|AllowExtensions|Windows 10, Version 1607 and later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use Edge Extensions.</li><li>**1 (default).** Employees can use Edge Extensions.</li></ul></li></ul>|
|AllowFlash|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Not allowed. Employees cant use Adobe Flash</li><li>**1 (default).** Allowed. Employees can use Adobe Flash.</li></ul></li></ul>|
|AllowFlashClickToRun|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Adobe Flash content is automatically loaded and run by Microsoft Edge</li><li>**1 (default).** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.</li></ul></li></ul>|
|AllowInPrivate|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees cant use InPrivate browsing.</li><li>**1 (default).** Employees can use InPrivate browsing.</li></ul></li></ul>|
|AllowMicrosoftCompatibilityList|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Additional search engines aren't allowed and the default cant be changed in the Address bar.</li><li>**1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.</li></ul></li></ul>|
|AllowPasswordManager|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can't use Password Manager to save passwords locally.</li><li>**1.** Employees can use Password Manager to save passwords locally.</li></ul></li></ul>|
|AllowPopups|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Pop-up Blocker, allowing pop-up windows.</li><li>**1.** Turns on Pop-up Blocker, stopping pop-up windows.</li></ul></li></ul>|
|AllowSearchEngineCustomization|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Additional search engines are not allowed and the default cant be changed in the Address bar.</li><li>**1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.</li></ul></li></ul>|
|AllowSearchSuggestions<br>inAddressBar|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees cant see search suggestions in the Address bar of Microsoft Edge.</li><li>**1.** Employees can see search suggestions in the Address bar of Microsoft Edge.</li></ul></li></ul>|
|AllowSmartScreen |Windows 10 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off SmartScreen Filter.</li><li>**1.** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.</li></ul></li></ul> |
|AllowSmartScreen|Windows 10 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Windows Defender SmartScreen.</li><li>**1.** Turns on Windows Defender SmartScreen, providing warning messages to your employees about potential phishing scams and malicious software.</li></ul></li></ul>|
|ClearBrowsingDataOnExit|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.</li><li>**1.** Browsing data is cleared on exit.</li></ul></li></ul>|
|ConfigureAdditionalSearchEngines|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Additional search engines are not allowed.</li><li>**1.** Additional search engines are allowed.</li></ul></li></ul>|
|DisableLockdownOfStartPages|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.</li><li>**1.** Disable lockdown of the Start pages and allow users to modify them.</li></ul></li></ul>|
|EnterpriseModeSiteList|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Not configured.</li><li>**1 (default).** Use the Enterprise Mode Site List, if configured.</li><li>**2.** Specify the location to the site list.</li></ul><p>**Note**<br>If theres an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If youre already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.</li></ul>|
|Favorites|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/Favorites</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the **Favorite** URLs for your employees.<p>**Example:**<br>`<contoso.com>`<br>`<fabrikam.com>`<p>**Note**<br> URLs must be on separate lines and aren't shared between Microsoft Edge and Internet Explorer 11.</li></ul>|
|FirstRunURL|Windows 10, Version 1511 or later|Mobile|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/FirstRunURL</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the first run URL for your employees.<p>**Example:**<br>`<contoso.one>`</li></ul></li></ul>|
|HomePages |Windows 10, Version 1511 or later |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/HomePages</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the Home page URLs for your employees.<p>**Example:**<br>`<contoso.com/support><fabrikam.com/support>`</li></ul></li></ul> |
|HomePages|Windows 10, Version 1511 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/HomePages</li><li>**Data type.** String</li><li>**Allowed values:**<ul><li>Configure the Start page (previously known as Home page) URLs for your employees.<p>**Example:**<br>`<contoso.com/support><fabrikam.com/support>`</li></ul></li></ul>|
|PreventAccessToAbout<br>FlagsInMicrosoftEdge|Windows 10, Version 1607 and later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can access the about:flags page in Microsoft Edge.</li><li>**1.** Employees can't access the about:flags page in Microsoft Edge.</li></ul></li></ul>|
|PreventSmartScreen<br>PromptOverride |Windows 10, Version 1511 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can ignore SmartScreen warnings.</li><li>**1.** Employees can't ignore SmartScreen warnings.</li></ul></li></ul> |
|PreventSmartScreen<br>PromptOverrideFor<br>Files |Windows 10, Version 1511 or later |Both |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles </li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees can ignore SmartScreen warnings for files.</li><li>**1.** Employees can't ignore SmartScreen warnings for files.</li></ul></li></ul> |
|PreventFirstRunPage|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Employees see the First Run webpage.</li><li>**1.** Employees don't see the First Run webpage.</li></ul></li></ul>|
|PreventLiveTileDataCollection|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.</li><li>**1.** Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.</li></ul></li></ul>|
|PreventSmartScreenPromptOverride|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Turns off Windows Defender SmartScreen.</li><li>**1.** Turns on Windows Defender SmartScreen.</li></ul></li></ul>|
|PreventSmartScreenPromptOverrideForFiles|Windows 10, Version 1511 or later|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Lets employees ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.</li><li>**1.** Stops employees from ignoring the Windows Defender SmartScreen warnings about unverified files.</li></ul></li></ul>|
|PreventUsingLocalHost<br>IPAddressForWebRTC|Windows 10, Version 1511 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Shows an employee's LocalHost IP address while using the WebRTC protocol.</li><li>**1.** Doesn't show an employee's LocalHost IP address while using the WebRTC protocol.</li></ul></li></ul>|
|SendIntranetTraffic<br>toInternetExplorer|Windows 10 or later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Automatically opens all websites, including intranet sites, using Microsoft Edge.</li><li>**1.** Automatically opens all intranet sites using Internet Explorer 11.</li></ul></li></ul>|
|SetDefaultSearchEngine|Windows 10, Windows Insider Program|Both|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** The default search engine is set to the one specified in App settings.</li><li>**1.** Allows you to configure the default search engine for your employees.</li></ul></li></ul>|
|ShowMessageWhen<br>OpeningInteretExplorer<br>Sites|Windows 10, Version 1607 and later|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInteretExplorer</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Doesnt show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li><li>**1.** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li></ul></li></ul>|
|SyncFavoritesBetweenIEAndMicrosoftEdge|Windows 10, Windows Insider Program|Desktop|<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0 (default).** Synchronization is turned off.</li><li>**1.** Synchronization is turned on.</li></ul></li></ul>|
## Microsoft Edge and Windows 10-specific Group Policy settings
These are additional Windows 10-specific Group Policy settings that work with Microsoft Edge.
@ -107,11 +129,3 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
## Related topics
* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
 
 
 

5
browsers/edge/change-history-for-microsoft-edge.md
View File

@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
## February 2017
|New or changed topic | Description |
|----------------------|-------------|
|[Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. |
## November 2016
|New or changed topic | Description |
|----------------------|-------------|

2
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -277,7 +277,7 @@ Changes to volume levels can be sent by a room control system, or other system.
<tr class="header">
<th align="left">Command</th>
<th align="left">State change</th>
<th align="left">Response</th>
<th align="left">Response</br>(On in [Replacement PC mode](connect-and-display-with-surface-hub.md#replacement-pc-mode))</th>
</tr>
</thead>
<tbody>

4
education/windows/index.md
View File

@ -63,8 +63,12 @@ author: CelesteDG
<div class="side-by-side"> <div class="side-by-side-content">
<div class="side-by-side-content-left"><p><b>[Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md)</b><br />If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.</p></div>
<<<<<<< HEAD
<div class="side-by-side-content-right">
<p></p>
=======
<div class="side-by-side-content-right"><p></p>
>>>>>>> e04a8c5905ed4bcb1df7b6b60d48146df9095a12
</div>
</div>

26
windows/deploy/TOC.md
View File

@ -1,18 +1,18 @@
# [Deploy Windows 10](index.md)
## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
## [Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md)
### [Upgrade Analytics architecture](upgrade-analytics-architecture.md)
### [Upgrade Analytics requirements](upgrade-analytics-requirements.md)
### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
#### [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md)
### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
#### [Upgrade overview](upgrade-analytics-upgrade-overview.md)
#### [Step 1: Identify apps](upgrade-analytics-identify-apps.md)
#### [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md)
#### [Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md)
#### [Additional insights](upgrade-analytics-additional-insights.md)
### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
## [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md)
### [Upgrade Readiness architecture](upgrade-readiness-architecture.md)
### [Upgrade Readiness requirements](upgrade-readiness-requirements.md)
### [Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
### [Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
#### [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md)
### [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)
#### [Upgrade overview](upgrade-readiness-upgrade-overview.md)
#### [Step 1: Identify apps](upgrade-readiness-identify-apps.md)
#### [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md)
#### [Step 3: Deploy Windows](upgrade-readiness-deploy-windows.md)
#### [Additional insights](upgrade-readiness-additional-insights.md)
### [Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)
## [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)

1
windows/deploy/change-history-for-deploy-windows-10.md
View File

@ -14,6 +14,7 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
## February 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) | Multiple topics updated, name changed from Upgrade Analytics to Upgrade Readiness, and other content updates. |
| [USMT Requirements](usmt-requirements.md) | Updated: Vista support removed and other minor changes |
| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated structure and content |
| [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) | Added as a separate page from get started |

BIN
windows/deploy/images/ua-cg-08.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 10 KiB

BIN
windows/deploy/images/ua-cg-09-old.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
windows/deploy/images/ua-cg-09.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 45 KiB

BIN
windows/deploy/images/ua-cg-15.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 54 KiB

After

Width:  |  Height:  |  Size: 54 KiB

BIN
windows/deploy/images/ur-overview.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
windows/deploy/images/ur-target-version.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

2
windows/deploy/index.md
View File

@ -17,7 +17,7 @@ Learn about deploying Windows 10 for IT professionals.
|Topic |Description |
|------|------------|
|[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
|[Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) |With Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
|[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |

41
windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md
View File

@ -1,43 +1,4 @@
---
title: Manage Windows upgrades with Upgrade Analytics (Windows 10)
description: Provides an overview of the process of managing Windows upgrades with Upgrade Analytics.
ms.prod: w10
author: greg-lindsay
redirect_url: manage-windows-upgrades-with-upgrade-readiness
---
# Manage Windows upgrades with Upgrade Analytics
Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
With the release of Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Analytics to get:
- A visual workflow that guides you from pilot to production
- Detailed computer and application inventory
- Powerful computer level search and drill-downs
- Guidance and insights into application and driver compatibility issues, with suggested fixes
- Data driven application rationalization tools
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
- Data export to commonly used software deployment tools, including System Center Configuration Manager
The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
##**Related topics**
[Upgrade Analytics architecture](upgrade-analytics-architecture.md)<BR>
[Upgrade Analytics requirements](upgrade-analytics-requirements.md)<BR>
[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)<BR>
[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)<BR>
[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)<BR>
[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)<BR>

43
windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md Normal file
View File

@ -0,0 +1,43 @@
---
title: Manage Windows upgrades with Upgrade Readiness (Windows 10)
description: Provides an overview of the process of managing Windows upgrades with Upgrade Readiness.
ms.prod: w10
author: greg-lindsay
---
# Manage Windows upgrades with Upgrade Readiness
Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
With the release of Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. Windows Upgrade Readiness not only supports upgrade management from Windows 7, Windows 8.1 to Windows 10, but also Windows 10 upgrades in the [Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview) model.
Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Readiness to get:
- A visual workflow that guides you from pilot to production
- Detailed computer and application inventory
- Powerful computer level search and drill-downs
- Guidance and insights into application and driver compatibility issues, with suggested fixes
- Data driven application rationalization tools
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
- Data export to commonly used software deployment tools, including System Center Configuration Manager
The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
##**Related topics**
[Upgrade Readiness architecture](upgrade-readiness-architecture.md)<BR>
[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<BR>
[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)<BR>
[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<BR>
[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)<BR>
[Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)<BR>

36
windows/deploy/troubleshoot-upgrade-analytics.md
View File

@ -1,38 +1,4 @@
---
title: Troubleshoot Upgrade Analytics (Windows 10)
description: Provides troubleshooting information for Upgrade Analytics.
ms.prod: w10
author: greg-lindsay
redirect_url: troubleshoot-upgrade-readiness
---
# Troubleshoot Upgrade Analytics
If youre having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
If you still dont see data in Upgrade Analytics, follow these steps:
1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
2. Edit the script as described in [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md).
3. Check that isVerboseLogging is set to $true.
4. Run the script again. Log files will be saved to the directory specified in the script.
5. Open a support case with Microsoft Support through your regular channel and provide this information.
## Disable Upgrade Analytics
If you want to stop using Upgrade Analytics and stop sending telemetry data to Microsoft, follow these steps:
1. Unsubscribe from the Upgrade Analytics solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
![Upgrade Analytics unsubscribe](images/upgrade-analytics-unsubscribe.png)
2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
**Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
**Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.

38
windows/deploy/troubleshoot-upgrade-readiness.md Normal file
View File

@ -0,0 +1,38 @@
---
title: Troubleshoot Upgrade Readiness (Windows 10)
description: Provides troubleshooting information for Upgrade Readiness.
ms.prod: w10
author: greg-lindsay
---
# Troubleshoot Upgrade Readiness
If youre having issues seeing data in Upgrade Readiness after running the Upgrade Readiness Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
If you still dont see data in Upgrade Readiness, follow these steps:
1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
2. Edit the script as described in [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md).
3. Check that isVerboseLogging is set to $true.
4. Run the script again. Log files will be saved to the directory specified in the script.
5. Open a support case with Microsoft Support through your regular channel and provide this information.
## Disable Upgrade Readiness
If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps:
1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png)
2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
**Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
**Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.

79
windows/deploy/upgrade-analytics-additional-insights.md
View File

@ -1,81 +1,4 @@
---
title: Upgrade Analytics - Additional insights
description: Explains additional features of Upgrade Analytics.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-additional-insights
---
# Upgrade Analytics - Additional insights
This topic provides information on additional features that are available in Upgrade Analytics to provide insights into your environment. These include:
- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer.
- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
## Site discovery
The site discovery feature in Upgrade Analytics provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
### Install prerequisite security update for Internet Explorer
Ensure the following prerequisites are met before using site discovery:
1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.
2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) to allow Internet Explorer data collection before you run it.
If necessary, you can also enable it by creating the following registry entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
Entry name: IEDataOptIn
Data type: DWORD
Values:
> *IEOptInLevel = 0 Internet Explorer data collection is disabled*
>
> *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
>
> *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
>
> *IEOptInLevel = 3 Data collection is enabled for all sites*
For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx).
![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
### Review most active sites
This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL.
![Most active sites](Images/upgrade-analytics-most-active-sites.png)
Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name.
![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
### Review document modes in use
This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
### Run browser-related queries
You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries.
![](images/upgrade-analytics-query-activex-name.png)
## Office add-ins
Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed. This information should not affect the upgrade decision workflow, but can be helpful to an administrator.
## Related topics
[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)

28
windows/deploy/upgrade-analytics-architecture.md
View File

@ -1,30 +1,4 @@
---
title: Upgrade Analytics architecture (Windows 10)
description: Describes Upgrade Analytics architecture.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-architecture
---
# Upgrade Analytics architecture
Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Analytics components work together in a typical installation.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image1.png" width="624" height="401" />
-->
![Upgrade Analytics architecture](images/upgrade-analytics-architecture.png)
After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Analytics, telemetry data is analyzed by the Upgrade Analytics Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Analytics solution (5) to plan and manage Windows upgrades.
For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)<BR>
[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
##**Related topics**
[Upgrade Analytics requirements](upgrade-analytics-requirements.md)<BR>
[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)<BR>
[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)<BR>

95
windows/deploy/upgrade-analytics-deploy-windows.md
View File

@ -1,97 +1,4 @@
---
title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10)
description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Analytics.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-deploy-windows
---
# Upgrade Analytics - Step 3: Deploy Windows
All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as youve resolved issues and decided which applications and drivers are ready to upgrade, youve been building a list of computers that are upgrade ready.
The blades in the **Deploy** section are:
- [Deploy eligible computers](#deploy-eligible-computers)
- [Deploy computers by group](#computer-groups)
>Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment).
## Deploy eligible computers
In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer. This value cannot be modified directly. The upgrade decision is calculated in the following ways:
- **Review in progress**: At least one app or driver installed on the computer is marked **Review in progress**.
- **Ready to upgrade**: All apps and drivers installed on the computer are marked as **Ready to Upgrade**.
- **Wont upgrade**: At least one app or driver installed on the computer is marked as **Wont upgrade**, or a system requirement is not met.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image9.png" width="195" height="316" />
-->
![Deploy eligible computers](images/ua-cg-16.png)
Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
>**Important**<br> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
## Computer groups
Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/).
Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Analytics Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS.
### Getting started with Computer Groups
When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example:
![Computer groups](images/ua-cg-01.png)
To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example:
```
Type=UAComputer Manufacturer=DELL
```
![Computer groups](images/ua-cg-02.png)
When you are satisfied that the query is returning the intended results, add the following text to your search:
```
| measure count() by Computer
```
This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example:
![Computer groups](images/ua-cg-03.png)
Your new computer group will now be available in Upgrade Analytics. See the following example:
![Computer groups](images/ua-cg-04.png)
### Using Computer Groups
When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Wont upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready.
![Computer groups](images/ua-cg-05.png)
Viewing a list of computers in a certain status is self-explanatory, Lets look at what happens when you click the details link on **Review in progress**:
![Computer groups](images/ua-cg-06.png)
Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**:
![Computer groups](images/ua-cg-07.png)
A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed.
### Upgrade assessment
Upgrade assessment and guidance details are explained in the following table.
| Upgrade assessment | Action required before or after upgrade pilot? | Issue | What it means | Guidance |
|-----------------------|------------------------------------------------|----------|-----------------|---------------|
| No known issues | No | None | Computers will upgrade seamlessly.<br> | OK to use as-is in pilot. |
| OK to pilot, fixed during upgrade | No, for awareness only | Application or driver will not migrate to new OS | The currently installed version of an application or driver wont migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot. |
| OK to pilot with new driver from Windows Update | Yes | Driver will not migrate to new OS | The currently installed version of a driver wont migrate to the new operating system; however, a newer, compatible version is available from Windows Update. | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.

101
windows/deploy/upgrade-analytics-deployment-script.md
View File

@ -1,103 +1,4 @@
---
title: Upgrade Analytics deployment script (Windows 10)
description: Deployment script for Upgrade Analytics.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
redirect_url: upgrade-readiness-deployment-script
---
# Upgrade Analytics deployment script
To automate the steps provided in [Get started with Upgrade Analytics](upgrade-analytics-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
For detailed information about using the upgrade analytics deployment script, also see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
> The following guidance applies to version 11.11.16 or later of the Upgrade Analytics deployment script. If you are using an older version, please download the latest from [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
The Upgrade Analytics deployment script does the following:
1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
2. Verifies that user computers can send data to Microsoft.
3. Checks whether the computer has a pending restart.  
4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
5. If enabled, turns on verbose mode for troubleshooting.
6. Initiates the collection of the telemetry data that Microsoft needs to assess your organizations upgrade readiness.
7. If enabled, displays the scripts progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
To run the Upgrade Analytics deployment script:
1. Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
2. Edit the following parameters in RunConfig.bat:
1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
2. Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
> *logMode = 0 log to console only*
>
> *logMode = 1 log to file and console*
>
> *logMode = 2 log to file only*
3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
> *IEOptInLevel = 0 Internet Explorer data collection is disabled*
>
> *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
>
> *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
>
> *IEOptInLevel = 3 Data collection is enabled for all sites*
4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
<div id="error-codes"></div>
The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
<div style='font-size:10.0pt'>
<TABLE border=1 cellspacing=0 cellpadding=0>
<TR><TH BGCOLOR="#a0e4fa">Exit code<TH BGCOLOR="#a0e4fa">Meaning<TH BGCOLOR="#a0e4fa">Suggested fix
<TR><TD>0<TD>Success<TD>
<TR><TD>1<TD>Unexpected error occurred while executing the script<TD> The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
<TR><TD>2<TD>Error when logging to console. $logMode = 0.<TD> Try changing the $logMode value to **1** and try again.
<TR><TD>3<TD>Error when logging to console and file. $logMode = 1.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>4<TD>Error when logging to file. $logMode = 2.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>5<TD>Error when logging to console and file. $logMode = unknown.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>6<TD>The commercialID parameter is set to unknown. Modify the script.<TD>Set the value for CommercialID in runconfig.bat file.
<TR><TD>8<TD>Failure to create registry key path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection. <TD> Verify that the configuration script has access to this location.
<TR><TD>9<TD>Error when writing CommercialId to registry.<TD>Verify that the configuration script has access to this location.
<TR><TD>10<TD>Error when writing CommercialDataOptIn to registry.<TD>Verify that the configuration script has access to this location.
<TR><TD>11<TD>Function -SetupCommercialId: Unexpected failure.<TD>Verify that the configuration script has access to this location.
<TR><TD>12<TD>Cant connect to Microsoft Vortex. Check your network/proxy settings.<TD>Verify that the required endpoints are whitelisted correctly.
<TR><TD>13<TD>Cant connect to Microsoft setting. <TD>Verify that the required endpoints are whitelisted correctly.
<TR><TD>14<TD>Cant connect to Microsoft compatexchange.<TD> Verify that the required endpoints are whitelisted.
<TR><TD>15<TD>Error connecting to Microsoft:Unexpected failure.<TD>
<TR><TD>16<TD>Machine requires reboot.<TD> The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
<TR><TD>17<TD>Function -CheckRebootRequired: Unexpected failure.<TD>The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
<TR><TD>18<TD>Outdated compatibility update KB package. Update via Windows Update/WSUS.<TD>
The configuration script detected a version of the Compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Analytics solution. Use the latest version of the Compatibility update for Windows 7 SP1/Windows 8.1.
<TR><TD>19<TD>The compatibility update failed with unexpected exception.<TD> The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
<TR><TD>20<TD>Error writing RequestAllAppraiserVersions registry key.<TD> This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
<TR><TD>21<TD>Function SetRequestAllAppraiserVersions: Unexpected failure.<TD>This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
<TR><TD>22<TD>RunAppraiser failed with unexpected exception.<TD> Check %windir%\System32 directory for a file called CompatTelRunner.exe. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization group policy to make sure it does not remove this file.
<TR><TD>23<TD>Error finding system variable %WINDIR%.<TD> Make sure that this environment variable is available on the machine.
<TR><TD>24<TD>SetIEDataOptIn failed when writing IEDataOptIn to registry.<TD> Verify that the deployment script in running in a context that has access to the registry key.
<TR><TD>25<TD>SetIEDataOptIn failed with unexpected exception.<TD> The files in the deployment script are likely corrupted. Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
<TR><TD>26<TD>The operating system is Server or LTSB SKU.<TD> The script does not support Server or LTSB SKUs.
<TR><TD>27<TD>The script is not running under System account.<TD>The Upgrade Analytics configuration script must be run as system.
<TR><TD>28<TD>Could not create log file at the specified logPath.<TD> Make sure the deployment script has access to the location specified in the logPath parameter.
<TR><TD>29<TD> Connectivity check failed for proxy authentication. <TD> Install the cumulative updates on the machine and enable the `DisableEnterpriseAuthProxy` authentication proxy setting. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7. For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
<TR><TD>30<TD>Connectivity check failed. Registry key property `DisableEnterpriseAuthProxy` is not enabled.<TD> The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7. For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
<TR><TD>31<TD>There is more than one instance of the Upgrade Analytics data collector running at the same time on this machine. <TD> Use the Windows Task Manager to check if CompatTelRunner.exe is running, and wait until it has completed to rerun the script.
**The Upgrade Analytics task is scheduled to run daily at 3 a.m.**
</TABLE>
</div>

128
windows/deploy/upgrade-analytics-get-started.md
View File

@ -1,130 +1,4 @@
---
title: Get started with Upgrade Analytics (Windows 10)
description: Explains how to get started with Upgrade Analytics.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
redirect_url: upgrade-readiness-get-started
---
# Get started with Upgrade Analytics
This topic explains how to obtain and configure Upgrade Analytics for your organization.
You can use Upgrade Analytics to plan and manage your upgrade project end-to-end. Upgrade Analytics works by establishing communications between computers in your organization and Microsoft. Upgrade Analytics collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
Before you begin, consider reviewing the following helpful information:<BR>
- [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements): Provides detailed requirements to use Upgrade Analytics.<BR>
- [Upgrade Analytics blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Analytics.
>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Analytics with Configuration Manager: [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
When you are ready to begin using Upgrade Analytics, perform the following steps:
1. Review [data collection and privacy](#data-collection-and-privacy) information.
2. [Add Upgrade Analytics to OMS](#add-upgrade-analytics-to-operations-management-suite).
3. [Enable data sharing](#enable-data-sharing).
4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment.
5. [Deploy Upgrade Analytics at scale](#deploy-upgrade-analytics-at-scale).
## Data collection and privacy
To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
## Add Upgrade Analytics to Operations Management Suite
Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
If you are already using OMS, youll find Upgrade Analytics in the Solutions Gallery. Select the **Upgrade Analytics** tile in the gallery and then click **Add** on the solution's details page. Upgrade Analytics is now visible in your workspace.
If you are not using OMS:
1. Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organizations Azure administrator.
> If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
1. To add the Upgrade Analytics solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Analytics** tile in the gallery and then select **Add** on the solutions details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Analytics.
2. Click the **Upgrade Analytics** tile to configure the solution. The **Settings Dashboard** opens.
### Generate your commercial ID key
Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
1. On the Settings Dashboard, navigate to the **Windows telemetry** panel.
![upgrade-analytics-telemetry](images/upgrade-analytics-telemetry.png)
2. On the Windows telemetry panel, copy and save your commercial ID key. Youll need to insert this key into the Upgrade Analytics deployment script later so it can be deployed to user computers.
>**Important**<br> Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, youll need to deploy the new commercial ID key to user computers again.
### Subscribe to Upgrade Analytics
For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Analytics.
1. On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Analytics solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
1. Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Analytics tile now displays summary data. Click the tile to open Upgrade Analytics.
## Enable data sharing
To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
Note: The compatibility update KB runs under the computers system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
## Deploy the compatibility update and related KBs
The compatibility update KB scans your computers and enables application usage tracking. If you dont already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
| **Operating System** | **KBs** |
|----------------------|-----------------------------------------------------------------------------|
| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513. |
| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2952664 must be installed before you can download and install KB3150513. |
IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
If you are planning to enable IE Site Discovery, you will need to install a few additional KBs.
| **Site discovery** | **KB** |
|----------------------|-----------------------------------------------------------------------------|
| [Review site discovery](upgrade-analytics-review-site-discovery.md) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. |
### Deploy the Upgrade Analytics deployment script
You can use the Upgrade Analytics deployment script to automate and verify your deployment.
See [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed.
>After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
## Deploy Upgrade Analytics at scale
When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization.
### Automate data collection
To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
- Schedule the Upgrade Analytics deployment script to automatically run so that you dont have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you wont see the changes in Upgrade Analytics until you run the script again.
- Schedule monthly user computer scans to view monthly active computer and usage information.
### Distribute the deployment script at scale
Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Analytics deployment script at scale. For more information, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).

33
windows/deploy/upgrade-analytics-identify-apps.md
View File

@ -1,36 +1,5 @@
---
title: Upgrade Analytics - Identify important apps (Windows 10)
description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-identify-apps
---
# Upgrade Analytics - Step 1: Identify important apps
This is the first step of the Upgrade Analytics workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image5.png" width="213" height="345" />
-->
![Prioritize applications](images/upgrade-analytics-prioritize.png)
Select **Assign importance** to change an applications importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
To change an applications importance level:
1. Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level.
2. Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
3. Click **Save** when finished.
Importance levels include:
| Importance level | When to use it | Recommendation |
|--------------------|------------------|------------------|
| Low install count | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.<br><br> |
| Not reviewed | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.<br><br> | Once youve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns. |
| Business critical | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organizations functioning, mark it **Business critical**. <br><br> | You may also want to change the applications status to **Review in progress** in the **UpgradeDecision** column to let other team members know that youre working on getting this business critical application upgrade-ready. Once youve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Important | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organizations functioning, mark it **Important**. | You may also want to change the applications status to **Review in progress** in the **UpgradeDecision** column to let other team members know that youre working on getting this important application upgrade-ready. Once youve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Ignore | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organizations functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br> | Set the applications importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**. By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.<br><br> |
| Review in progress | Once youve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br> | As you learn more about the applications importance to your organizations functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until youve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br> |

2
windows/deploy/upgrade-analytics-prepare-your-environment.md
View File

@ -1,4 +1,4 @@
---
title: Upgrade Analytics - Identify important apps (Windows 10)
redirect_url: upgrade-analytics-identify-apps
redirect_url: upgrade-readiness-identify-apps
---

3
windows/deploy/upgrade-analytics-release-notes.md
View File

@ -1,5 +1,4 @@
---
title: Upgrade Analytics release notes (Windows 10)
description: Provides tips and limitations about Upgrade Analytics.
redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements#important-information-about-this-release
redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
---

85
windows/deploy/upgrade-analytics-requirements.md
View File

@ -1,88 +1,5 @@
---
title: Upgrade Analytics requirements (Windows 10)
description: Provides requirements for Upgrade Analytics.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-requirements
---
# Upgrade Analytics requirements
This article introduces concepts and steps needed to get up and running with Upgrade Analytics. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Analytics.
## Supported upgrade paths
To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Analytics performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Analytics cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
Note: Upgrade Analytics is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Analytics insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
## Operations Management Suite
Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
If youre already using OMS, youll find Upgrade Analytics in the Solutions Gallery. Click the Upgrade Analytics tile in the gallery and then click Add on the solutions details page. Upgrade Analytics is now visible in your workspace.
If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, youll create an OMS workspace and add the Upgrade Analytics solution to it.
Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
## System Center Configuration Manager integration
Upgrade Analytics can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
## Telemetry and data sharing
After youve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, youll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, youll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
`https://v10.vortex-win.data.microsoft.com/collect/v1`<BR>
`https://vortex-win.data.microsoft.com/health/keepalive`<BR>
`https://settings-win.data.microsoft.com/settings`<BR>
`https://vortex.data.microsoft.com/health/keepalive`<BR>
`https://settings.data.microsoft.com/qos`<BR>
`https://go.microsoft.com/fwlink/?LinkID=544713`<BR>
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`<BR>
>**Note** The compatibility update KB runs under the computers system account and does not support user authentication in this release.
**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. Youll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as youll need it later.
**Subscribe your OMS workspace to Upgrade Analytics.** For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, youll need to subscribe your OMS workspace to Upgrade Analytics.
**Enable telemetry and connect data sources.** To allow Upgrade Analytics to collect system, application, and driver data and assess your organizations upgrade readiness, communication must be established between Upgrade Analytics and user computers. Youll need to connect Upgrade Analytics to your data sources and enable telemetry to establish communication.
**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you dont already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
>**Important**<br> The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated.
**Configure and deploy Upgrade Analytics deployment script.** Configure and deploy the Upgrade Analytics deployment script to user computers to finish setting up.
## Important information about this release
Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
**Upgrade Analytics does not support on-premises Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Analytics solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. Were adding support for additional regions and well update this information when new international regions are supported.
### Tips
- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
## Get started
See [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Analytics and getting started on your Windows upgrade project.

142
windows/deploy/upgrade-analytics-resolve-issues.md
View File

@ -1,145 +1,5 @@
---
title: Upgrade Analytics - Resolve application and driver issues (Windows 10)
description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Analytics.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-resolve-issues
---
# Upgrade Analytics - Step 2: Resolve app and driver issues
This section of the Upgrade Analytics workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
You can change an applications upgrade decision and a drivers upgrade decision from the blades in this section. To change an applications or a drivers importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
Upgrade decisions include:
| Upgrade decision | When to use it | Guidance |
|--------------------|-------------------|-------------|
| Not reviewed | All drivers are marked as Not reviewed by default.<br><br>Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default. <br> | Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br> |
| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.<br><br>Until youve determined that applications and drivers will migrate successfully or youve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once youve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once youve resolved all blocking issues and youre confident that they will upgrade successfully, or if youve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.<br><br>In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br> |
| Wont upgrade | By default, no applications or drivers are marked **Wont upgrade** because only you can make that determination. <br><br>Use **Wont upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.<br> | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Wont upgrade**. <br><br> |
The blades in the **Resolve issues** section are:
- Review applications with known issues
- Review applications with no known issues
- Review drivers with known issues
As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
## Review applications with known issues
Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image6.png" width="192" height="321" />
-->
![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png)
To change an application's upgrade decision:
1. Select **Decide upgrade readiness** to view applications with issues.
2. In the table view, select an **UpgradeDecision** value.
3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
5. Click **Save** when finished.
IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
|--------------------|-----------------------------------|-----------|-----------------|------------|
| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system. <br> | No action is required for the upgrade to proceed. |
| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br> | Remove the application before upgrading, and reinstall and test on new operating system. |
| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.<br> |
| Attention needed | No | Does not work with new OS, but wont block upgrade | The application is not compatible with the new operating system, but wont block the upgrade. | No action is required for the upgrade to proceed, however, youll have to install a compatible version of the application on the new operating system.<br> |
| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading. <br><br>A compatible version of the application may be available.<br> |
| Attention needed | Yes | May block upgrade, test application | Issues were detected that may interfere with the upgrade, but need to be investigated further.<br> | Test the applications behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.<br> |
| Attention needed | Maybe | Multiple | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
|--------------------|-----------------------------------|----------|-----------------|-------------|
| Fix available | Yes | Blocking upgrade, update application to newest version | The existing version of the application is not compatible with the new operating system and wont migrate. A compatible version of the application is available. | Update the application before upgrading. |
| Fix available | No | Reinstall application after upgrading | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.<br> | No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
| Fix available | Yes | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but wont migrate. | Remove the application before upgrading and reinstall on the new operating system.<br> |
| Fix available | Yes | Disk encryption blocking upgrade | The applications encryption features are blocking the upgrade. | Disable the encryption feature before upgrading and enable it again after upgrading.<br> |
### ISV support for applications with Ready for Windows
[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/).
Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example:
![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png)
If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png)
If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows.
![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png)
The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses)
| Ready for Windows Status | Query rollup level | What this means | Guidance |
|-------------------|--------------------------|-----------------|----------|
|Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. |
| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.|
|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
## Review applications with no known issues
Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png)
Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates.
To change an application's upgrade decision:
1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table.
2. Select **User changes** to change the upgrade decision for each application.
3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
4. Click **Save** when finished.
## Review drivers with known issues
Drivers that wont migrate to the new operating system are listed, grouped by availability.
![Review drivers with known issues](images/upgrade-analytics-drivers-known.png)
Availability categories are explained in the table below.
| Driver availability | Action required before or after upgrade? | What it means | Guidance |
|-----------------------|------------------------------------------|----------------|--------------|
| Available in-box | No, for awareness only | The currently installed version of an application or driver wont migrate to the new operating system; however, a compatible version is installed with the new operating system.<br> | No action is required for the upgrade to proceed. |
| Import from Windows Update | Yes | The currently installed version of a driver wont migrate to the new operating system; however, a compatible version is available from Windows Update.<br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
| Available in-box and from Windows Update | Yes | The currently installed version of a driver wont migrate to the new operating system. <br><br>Although a new driver is installed during upgrade, a newer version is available from Windows Update. <br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
| Check with vendor | Yes | The driver wont migrate to the new operating system and we are unable to locate a compatible version. <br> | Check with the independent hardware vendor (IHV) who manufactures the driver for a solution. |
To change a drivers upgrade decision:
1. Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
2. Select **User changes** to enable user input.
3. Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
4. Click **Save** when finished.

2
windows/deploy/upgrade-analytics-review-site-discovery.md
View File

@ -1,6 +1,6 @@
---
title: Review site discovery
redirect_url: upgrade-analytics-additional-insights
redirect_url: upgrade-readiness-additional-insights
---

49
windows/deploy/upgrade-analytics-upgrade-overview.md
View File

@ -1,51 +1,4 @@
---
title: Upgrade Analytics - Upgrade Overview (Windows 10)
description: Displays the total count of computers sharing data and upgraded.
ms.prod: w10
author: greg-lindsay
redirect_url: upgrade-readiness-upgrade-overview
---
# Upgrade Analytics - Upgrade overview
The first blade in the Upgrade Analytics solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The following status changes are reflected on the upgrade overview blade:
- Computers with incomplete data:
- Less than 4% = count is displayed in green.
- 4% - 10% = Count is displayed in amber.
- Greater than 10% = Count is displayed in red.
- Delay processing device inventory data = The "Last updated" banner is displayed in amber.
- Pending user changes = User changes count displays "Data refresh pending" in amber.
- No pending user changes = User changes count displays "Up to date" in green.
In the following example, less than 4% of (3k\355k) computers have incomplete data, and there are no pending user changes:
![Upgrade overview](images/ua-cg-17.png)
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image3.png" width="214" height="345" />
-->
If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
Select **Total computers** for a list of computers and details about them, including:
- Computer ID and computer name
- Computer manufacturer
- Computer model
- Operating system version and build
- Count of system requirement, application, and driver issues per computer
- Upgrade assessment based on analysis of computer telemetry data
- Upgrade decision status
Select **Total applications** for a list of applications discovered on user computers and details about them, including:
- Application vendor
- Application version
- Count of computers the application is installed on
- Count of computers that opened the application at least once in the past 30 days
- Percentage of computers in your total computer inventory that opened the application in the past 30 days
- Issues detected, if any
- Upgrade assessment based on analysis of application data
- Rollup level

81
windows/deploy/upgrade-readiness-additional-insights.md Normal file
View File

@ -0,0 +1,81 @@
---
title: Upgrade Readiness - Additional insights
description: Explains additional features of Upgrade Readiness.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness - Additional insights
This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer.
- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
## Site discovery
The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
### Install prerequisite security update for Internet Explorer
Ensure the following prerequisites are met before using site discovery:
1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.
2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it.
If necessary, you can also enable it by creating the following registry entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
Entry name: IEDataOptIn
Data type: DWORD
Values:
> *IEOptInLevel = 0 Internet Explorer data collection is disabled*
>
> *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
>
> *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
>
> *IEOptInLevel = 3 Data collection is enabled for all sites*
For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx).
![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
### Review most active sites
This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL.
![Most active sites](Images/upgrade-analytics-most-active-sites.png)
Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name.
![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
### Review document modes in use
This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
### Run browser-related queries
You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries.
![](images/upgrade-analytics-query-activex-name.png)
## Office add-ins
Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed. This information should not affect the upgrade decision workflow, but can be helpful to an administrator.
## Related topics
[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)

30
windows/deploy/upgrade-readiness-architecture.md Normal file
View File

@ -0,0 +1,30 @@
---
title: Upgrade Readiness architecture (Windows 10)
description: Describes Upgrade Readiness architecture.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness architecture
Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image1.png" width="624" height="401" />
-->
![Upgrade Readiness architecture](images/upgrade-analytics-architecture.png)
After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.
For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)<BR>
[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
##**Related topics**
[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<BR>
[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)<BR>
[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<BR>

97
windows/deploy/upgrade-readiness-deploy-windows.md Normal file
View File

@ -0,0 +1,97 @@
---
title: Upgrade Readiness - Get a list of computers that are upgrade-ready (Windows 10)
description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness - Step 3: Deploy Windows
All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as youve resolved issues and decided which applications and drivers are ready to upgrade, youve been building a list of computers that are upgrade ready.
The blades in the **Deploy** section are:
- [Deploy eligible computers](#deploy-eligible-computers)
- [Deploy computers by group](#computer-groups)
>Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment).
## Deploy eligible computers
In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer. This value cannot be modified directly. The upgrade decision is calculated in the following ways:
- **Review in progress**: At least one app or driver installed on the computer is marked **Review in progress**.
- **Ready to upgrade**: All apps and drivers installed on the computer are marked as **Ready to Upgrade**.
- **Wont upgrade**: At least one app or driver installed on the computer is marked as **Wont upgrade**, or a system requirement is not met.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image9.png" width="195" height="316" />
-->
![Deploy eligible computers](images/ua-cg-16.png)
Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
>**Important**<br> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
## Computer groups
Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/).
Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Readiness Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS.
### Getting started with Computer Groups
When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example:
![Computer groups](images/ua-cg-01.png)
To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example:
```
Type=UAComputer Manufacturer=DELL
```
![Computer groups](images/ua-cg-02.png)
When you are satisfied that the query is returning the intended results, add the following text to your search:
```
| measure count() by Computer
```
This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example:
![Computer groups](images/ua-cg-03.png)
Your new computer group will now be available in Upgrade Readiness. See the following example:
![Computer groups](images/ua-cg-04.png)
### Using Computer Groups
When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Wont upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready.
![Computer groups](images/ua-cg-05.png)
Viewing a list of computers in a certain status is self-explanatory, Lets look at what happens when you click the details link on **Review in progress**:
![Computer groups](images/ua-cg-06.png)
Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**:
![Computer groups](images/ua-cg-07.png)
A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed.
### Upgrade assessment
Upgrade assessment and guidance details are explained in the following table.
| Upgrade assessment | Action required before or after upgrade pilot? | Issue | What it means | Guidance |
|-----------------------|------------------------------------------------|----------|-----------------|---------------|
| No known issues | No | None | Computers will upgrade seamlessly.<br> | OK to use as-is in pilot. |
| OK to pilot, fixed during upgrade | No, for awareness only | Application or driver will not migrate to new OS | The currently installed version of an application or driver wont migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot. |
| OK to pilot with new driver from Windows Update | Yes | Driver will not migrate to new OS | The currently installed version of a driver wont migrate to the new operating system; however, a newer, compatible version is available from Windows Update. | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.

265
windows/deploy/upgrade-readiness-deployment-script.md Normal file
View File

@ -0,0 +1,265 @@
---
title: Upgrade Readiness deployment script (Windows 10)
description: Deployment script for Upgrade Readiness.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
---
# Upgrade Readiness deployment script
To automate the steps provided in [Get started with Upgrade Readiness](upgrade-readiness-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
>[!IMPORTANT]
>Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution.
For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
> The following guidance applies to version 11.11.16 or later of the Upgrade Readiness deployment script. If you are using an older version, please download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
The Upgrade Readiness deployment script does the following:
1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
2. Verifies that user computers can send data to Microsoft.
3. Checks whether the computer has a pending restart.  
4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
5. If enabled, turns on verbose mode for troubleshooting.
6. Initiates the collection of the telemetry data that Microsoft needs to assess your organizations upgrade readiness.
7. If enabled, displays the scripts progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
To run the Upgrade Readiness deployment script:
1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
2. Edit the following parameters in RunConfig.bat:
1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
2. Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
> *logMode = 0 log to console only*
>
> *logMode = 1 log to file and console*
>
> *logMode = 2 log to file only*
3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
> *IEOptInLevel = 0 Internet Explorer data collection is disabled*
>
> *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
>
> *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
>
> *IEOptInLevel = 3 Data collection is enabled for all sites*
4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
<div style='font-size:8.0pt'>
<TABLE border=1 cellspacing=0 cellpadding=0>
<TR><TD BGCOLOR="#a0e4fa" width=5>Exit code</TD>
<TD BGCOLOR="#a0e4fa">Meaning
<TD BGCOLOR="#a0e4fa">Suggested fix
<TR><TD>0</TD>
<TD>Success
<TD>N/A
<TR><TD>1</TD>
<TD>Unexpected error occurred while executing the script.
<TD> The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
<TR><TD>2</TD>
<TD>Error when logging to console. $logMode = 0.<BR>(console only)
<TD>Try changing the $logMode value to **1** and try again.<BR>$logMode value 1 logs to both console and file.
<TR><TD>3</TD>
<TD>Error when logging to console and file. $logMode = 1.
<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>4</TD>
<TD>Error when logging to file. $logMode = 2.
<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>5</TD>
<TD>Error when logging to console and file. $logMode = unknown.
<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>6</TD>
<TD>The commercialID parameter is set to unknown. <BR>Modify the runConfig.bat file to set the CommercialID value.
<TD>The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace.
<BR>See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace.
<TR><TD>8</TD>
<TD>Failure to create registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>The Commercial Id property is set at the following registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<BR>Verify that the context under which the script in running has access to the registry key.
<TR><TD>9</TD>
<TD>The script failed to write Commercial Id to registry.
<BR>Error creating or updating registry key: **CommercialId** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>Verify that the context under which the script in running has access to the registry key.
<TR><TD>10</TD>
<TD>Error when writing **CommercialDataOptIn** to the registry at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>Verify that the deployment script is running in a context that has access to the registry key.
<TR><TD>11</TD>
<TD>Function **SetupCommercialId** failed with an unexpected exception.
<TD>The **SetupCommercialId** function updates the Commercial Id at the registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div> <BR>Verify that the configuration script has access to this location.
<TR><TD>12</TD>
<TD>Cant connect to Microsoft - Vortex. Check your network/proxy settings.
<TD>**Http Get** on the end points did not return a success exit code.<BR>
For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive.<BR>
For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive.
<BR>If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
<TR><TD>13</TD>
<TD>Cant connect to Microsoft - setting.
<TD>An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
<TR><TD>14</TD>
<TD>Cant connect to Microsoft - compatexchange.
<TD>An error occurred connecting to https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc . This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
<TR><TD>15</TD>
<TD>Function CheckVortexConnectivity failed with an unexpected exception.
<TD>This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Check the logs for the exception message and the HResult.
<TR><TD>16</TD>
<TD>The computer requires a reboot before running the script.
<TD>A reboot is required to complete the installation of the compatibility update and related KBs. Reboot the computer before running the Upgrade Readiness deployment script.
<TR><TD>17</TD>
<TD>Function **CheckRebootRequired** failed with an unexpected exception.
<TD>A reboot is required to complete installation of the compatibility update and related KBs. Check the logs for the exception message and the HResult.
<TR><TD>18</TD>
<TD>Appraiser KBs not installed or **appraiser.dll** not found.
<TD>Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.
<TR><TD>19</TD>
<TD>Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception.
<TD>Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed.
<TR><TD>20</TD>
<TD>An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser**</div>
<TD>The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key.
<TR><TD>21</TD>
<TD>Function **SetRequestAllAppraiserVersions** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>22</TD>
<TD>**RunAppraiser** failed with unexpected exception.
<TD>Check the logs for the exception message and HResult. Check the **%windir%\System32*8 directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file.
<TR><TD>23</TD>
<TD>Error finding system variable **%WINDIR%**.
<TD>Verify that this environment variable is configured on the computer.
<TR><TD>24</TD>
<TD>The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult.
<TR><TD>25</TD>
<TD>The function **SetIEDataOptIn** failed with unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>26</TD>
<TD>The operating system is Server or LTSB SKU.
<TD> The script does not support Server or LTSB SKUs.
<TR><TD>27</TD>
<TD>The script is not running under **System** account.
<TD>The Upgrade Readiness configuration script must be run as **System**.
<TR><TD>28</TD>
<TD>Could not create log file at the specified **logPath**.
<TD> Make sure the deployment script has access to the location specified in the **logPath** parameter.
<TR><TD>29</TD>
<TD>Connectivity check failed for proxy authentication.
<TD>Install the cumulative updates on the computer and enable the **DisableEnterpriseAuthProxy** authentication proxy setting.
<BR>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
<TR><TD>30</TD>
<TD>Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled.
<TD>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
<TR><TD>31</TD>
<TD>There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer.
<TD>Use the Windows Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled to run daily at 3 a.m.
<TR><TD>32</TD>
<TD>Appraiser version on the machine is outdated.
<TD>The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1.
<TR><TD>33</TD>
<TD>**CompatTelRunner.exe** exited with an exit code
<TD>**CompatTelRunner.exe** runs the appraise task on the machine. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Please check the logs for more details.
<TR><TD>34</TD>
<TD>Function **CheckProxySettings** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>35</TD>
<TD>Function **CheckAuthProxy** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>36</TD>
<TD>Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>37</TD>
<TD>**Diagnose_internal.cmd** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>38</TD>
<TD>Function **Get-SqmID** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>39</TD>
<TD>For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**</div>
or <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
<TR><TD>40</TD>
<TD>Function **CheckTelemetryOptIn** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>41</TD>
<TD>The script failed to impersonate the currently logged on user.
<TD>The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the logged on user. The script also tries to mimic this, but the process failed.
<TR><TD>42</TD>
<TD>Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>43</TD>
<TD>Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
</TABLE>
</div>

133
windows/deploy/upgrade-readiness-get-started.md Normal file
View File

@ -0,0 +1,133 @@
---
title: Get started with Upgrade Readiness (Windows 10)
description: Explains how to get started with Upgrade Readiness.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
---
# Get started with Upgrade Readiness
This topic explains how to obtain and configure Upgrade Readiness for your organization.
You can use Upgrade Readiness to plan and manage your upgrade project end-to-end. Upgrade Readiness works by establishing communications between computers in your organization and Microsoft. Upgrade Readiness collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
Before you begin, consider reviewing the following helpful information:<BR>
- [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.<BR>
- [Upgrade Readiness blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness.
>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
When you are ready to begin using Upgrade Readiness, perform the following steps:
1. Review [data collection and privacy](#data-collection-and-privacy) information.
2. [Add Upgrade Readiness to OMS](#add-upgrade-readiness-to-operations-management-suite).
3. [Enable data sharing](#enable-data-sharing).
4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment.
5. [Deploy Upgrade Readiness at scale](#deploy-upgrade-readiness-at-scale).
## Data collection and privacy
To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
## Add Upgrade Readiness to Operations Management Suite
Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
If you are already using OMS, youll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace.
If you are not using OMS:
1. Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organizations Azure administrator.
> If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
1. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solutions details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
2. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens.
### Generate your commercial ID key
Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
1. On the Settings Dashboard, navigate to the **Windows telemetry** panel.
![upgrade-readiness-telemetry](images/upgrade-analytics-telemetry.png)
2. On the Windows telemetry panel, copy and save your commercial ID key. Youll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers.
>**Important**<br> Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, youll need to deploy the new commercial ID key to user computers again.
### Subscribe to Upgrade Readiness
For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Readiness.
1. On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Readiness solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
1. Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Readiness tile now displays summary data. Click the tile to open Upgrade Readiness.
## Enable data sharing
To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
Note: The compatibility update KB runs under the computers system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
## Deploy the compatibility update and related KBs
The compatibility update KB scans your computers and enables application usage tracking. If you dont already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
| **Operating System** | **KBs** |
|----------------------|-----------------------------------------------------------------------------|
| Windows 10 | The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com) <P>Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](upgrade-readiness-requirements.md) for more information. |
| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513. |
| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2952664 must be installed before you can download and install KB3150513. |
IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
If you are planning to enable IE Site Discovery, you will need to install a few additional KBs.
| **Site discovery** | **KB** |
|----------------------|-----------------------------------------------------------------------------|
| [Review site discovery](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-additional-insights#site-discovery) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. |
### Deploy the Upgrade Readiness deployment script
You can use the Upgrade Readiness deployment script to automate and verify your deployment.
See [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed.
>After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Readiness. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Readiness. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
## Deploy Upgrade Readiness at scale
When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization.
### Automate data collection
To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
- Schedule the Upgrade Readiness deployment script to automatically run so that you dont have to manually initiate an inventory scan each time the compatibility update KBs are updated.
- Schedule monthly user computer scans to view monthly active computer and usage information.
>When you run the deployment script, it initiates a full scan. The daily scheduled task to capture the deltas are created when the update package is installed. A full scan averages to about 2 MB, but the delta scans are very small. For Windows 10 devices, its already part of the OS. This is the **Windows Compat Appraiser** task. Deltas are invoked via the nightly scheduled task. It attempts to run around 3AM, but if system is off at that time, the task will run when the system is turned on.
### Distribute the deployment script at scale
Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see the [Upgrade Readiness blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).

36
windows/deploy/upgrade-readiness-identify-apps.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Upgrade Readiness - Identify important apps (Windows 10)
description: Describes how to prepare your environment so that you can use Upgrade Readiness to manage Windows upgrades.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness - Step 1: Identify important apps
This is the first step of the Upgrade Readiness workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image5.png" width="213" height="345" />
-->
![Prioritize applications](images/upgrade-analytics-prioritize.png)
Select **Assign importance** to change an applications importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
To change an applications importance level:
1. Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level.
2. Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
3. Click **Save** when finished.
Importance levels include:
| Importance level | When to use it | Recommendation |
|--------------------|------------------|------------------|
| Low install count | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.<br><br> |
| Not reviewed | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.<br><br> | Once youve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns. |
| Business critical | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organizations functioning, mark it **Business critical**. <br><br> | You may also want to change the applications status to **Review in progress** in the **UpgradeDecision** column to let other team members know that youre working on getting this business critical application upgrade-ready. Once youve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Important | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organizations functioning, mark it **Important**. | You may also want to change the applications status to **Review in progress** in the **UpgradeDecision** column to let other team members know that youre working on getting this important application upgrade-ready. Once youve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Ignore | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organizations functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br> | Set the applications importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**. By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.<br><br> |
| Review in progress | Once youve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br> | As you learn more about the applications importance to your organizations functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until youve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br> |

5
windows/deploy/upgrade-readiness-release-notes.md Normal file
View File

@ -0,0 +1,5 @@
---
title: Upgrade Readiness release notes (Windows 10)
description: Provides tips and limitations about Upgrade Readiness.
redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
---

95
windows/deploy/upgrade-readiness-requirements.md Normal file
View File

@ -0,0 +1,95 @@
---
title: Upgrade Readiness requirements (Windows 10)
description: Provides requirements for Upgrade Readiness.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness requirements
This article introduces concepts and steps needed to get up and running with Upgrade Readiness. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Readiness.
## Supported upgrade paths
### Windows 7 and Windows 8.1
To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Readiness performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
Note: Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
### Windows 10
Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com).
Windows 10 LTSB is not supported by Upgrade Readiness. The LTSB (long term servicing branch) of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#long-term-servicing-branch) to understand more about LTSB.
## Operations Management Suite
Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
If youre already using OMS, youll find Upgrade Readiness in the Solutions Gallery. Click the Upgrade Readiness tile in the gallery and then click Add on the solutions details page. Upgrade Readiness is now visible in your workspace.
If you are not using OMS, go to the [Upgrade Readiness page](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) on Microsoft.com and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, youll create an OMS workspace and add the Upgrade Readiness solution to it.
Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions.
## System Center Configuration Manager integration
Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
## Telemetry and data sharing
After youve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, youll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness.
See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, youll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
`https://v10.vortex-win.data.microsoft.com/collect/v1`<BR>
`https://vortex-win.data.microsoft.com/health/keepalive`<BR>
`https://settings.data.microsoft.com/qos`<BR>
`https://go.microsoft.com/fwlink/?LinkID=544713`<BR>
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`<BR>
>**Note** The compatibility update KB runs under the computers system account and does not support user authentication in this release.
**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. Youll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as youll need it later.
**Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, youll need to subscribe your OMS workspace to Upgrade Readiness.
**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organizations upgrade readiness, communication must be established between Upgrade Readiness and user computers. Youll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication.
**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you dont already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
>**Important**<br> The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated.
**Configure and deploy Upgrade Readiness deployment script.** Configure and deploy the Upgrade Readiness deployment script to user computers to finish setting up.
## Important information about this release
Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
**Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. Were adding support for additional regions and well update this information when new international regions are supported.
### Tips
- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
## Get started
See [Get started with Upgrade Readiness](upgrade-readiness-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Readiness and getting started on your Windows upgrade project.

152
windows/deploy/upgrade-readiness-resolve-issues.md Normal file
View File

@ -0,0 +1,152 @@
---
title: Upgrade Readiness - Resolve application and driver issues (Windows 10)
description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness - Step 2: Resolve app and driver issues
This section of the Upgrade Readiness workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
You can change an applications upgrade decision and a drivers upgrade decision from the blades in this section. To change an applications or a drivers importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
Upgrade decisions include:
| Upgrade decision | When to use it | Guidance |
|--------------------|-------------------|-------------|
| Not reviewed | All drivers are marked as Not reviewed by default.<br><br>Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default. <br> | Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br> |
| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.<br><br>Until youve determined that applications and drivers will migrate successfully or youve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once youve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once youve resolved all blocking issues and youre confident that they will upgrade successfully, or if youve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.<br><br>In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br> |
| Wont upgrade | By default, no applications or drivers are marked **Wont upgrade** because only you can make that determination. <br><br>Use **Wont upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.<br> | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Wont upgrade**. <br><br> |
The blades in the **Resolve issues** section are:
- Review applications with known issues
- Review applications with no known issues
- Review drivers with known issues
As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
## Review applications with known issues
Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image6.png" width="192" height="321" />
-->
![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png)
To change an application's upgrade decision:
1. Select **Decide upgrade readiness** to view applications with issues.
2. In the table view, select an **UpgradeDecision** value.
3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
5. Click **Save** when finished.
IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
|--------------------|-----------------------------------|-----------|-----------------|------------|
| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system. <br> | No action is required for the upgrade to proceed. |
| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br> | Remove the application before upgrading, and reinstall and test on new operating system. |
| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.<br> |
| Attention needed | No | Does not work with new OS, but wont block upgrade | The application is not compatible with the new operating system, but wont block the upgrade. | No action is required for the upgrade to proceed, however, youll have to install a compatible version of the application on the new operating system.<br> |
| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading. <br><br>A compatible version of the application may be available.<br> |
| Attention needed | Yes | May block upgrade, test application | Issues were detected that may interfere with the upgrade, but need to be investigated further.<br> | Test the applications behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.<br> |
| Attention needed | Maybe | Multiple | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
|--------------------|-----------------------------------|----------|-----------------|-------------|
| Fix available | Yes | Blocking upgrade, update application to newest version | The existing version of the application is not compatible with the new operating system and wont migrate. A compatible version of the application is available. | Update the application before upgrading. |
| Fix available | No | Reinstall application after upgrading | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.<br> | No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
| Fix available | Yes | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but wont migrate. | Remove the application before upgrading and reinstall on the new operating system.<br> |
| Fix available | Yes | Disk encryption blocking upgrade | The applications encryption features are blocking the upgrade. | Disable the encryption feature before upgrading and enable it again after upgrading.<br> |
### ISV support for applications with Ready for Windows
[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/).
Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example:
![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png)
If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png)
If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows.
![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png)
>[!TIP]
>Within the Upgrade Readiness data model, an object of Type **UAApp** refers to a particular application installed on a specific computer.
>To support dynamic aggregation and summation of data the Upgrade Readiness solution "rolls up" (aggregates) data in preprocessing. Rolling up to the **Granular** level enables display of the **App** level. In Upgrade Readiness terminology, an **App** is a unique combination of: app name, app vendor, app version, and app language. Thus, at the Granular level, you can see attributes such as **total install count**, which is the number of machines with a specific **App** installed.
>Upgrade Readiness also has a roll up level of **NamePublisher**, This level enables you to ignore different app versions within your organization for a particular app. In other words, **NamePublisher** displays statistics about a given app, aggregated across all versions.
The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses)
| Ready for Windows Status | Query rollup level | What this means | Guidance |
|-------------------|--------------------------|-----------------|----------|
|Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. |
| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.|
|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
## Review applications with no known issues
Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png)
Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates.
To change an application's upgrade decision:
1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table.
2. Select **User changes** to change the upgrade decision for each application.
3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
4. Click **Save** when finished.
## Review drivers with known issues
Drivers that wont migrate to the new operating system are listed, grouped by availability.
![Review drivers with known issues](images/upgrade-analytics-drivers-known.png)
Availability categories are explained in the table below.
| Driver availability | Action required before or after upgrade? | What it means | Guidance |
|-----------------------|------------------------------------------|----------------|--------------|
| Available in-box | No, for awareness only | The currently installed version of an application or driver wont migrate to the new operating system; however, a compatible version is installed with the new operating system.<br> | No action is required for the upgrade to proceed. |
| Import from Windows Update | Yes | The currently installed version of a driver wont migrate to the new operating system; however, a compatible version is available from Windows Update.<br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
| Available in-box and from Windows Update | Yes | The currently installed version of a driver wont migrate to the new operating system. <br><br>Although a new driver is installed during upgrade, a newer version is available from Windows Update. <br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
| Check with vendor | Yes | The driver wont migrate to the new operating system and we are unable to locate a compatible version. <br> | Check with the independent hardware vendor (IHV) who manufactures the driver for a solution. |
To change a drivers upgrade decision:
1. Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
2. Select **User changes** to enable user input.
3. Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
4. Click **Save** when finished.

62
windows/deploy/upgrade-readiness-upgrade-overview.md Normal file
View File

@ -0,0 +1,62 @@
---
title: Upgrade Readiness - Upgrade Overview (Windows 10)
description: Displays the total count of computers sharing data and upgraded.
ms.prod: w10
author: greg-lindsay
---
# Upgrade Readiness - Upgrade overview
The first blade in the Upgrade Readiness solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The upgrade overview blade also displays the current target OS version. For more information about the target OS version, see [target version](use-upgrade-readiness-to-manage-windows-upgrades.md).
The following color-coded status changes are reflected on the upgrade overview blade:
- The "Last updated" banner:
- No delay in processing device inventory data = "Last updated" banner is displayed in green.
- Delay processing device inventory data = "Last updated" banner is displayed in amber.
- Computers with incomplete data:
- Less than 4% = Count is displayed in black.
- 4% - 10% = Count is displayed in amber.
- Greater than 10% = Count is displayed in red.
- User changes:
- Pending user changes = User changes count displays "Data refresh pending" in amber.
- No pending user changes = User changes count displays "Up to date" in green.
- Target version:
- If the current value matches the recommended value, the version is displayed in green.
- If the current value is an older OS version than the recommended value, but not deprecated, the version is displayed in amber.
- If the current value is a deprecated OS version, the version is displayed in red.
In the following example, there is no delay in data processing, less than 4% of computers (6k\294k) have incomplete data, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
![Upgrade overview](images/ur-overview.png)
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
<img src="media/image3.png" width="214" height="345" />
-->
If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center.
Select **Total computers** for a list of computers and details about them, including:
- Computer ID and computer name
- Computer manufacturer
- Computer model
- Operating system version and build
- Count of system requirement, application, and driver issues per computer
- Upgrade assessment based on analysis of computer telemetry data
- Upgrade decision status
Select **Total applications** for a list of applications discovered on user computers and details about them, including:
- Application vendor
- Application version
- Count of computers the application is installed on
- Count of computers that opened the application at least once in the past 30 days
- Percentage of computers in your total computer inventory that opened the application in the past 30 days
- Issues detected, if any
- Upgrade assessment based on analysis of application data
- Rollup level

50
windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
View File

@ -1,52 +1,4 @@
---
title: Use Upgrade Analytics to manage Windows upgrades (Windows 10)
description: Describes how to use Upgrade Analytics to manage Windows upgrades.
ms.prod: w10
author: greg-lindsay
redirect_url: use-upgrade-readiness-to-manage-windows-upgrades
---
# Use Upgrade Analytics to manage Windows upgrades
You can use Upgrade Analytics to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Analytics enables you to deploy Windows with confidence, knowing that youve addressed potential blocking issues.
- Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organizations upgrade readiness.
- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks.
<A HREF="images/ua-cg-15.png">![Workflow](images/ua-cg-15.png)</A>
Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
>**Important**: You can use the [Target OS](#target-os) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Analytics workflow. By default, the Target OS is configured to the released version of Windows 10 for the Current Branch for Business (CBB).
The following information and workflow is provided:
- [Upgrade overview](upgrade-analytics-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers.
- [Step 1: Identify important apps](upgrade-analytics-identify-apps.md): Assign importance levels to prioritize your applications.
- [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md): Identify and resolve problems with applications.
- [Step 3: Deploy](upgrade-analytics-deploy-windows.md): Start the upgrade process.
Also see the following topic for information about additional items that can be affected by the upgrade process:
- [Additional insights](upgrade-analytics-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity.
## Target OS
The target OS setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version.
As mentioned previously, the default target OS in Upgrade Analytics is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target OS setting is used to evaluate the number of computers that are already running this version of Windows, or a later version.
The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target OS. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Analytics is based on the target OS version.
You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
To change the target OS setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Analytics solution:
![Target OS](images/ua-cg-08.png)
>You must be signed in to Upgrade Analytics as an administrator to view settings.
On the **Upgrade Analytics Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target OS setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
![Target OS](images/ua-cg-09.png)

54
windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md Normal file
View File

@ -0,0 +1,54 @@
---
title: Use Upgrade Readiness to manage Windows upgrades (Windows 10)
description: Describes how to use Upgrade Readiness to manage Windows upgrades.
ms.prod: w10
author: greg-lindsay
---
# Use Upgrade Readiness to manage Windows upgrades
You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that youve addressed potential blocking issues.
- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organizations upgrade readiness.
- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks.
<A HREF="images/ua-cg-15.png">![Workflow](images/ua-cg-15.png)</A>
Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
>**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB).
The following information and workflow is provided:
- [Upgrade overview](upgrade-readiness-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers.
- [Step 1: Identify important apps](upgrade-readiness-identify-apps.md): Assign importance levels to prioritize your applications.
- [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md): Identify and resolve problems with applications.
- [Step 3: Deploy](upgrade-readiness-deploy-windows.md): Start the upgrade process.
Also see the following topic for information about additional items that can be affected by the upgrade process:
- [Additional insights](upgrade-readiness-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity.
## Target version
The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example:
![Target version](images/ur-target-version.png)
As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version.
The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version.
You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution:
![Target version](images/ua-cg-08.png)
>You must be signed in to Upgrade Readiness as an administrator to view settings.
On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
![Target version](images/ua-cg-09.png)

41
windows/keep-secure/TOC.md
View File

@ -722,6 +722,7 @@
#### [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md)
### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
#### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
#### [Preview features](preview-windows-defender-advanced-threat-protection.md)
#### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
#### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
#### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
@ -738,18 +739,50 @@
##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
###### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
###### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
###### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
##### [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
###### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
##### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
###### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
####### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
####### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
####### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
####### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
####### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
####### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
####### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
####### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
######## [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
######## [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
######## [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
#### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
#### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
#### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)

30
windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md Normal file
View File

@ -0,0 +1,30 @@
---
title: Turn on advanced features in Windows Defender Advanced Threat Protection
description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
keywords: advanced features, preferences setup, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Turn on advanced features in Windows Defender ATP
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
1. In the navigation pane, select **Preferences setup** > **Advanced features**.
2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
3. Click **Save preferences**.
## Related topics
- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)

100
windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
View File

@ -21,55 +21,99 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in queues according to their current status.
The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In any of the queues, you'll see details such as the severity of alerts and the number of machines where the alerts were seen.
Alerts are organized in queues by their workflow status or assignment:
- **New**
- **In progress**
- **Resolved**
- **Assigned to me**
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
> [!NOTE]
> By default, the queues are sorted from newest to oldest.
The following table and screenshot demonstrate the main areas of the **Alerts queue**.
## Sort and filter the alerts
You can sort and filter the alerts by using the available filters or clicking columns that allows you to sort the view in ascending or descending order.
![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq2.png)
![Alerts queue with numbers](images/alerts-queue-numbered.png)
Highlighted area|Area name|Description
:---|:---|:---
(1)|**Alerts queue**| Select to show **New**, **In Progress**, or **Resolved alerts**
(2)|Alerts|Each alert shows:<ul><li>The severity of an alert as a colored bar</li><li>A short description of the alert, including the name of the threat actor (in cases where the attribution is possible)</li><li>The last occurrence of the alert on any machine</li><li>The number of days the alert has been in the queue</li><li>The severity of the alert</li><li>The general category or type of alert, or the alert's kill-chain stage</li><li>The affected machine (if there are multiple machines, the number of affected machines will be shown)</li><li>A **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) that allows you to update the alert's status and add comments</li></ul>Clicking an alert expands to display more information about the threat and brings you to the date in the timeline when the alert was detected.
(3)|Alerts sorting and filters | You can sort alerts by: <ul><li>**Newest** (when the threat was last seen on your network)</li><li>**Time in queue** (how long the threat has been in your queue)</li><li>**Severity**</li></ul>You can also filter the displayed alerts by:<ul><li>Severity</li><li>Time period</li></ul>See [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) for more details.
1 | Alert filters | Filter the list of alerts by severity, detection source, time period, or change the view from flat to grouped.
2 | Alert selected | Select an alert to bring up the **Alert management** to manage and see details about the alert.
3 | Alert management pane | View and manage alerts without leaving the alerts queue view.
##Sort and filter the Alerts queue
You can filter and sort (or "pivot") the Alerts queue to identify specific alerts based on certain criteria.
There are three mechanisms to pivot the queue against:
### Sort, filter, and group the alerts list
You can use the following filters to limit the list of alerts displayed during an investigation:
1. Sort the queue by opening the drop-down menu in the **Sort by** field and choosing:
**Severity**</br>
- **Newest** - Sorts alerts based on when the alert was last seen on an endpoint.
- **Time in queue** - Sorts alerts by the length of time an alert has been in the queue.
- **Severity** - Sorts alerts by their level of severity.
Alert severity | Description
:---|:---
High </br>(Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
Informational </br>(Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
2. Filter alerts by their **Severity** by opening the drop-down menu in the **Filter by** field and selecting one or more of the check boxes:
Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
- High (Red) - Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
- Medium (Orange) - Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
- Low (Yellow) - Threats associated with prevalent malware and hack-tools that do not appear to indicate an advanced threat targeting the organization.
3. Limit the queue to see alerts from various set periods by clicking the drop-down menu in the date range field (by default, this is selected as **6 months**):
- **1 day**
- **3 days**
- **7 days**
- **30 days**
- **6 months**
**Detection source**</br>
- Windows Defender AV
- Windows Defender ATP
>[!NOTE]
> You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon ![the sort order icon looks like two arrows on top of each other](images/sort-order-icon.png)
>The Windows Defender AV filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product.
### Related topics
**Time period**</br>
- 1 day
- 3 days
- 7 days
- 30 days
- 6 months
**View**</br>
- **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
- **Grouped view** - Groups alerts by alert ID, file hash, malware family, or other attribute to enable more efficient alert triage and management. Alert grouping reduces the number of rows in the queue by aggregating alerts together.
The group view allows for efficient alert triage and management.
### Use the Alert management pane
Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert.
You can take immediate action on an alert and see details about an alert in the **Alert management** pane:
- Change the status of an alert from new, to in progress, or resolved.
- Specify the alert classification from true alert or false alert.
Selecting true alert displays the **Determination** drop-down list to provide additional information about the true alert:
- APT
- Malware
- Security personnel
- Security testing
- Unwanted software
- Other
- Assign the alert to yourself if the alert is not yet assigned.
- View related activity on the machine.
- Add and view comments about the alert.
>[!NOTE]
>You can also access the **Alert management** pane from the machine details view by selecting an alert in the **Alerts related to this machine** section.
### Bulk edit alerts
Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together, which allows resolving multiple similar alerts in one action.
![Alerts queue bulk edit](images/alerts-q-bulk.png)
## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)

2
windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
View File

@ -1,5 +1,5 @@
---
title: Assign user access to the Windows Defender Advanced Threat Protection portal
title: Assign user access to the Windows Defender ATP portal
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
search.product: eADQiWindows 10XVcnh

55
windows/keep-secure/check-sensor-status-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,55 @@
---
title: Check sensor health state in Windows Defender ATP
description: Check sensor health on machines to see if they are misconfigured or inactive.
keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communication, communication
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Check sensor health state in Windows Defender ATP
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
The sensor health tile provides information on the individual endpoints ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
![Windows Defender ATP sensor health tile](images/atp-sensor-health-filter.png)
There are two status indicators on the tile that provide information on the number of machines that are not reporting properly to the service:
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
Clicking any of the groups directs you to Machines view, filtered according to your choice.
![Windows Defender ATP sensor filter](images/atp-sensor-filter.png)
You can filter the health state list by the following status:
- **Active** - Machines that are actively reporting to the Windows Defender ATP service.
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service.
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues:
- **No sensor data** - Machines has stopped sending sensor data. Limited alerts can be triggered from the machine.
- **Impaired communication** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work.
You can view the machine details when you click on a misconfigured or inactive machine. Youll see more specific machine information when you click the information icon.
![Windows Defender ATP sensor filter](images/atp-machine-health-details.png)
In the **Machines view**, you can download a full list of all the machines in your organization in a CSV format. To download, click the **Manage Alert** menu icon on the top corner of the page.
>[!NOTE]
>Export the list in CSV format to display the unfiltered data. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is.
## Related topic
- [Fix unhealthy sensors in Windows Defender ATP](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)

7
windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md
View File

@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high
---
# Configure email notifications
# Configure email notifications in Windows Defender ATP
**Applies to:**
@ -61,3 +61,8 @@ This section lists various issues that you may encounter when using email notifi
1. Check that the Windows Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk.
2. Check that your email security product is not blocking the email notifications from Windows Defender ATP.
3. Check your email application rules that might be catching and moving your Windows Defender ATP email notifications.
## Related topics
- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)

2
windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
View File

@ -1,5 +1,5 @@
---
title: Configure Windows Defender ATP endpoints using Mobile Device Management tools
title: Configure endpoints using Mobile Device Management tools
description: Use Mobile Device Management tools to deploy the configuration package on endpoints so that they are onboarded to the service.
keywords: configure endpoints using mdm, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, mdm
search.product: eADQiWindows 10XVcnh

2
windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
View File

@ -1,5 +1,5 @@
---
title: Configure Windows Defender ATP endpoints using System Center Configuration Manager
title: Configure endpoints using System Center Configuration Manager
description: Use System Center Configuration Manager to deploy the configuration package on endpoints so that they are onboarded to the service.
keywords: configure endpoints using sccm, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm
search.product: eADQiWindows 10XVcnh

2
windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
---
title: Configure Windows Defender ATP endpoints
description: Configure endpoints so that they are onboarded to the service.
description: Configure endpoints so that they can send sensor data to the Windows Defender ATP sensor.
keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
search.product: eADQiWindows 10XVcnh
ms.prod: w10

2
windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
View File

@ -1,5 +1,5 @@
---
title: Configure Windows Defender ATP endpoint proxy and Internet connection settings
title: Configure endpoint proxy and Internet connection settings
description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
search.product: eADQiWindows 10XVcnh

17
windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Configure security information and events management tools
description: Configure supported security information and events management tools to receive and consume alerts.
keywords: configure siem, security information and events management tools, splunk, arcsight
title: Consume alerts and create custom indicators in Windows Defender Advanced Threat Protection
description: Learn how to configure supported security information and events management tools to receive and consume alerts and create custom indicators using REST API.
keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high
---
# Configure security information and events management (SIEM) tools to consume alerts
# Consume alerts and create custom indicators
**Applies to:**
@ -21,7 +21,9 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Windows Defender ATP supports security information and events management (SIEM) tools to consume alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to get alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
## Consume alerts using supported security information and events management (SIEM) tools
Windows Defender ATP supports (SIEM) tools to consume alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to get alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
Windows Defender ATP currently supports the following SIEM tools:
@ -35,6 +37,11 @@ To use either of these supported SIEM tools you'll need to:
- [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
## Create custom threat indicators in Windows Defender ATP
You can also create custom threat indicators using the available REST API so that you can create specific alerts that are applicable to your organization.
For more information, see [Create custom threat indicators (TI) using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md).
## In this section
Topic | Description

357
windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,357 @@
---
title: Create custom threat intelligence using REST API in Windows Defender ATP
description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Create custom alerts using the threat intelligence (TI) Application program interface (API)
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to create specific alerts that are applicable to your organization.
## Before you begin
Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
### Use the threat intelligence REST APIs to create custom threat intelligence alerts
You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource, you call and specify the resource URLs using one of the following operations:
- GET
- POST
- PATCH
- PUT (used for managing entities relations only)
- DELETE
All threat intelligence API requests use the following basic URL pattern:
```
https://TI.SecurityCenter.Windows.com/{version}/{resource}?[query_parameters]
```
For this URL:
- `https://TI.SecurityCenter.Windows.com` is the threat intelligence API endpoint.
- `{version}` is the target service version. Currently, the only supported version is: v1.0.
- `{resource}` is resource segment or path, such as:
- AlertDefinitions (for specific single resource, add: (id))
- IndicatorsOfCompromise (for specific single resource, add: (id))
- `[query_parameters]` represents additional query parameters such as $filter and $select.
**Quotas**</br>
Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage).
## Threat intelligence API metadata
The metadata document ($metadata) is published at the service root.
For example, you can view the service document for the v1.0 version using the following URL:
```
https://TI.SecurityCenter.Windows.com/v1.0/$metadata
```
The metadata allows you to see and understand the data model of the custom threat intelligence, including the entity types and sets, complex types, and enums that make up the request and response packets sent to and from the threat intelligence API.
You can use the metadata to understand the relationships between entities in the custom threat intelligence and establish URLs that navigate between entities.
The following sections show a few basic programming pattern calls to the threat intelligence API.
## Create new resource
Typically, you'd need to create an alert definition to start creating custom threat intelligence. An ID is created for that alert definition.
You can then proceed to create an indicator of compromise and associate it to the ID of the alert definition.
### Create a new alert definition
```json
POST https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions HTTP/1.1
Authorization: Bearer <access_token>
Content-Type: application/json;
{
"Name": " The name of the alert definition. Does not appear in the portal. Max length: 100 ",
"Severity": "Low",
"InternalDescription": "Internal description for the alert definition. Does not appear in the portal. Max length: 350",
"Title": "A short, one sentence, description of the alert definition. Max length: 120",
"UxDescription": "Max length: 500",
"RecommendedAction": "Custom text to explain what should be done in case of detection. Max length: 2000",
"Category": "Category from the metadata",
"Enabled": true
}
```
The following values correspond to the alert sections surfaced on the Windows Defender ATP portal:
![Image of alert from the portal](images/atp-custom-ti-mapping.png)
Highlighted section | JSON key name
:---:|:---
1 | Title
2 | Severity
3 | Category
4 | UX description
5 | Recommended Action
If successful, you should get a 201 CREATED response containing the representation of the newly created alert definition, for example:
```json
"Name": "Connection to restricted company IP address",
"Severity": "Low",
"InternalDescription": "Unusual connection to restricted IP from production machine",
"Title": "Connection to restricted company IP address",
"UxDescription": "Any connection to this IP address from a production machine should be suspicious. Only special build machines should access this IP address.",
"RecommendedAction": "Isolate machine immediately and contact machine owner for awareness.",
"Category": "Trojan",
"Id": 2,
"CreatedAt": "2017-02-01T10:46:22.08Z",
"CreatedBy": "User1",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
```
### Create a new indicator of compromise
```json
POST https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise HTTP/1.1
Authorization: Bearer <access_token>
Content-Type: application/json;
{
"Type": "SHA1",
"Value": "8311e8b377736fb93b18b15372355f3f26c4cd29",
"DetectionFunction": "Equals",
"Enabled": true,
"AlertDefinition@odata.bind": "AlertDefinitions(1)"
}
```
If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload.
## Bulk upload of alert definitions and IOCs
Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br>
>[!WARNING]
>- This operation is atomic. The entire operation can either succeed or fail. If one alert definition or IOC has a malformed property, the entire upload will fail.
>- If your upload exceeds the IOCs or alert definitions quota, the entire operation will fail. Consider limiting your uploads.
The requests body should contain a single JSON object with a single field. The name of the field in the case that the entity is alert definition is `alertDefinitions` and in the case of IOC is `iocs`. This fields value should contain a list of the desired entities.
For example:
Sending an HTTP POST to https://TI.SecurityCenter.Windows.com/V1.0/IndicatorsOfCompromise/Actions.BulkUpload
JSON Body:
```json
{
"iocs": [{
"Type": "SHA1",
"Value": "b68e0b50420dbb03cb8e56a927105bf4b06f3793",
"DetectionFunction": "Equals",
"Enabled": true,
"AlertDefinition@odata.bind": "AlertDefinitions(1)"
},
{
"Type": "SHA1",
"Value": "b68e0b50420dbb03cb8e56a927105bf4b06f3793",
"DetectionFunction": "Equals",
"Enabled": true,
"AlertDefinition@odata.bind": "AlertDefinitions(1)"
}
]
}
```
>[!NOTE]
> - Max bulk size is 5000 entities
## Read existing data
### Get a specific resource
```json
GET https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise(1) HTTP/1.1
Authorization: Bearer <access_token>
Accept: application/json;odata.metadata=none
```
If successful, you should get a 200 OK response containing a single indicator of compromise representation (for the specified ID) in the payload, as shown as follows:
```json
HTTP/1.1 200 OK
content - type: application/json;odata.metadata = none
{
"value": [{
"Type": "SHA1",
"Value": "abcdeabcde1212121212abcdeabcde1212121212",
"DetectionFunction": "Equals",
"ExpiresAt": null,
"Id": 1,
"CreatedAt": "2016-12-05T15:51:02Z",
"CreatedBy": "user2@Company1.contoso.com",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
}]
}
```
### Get the entire collection of entities of a given resource
```
GET https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions HTTP/1.1
Authorization: Bearer <access_token>
```
If successful, you should get a 200 OK response containing the collection of alert definitions representation in the payload, as shown as follows:
```json
HTTP/1.1 200 OK
content - type: application / json;odata.metadata = none
{
"@odata.context": "https://TI.SecurityCenter.Windows.com/V1.0/$metadata#AlertDefinitions",
"value": [{
"Name": "Demo alert definition",
"Severity": "Medium",
"InternalDescription": "Some description",
"Title": "Demo short ux description",
"UxDescription": "Demo ux description",
"RecommendedAction": "Actions",
"Category": "Malware",
"Id": 1,
"CreatedAt": "2016-12-05T15:50:53Z",
"CreatedBy": "user@Company1.contoso.com",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
},
{
"Name": "Demo alert definition 2",
"Severity": "Low",
"InternalDescription": "Some description",
"Title": "Demo short ux description2",
"UxDescription": "Demo ux description2",
"RecommendedAction": null,
"Category": "Malware",
"Id": 2,
"CreatedAt": "2016-12-06T13:30:00Z",
"CreatedBy": "user2@Company1.contoso.com",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
}
]
}
```
## Update an existing resource
You can use the same pattern for both full and partial updates.
```json
PATCH https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions(2) HTTP/1.1
Authorization: Bearer <access_token>
Content-Type: application/json;
Accept: application/json;odata.metadata=none
{
"Category": "Backdoor",
"Enabled": false
}
```
If successful, you should get a 200 OK response containing the updated alert definition representation (per the specified ID) in the payload.
## Update the association (relation) between an indicator of compromise to a different alert definition
```json
PUT https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise(3)/AlertDefinition/$ref HTTP/1.1
Authorization : Bearer <access_token>
Content-Type: application/json;
{
"@odata.id": "https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions(6)"
}
```
## Delete a resource
```
DELETE https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise(1) HTTP/1.1
Authorization: Bearer <access_token>
```
If successful, you should get a 204 NO CONTENT response.
>[!NOTE]
> - Deleting an alert definition also deletes its corresponding IOCs.
> - Deleting an IOC or an alert definition will not delete or hide past alerts matching the alert definition. However, deleting an alert definition and creating a new one with the exact same metadata will result in new alerts in the portal. It's not advised to delete an alert definition and create a new one with the same content.
## Delete all
You can use the HTTP DELETE method sent to the relevant source to delete all resources.
```
DELETE https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise HTTP/1.1
Authorization : Bearer <access_token>
```
If successful, you should get a 204 NO CONTENT response.
## Delete all IOCs connected to a given alert definition
This action will delete all the IOCs associated with a given alert definition without deleting the alert definition itself.
For example, deleting all of the IOCs associated with the alert definition with ID `1` deletes all those IOCs without deleting the alert definition itself.
Send an HTTP POST to `https://TI.SecurityCenter.Windows.com/V1.0/AlertDefinitions(1)/Actions.DeleteIOCs`.
Upon a successful request the response will be HTTP 204.
>[!NOTE]
> As with all OData actions, this action is sending an HTTP POST request not DELETE.
## Windows Defender ATP optional query parameters
The Windows Defender ATP threat intelligence API provides several optional query parameters that you can use to specify and control the amount of data returned in a response. The threat intelligence API supports the following query options:
Name | Value | Description
:---|:---|:--
$select | string | Comma-separated list of properties to include in the response.
$expand | string | Comma-separated list of relationships to expand and include in the response.
$orderby | string | Comma-separated list of properties that are used to sort the order of items in the response collection.
$filter | string | Filters the response based on a set of criteria.
$top | int | The number of items to return in a result set.
$skip | int | The number of items to skip in a result set.
$count | boolean | A collection and the number of items in the collection.
These parameters are compatible with the [OData V4 query language](http://docs.oasis-open.org/odata/odata/v4.0/errata03/os/complete/part2-url-conventions/odata-v4.0-errata03-os-part2-url-conventions-complete.html#_Toc453752356).
## Code examples
The following articles provide detailed code examples that demonstrate how to use the custom threat intelligence API in several programming languages:
- PowerShell code examples
- Python code examples
## Related topics
- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)

53
windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
View File

@ -21,6 +21,8 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
The **Dashboard** displays a snapshot of:
- The latest active alerts on your network
@ -33,7 +35,7 @@ You can explore and investigate alerts and machines to quickly determine if, whe
From the **Dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators.
It also has clickable tiles that give visual cues on the overall health status of your organization. Each tile opens a detailed view of the corresponding overview.
It also has clickable tiles that give visual cues on the overall health state of your organization. Each tile opens a detailed view of the corresponding overview.
## ATP alerts
You can view the overall number of active ATP alerts from the last 30 days in your network from the **ATP alerts** tile. Alerts are grouped into **New** and **In progress**.
@ -42,30 +44,25 @@ You can view the overall number of active ATP alerts from the last 30 days in yo
Each group is further sub-categorized into their corresponding alert severity levels. Click the number of alerts inside each alert ring to see a sorted view of that category's queue (**New** or **In progress**).
For more information see, [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md).
For more information see, [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see, [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md).
The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see, [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
## Machines at risk
This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/machines-at-risk.png)
![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/atp-machines-at-risk.png)
Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
## Status
The **Status** tile informs you if the service is active or if there are issues and the unique number of machines (endpoints) reporting to the service over the past 30 days.
## Users at risk
The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
![The Status tile shows an overall indicator of the service and the total number of machines reporting to the service](images/status-tile.png)
![User accounts at risk tile shows a list of user accounts with the highest number of alerts and a breakdown of the severity of the alerts](images/atp-users-at-risk.png)
For more information on the service status, see [Check the Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md).
## Machines reporting
The **Machines reporting** tile shows a bar graph that represents the number of machines reporting alerts daily. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
![The Machines reporting tile shows the number of machines reporting each day for the past 30 days](images/machines-reporting-tile.png)
Click the user account to see details about the user account. For more information see [Investigate a user entity in Windows Defender Advanced Threat Protection]
## Machines with active malware detections
The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender.
@ -91,11 +88,37 @@ Clicking on any of these categories will navigate to the [Machines view](investi
> [!NOTE]
> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
### Related topics
## Sensor health
The **Sensor health** tile provides information on the individual endpoints ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
![Sensor health tile](images/atp-tile-sensor-health.png)
There are two status indicators that provide information on the number of machines that are not reporting properly to the service:
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
- **Misconfigured** These machines might partially be reporting telemetry to the Windows Defender ATP service and might have configuration errors that need to be corrected.
When you click any of the groups, youll be directed to machines view, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
## Service health
The **Service health** tile informs you if the service is active or if there are issues.
![The Service health tile shows an overall indicator of the service](images/status-tile.png)
For more information on the service status, see [Check the Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md).
## Daily machines reporting
The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting alerts daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
![The Machines reporting tile shows the number of machines reporting each day for the past 30 days](images/machines-reporting-tile.png)
## Related topics
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)

2
windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender compatibility
description: Learn about how Windows Defender works with Windows Defender ATP.
description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used.
keywords: windows defender compatibility, defender, windows defender atp
search.product: eADQiWindows 10XVcnh
ms.prod: w10

45
windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,45 @@
---
title: Enable the custom threat intelligence application in Windows Defender ATP
description: Enable the custom threat intelligence application in Windows Defender ATP so that you can create custom threat intelligence using REST API.
keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Enable the custom threat intelligence application
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values.
3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
>[!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
>For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
4. Select **Generate tokens** to get an access and refresh token.
Youll need to use the access token in the Authorization header when doing REST API calls.
## Related topics
- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
- [Create custom threat intelligence](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)

80
windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,80 @@
---
title: Fix unhealthy sensors in Windows Defender ATP
description: Fix machine sensors that are reporting as misconfigured or inactive.
keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communication, communication
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Fix unhealthy sensors in Windows Defender ATP
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Machines that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a machine to be categorized as inactive or misconfigured.
## Inactive machines
An inactive machine is not necessarily flagged due to an issue. The following actions taken on a machine can cause a machine to be categorized as inactive:
**Machine is not in use**</br>
If the machine has not been in use for more than 7 days for any reason, it will remain in an Inactive status in the portal.
**Machine was reinstalled or renamed**</br>
A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an Inactive status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
**Machine was offboarded**</br>
If the machine was offboarded it will still appear in machines view. After 7 days, the machine health state should change to inactive.
Do you expect a machine to be in Active status? [Open a CSS ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
## Misconfigured machines
Misconfigured machines can further be classified to:
- Impaired communication
- No sensor data
### Impaired communication
This status indicates that there's limited communication between the machine and the service.
The following suggested actions can help fix issues related to a misconfigured machine with impaired communication:
- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
- Verify client connectivity to Windows Defender ATP service URLs</br>
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
### No sensor data
A misconfigured machine with status No sensor data has communication with the service but can only report partial sensor data.
Follow theses actions to correct known issues related to a misconfigured machine with status Impaired communication:
- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
- Verify client connectivity to Windows Defender ATP service URLs</br>
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint.
- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy)
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled.
If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
## Related topic
- [Check sensor health state in Windows Defender ATP](check-sensor-status-windows-defender-advanced-threat-protection.md)

36
windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Update general Windows Defender Advanced Threat Protection settings
description: Update your general Windows Defender Advanced Threat Protection settings after onboarding.
keywords: general settings, settings, update settings
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Update general Windows Defender ATP settings
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
1. In the navigation pane, select **Preferences setup** > **General**.
2. Modify settings such as data retention policy or the industry that best describes your organization.
>[!NOTE]
>Other settings are not editable.
3. Click **Save preferences**.
## Related topics
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP ](preview-settings-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)

2
windows/keep-secure/hello-and-password-changes.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---
# Windows Hello and password changes

2
windows/keep-secure/hello-biometrics-in-enterprise.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

2
windows/keep-secure/hello-enable-phone-signin.md
View File

@ -5,7 +5,7 @@ keywords: ["identity", "PIN", "biometric", "Hello"]
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

2
windows/keep-secure/hello-errors-during-pin-creation.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

2
windows/keep-secure/hello-event-300.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

2
windows/keep-secure/hello-how-it-works.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---
# How Windows Hello for Business works

2
windows/keep-secure/hello-identity-verification.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---
# Windows Hello for Business

2
windows/keep-secure/hello-manage-in-organization.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

2
windows/keep-secure/hello-prepare-people-to-use.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

2
windows/keep-secure/hello-why-pin-is-better-than-password.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
author: DaniHalfin
localizationpriority: high
---

BIN
windows/keep-secure/images/alert-details.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 105 KiB

BIN
windows/keep-secure/images/alerts-q-bulk.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 120 KiB

BIN
windows/keep-secure/images/alerts-queue-numbered.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 201 KiB

BIN
windows/keep-secure/images/atp-action-center-with-info.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
windows/keep-secure/images/atp-actor-report.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

BIN
windows/keep-secure/images/atp-add-intune-policy.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 66 KiB

BIN
windows/keep-secure/images/atp-alert-process-tree.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 92 KiB

BIN
windows/keep-secure/images/atp-alert-status.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
windows/keep-secure/images/atp-alert-timeline.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 187 KiB

BIN
windows/keep-secure/images/atp-alerts-group.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 136 KiB

BIN
windows/keep-secure/images/atp-alerts-q.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 173 KiB

BIN
windows/keep-secure/images/atp-alerts-related-to-file.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 129 KiB

BIN
windows/keep-secure/images/atp-blockfile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
windows/keep-secure/images/atp-custom-ti-mapping.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 166 KiB

BIN
windows/keep-secure/images/atp-export-machine-timeline-events.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

BIN
windows/keep-secure/images/atp-file-action.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
windows/keep-secure/images/atp-file-in-org.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
windows/keep-secure/images/atp-file-information.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

BIN
windows/keep-secure/images/atp-incident-graph.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 132 KiB

BIN
windows/keep-secure/images/atp-investigation-package-action-center.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
windows/keep-secure/images/atp-isolate-machine.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/keep-secure/images/atp-machine-details-view.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 212 KiB

BIN
windows/keep-secure/images/atp-machine-details-view.png.pdf Normal file
View File

Binary file not shown.

BIN
windows/keep-secure/images/atp-machine-health-details.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
windows/keep-secure/images/atp-machine-health.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
windows/keep-secure/images/atp-machine-investigation-package.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
windows/keep-secure/images/atp-machine-isolation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
windows/keep-secure/images/atp-machine-timeline-details-panel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

BIN
windows/keep-secure/images/atp-machine-timeline.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 69 KiB

BIN
windows/keep-secure/images/atp-machines-at-risk.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
windows/keep-secure/images/atp-machines-view-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
windows/keep-secure/images/atp-main-portal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

Some files were not shown because too many files have changed in this diff Show More