From 6ad2b380099407d9b8c0a0cc981e7c6dbaf0f347 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 11:20:55 -0700 Subject: [PATCH 01/19] Added formatting to the file. --- .../.vscode/settings.json | 8 ++ .../understanding-wdac-policy-settings.md | 76 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json create mode 100644 windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json new file mode 100644 index 0000000000..ed9462b7e6 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } +} \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md new file mode 100644 index 0000000000..e966d5669a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -0,0 +1,76 @@ +--- +title: Understanding WDAC secure settings. +description: Learn about secure settings in Windows Defender Application Control. +keywords: security, malware +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: m365-security +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +audience: ITPro +ms.collection: M365-security-compliance +author: creator of the word doc +ms.reviewer: jogeurte +ms.author: dansimp +manager: dansimp +ms.date: 10/11/2021 +ms.technology: mde +--- + +# Understanding WDAC Policy Settings +Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using [WldpQuerySecurityPolicy].
+ +An example settings section of a WDAC Policy: +```xml + + + + true + + + +``` + +### Example Scenario +An application that may want to restrict its capabilities, when used on a system with an active WDAC policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso’s Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don’t want Foo Application to execute macros on a system with a WDAC policy.
+ + +### WldpQuerySecurityPolicy +API that queries the secure settings of a WDAC policy. + +#### Syntax +``` C++ +HRESULT WINAPI WldpQuerySecurityPolicy( + _In_ const UNICODE_STRING * Provider, + _In_ const UNICODE_STRING * Key, + _In_ const UNICODE_STRING * ValueName, + _Out_ PWLDP_SECURE_SETTING_VALUE_TYPE ValueType, + _Out_writes_bytes_opt_(*ValueSize) PVOID Value, + _Inout_ PULONG ValueSize) +``` + +#### Parameters +Provider [in] +Setting Provider name. + +Key [in] +Key name of the Key-Value pair under Setting Provider "Provider". + +ValueName [in] +The value name of the "Key-Value" pair. + +ValueType [in, out] +Pointer to receive the value type. + +Value [in, out] +Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function will return the required buffer size for Value. + +ValueSize [in, out] +On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer. + +#### Return Value +This method returns S_OK if successful or a failure code otherwise. + +#### Remarks +See [WDAC Policy Settings] for more information on WDAC policy settings. From 371c645f32e0abf8712d513e98504e14c724c195 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 11:30:01 -0700 Subject: [PATCH 02/19] added new file to index and toc --- .../windows-defender-application-control/TOC.yml | 2 ++ .../windows-defender-application-control/index.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 6e2bbdd64b..47bc7d1ad7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -22,6 +22,8 @@ href: understand-windows-defender-application-control-policy-design-decisions.md - name: Understand WDAC policy rules and file rules href: select-types-of-rules-to-create.md + - name: Understand WDAC secure settings + href: understand-wdac-policy-settings.md items: - name: Allow apps installed by a managed installer href: configure-authorized-apps-deployed-with-a-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml index ef5892459f..152d5cb75f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/index.yml +++ b/windows/security/threat-protection/windows-defender-application-control/index.yml @@ -69,6 +69,8 @@ landingContent: links: - text: Understanding policy and file rules url: select-types-of-rules-to-create.md + - text: Understanding WDAC secure settings + url: understanding-wdac-policy-settings.md - linkListType: how-to-guide links: - text: Allow managed installer and configure managed installer rules From 0ff09040b4199de166bd4486c7a9d05545432945 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 12:19:12 -0700 Subject: [PATCH 03/19] removed brackets in wldpquerysecuritypolicy --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index e966d5669a..6f583d977a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -19,7 +19,7 @@ ms.technology: mde --- # Understanding WDAC Policy Settings -Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using [WldpQuerySecurityPolicy].
+Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.
An example settings section of a WDAC Policy: ```xml From 80c417c09fe88702e1623c22c5a1b7ad7468123b Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:19:02 -0700 Subject: [PATCH 04/19] updated the author --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 6f583d977a..530c147315 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: creator of the word doc +author: Robert Wait ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From 000a26dc6eabada6db05cb2334017c03caa8c551 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:20:20 -0700 Subject: [PATCH 05/19] corrected the md file name --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 47bc7d1ad7..9cfa2e9982 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -23,7 +23,7 @@ - name: Understand WDAC policy rules and file rules href: select-types-of-rules-to-create.md - name: Understand WDAC secure settings - href: understand-wdac-policy-settings.md + href: understanding-wdac-policy-settings.md items: - name: Allow apps installed by a managed installer href: configure-authorized-apps-deployed-with-a-managed-installer.md From e1834ca4c51520b046f39208eb864de39340bb5d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:24:33 -0700 Subject: [PATCH 06/19] Update understanding-wdac-policy-settings.md --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 530c147315..28eb21e297 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: Robert Wait +author: Robert Waite ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From 59eed88aea573972a8ddd291da37330535aad2e0 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 1 Nov 2021 11:58:16 -0700 Subject: [PATCH 07/19] added headers for each parameter section Also removed Robert Waite as author since GitHub doesn't have him listed as an approved author. --- .../understanding-wdac-policy-settings.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 28eb21e297..9a9fe9f38b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,6 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: Robert Waite ms.reviewer: jogeurte ms.author: dansimp manager: dansimp @@ -39,7 +38,7 @@ An application that may want to restrict its capabilities, when used on a system ### WldpQuerySecurityPolicy API that queries the secure settings of a WDAC policy. -#### Syntax +### Syntax ``` C++ HRESULT WINAPI WldpQuerySecurityPolicy( _In_ const UNICODE_STRING * Provider, @@ -50,23 +49,23 @@ HRESULT WINAPI WldpQuerySecurityPolicy( _Inout_ PULONG ValueSize) ``` -#### Parameters +### Parameters Provider [in] Setting Provider name. -Key [in] +#### Key [in] Key name of the Key-Value pair under Setting Provider "Provider". -ValueName [in] +#### ValueName [in] The value name of the "Key-Value" pair. -ValueType [in, out] +#### ValueType [in, out] Pointer to receive the value type. -Value [in, out] +#### Value [in, out] Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function will return the required buffer size for Value. -ValueSize [in, out] +#### ValueSize [in, out] On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer. #### Return Value From d40a2d17978763a90dad4e3692e0e9c201fc9186 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 8 Nov 2021 12:21:00 -0800 Subject: [PATCH 08/19] added settings.json to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9841e0daea..3a642828d6 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ common/ .openpublishing.build.mdproj .openpublishing.buildcore.ps1 packages.config +settings.json # User-specific files .vs/ From 89d1befa026685fa1423ad6f39b1794dd044c12d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 8 Nov 2021 12:23:08 -0800 Subject: [PATCH 09/19] Deleted settings.json from .vscode --- .../.vscode/settings.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json diff --git a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json deleted file mode 100644 index ed9462b7e6..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "markdownlint.config": { - "MD028": false, - "MD025": { - "front_matter_title": "" - } - } -} \ No newline at end of file From 305a3a0479a7b601a621f64b5138eddfc2c1c13a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 9 Nov 2021 12:49:43 -0800 Subject: [PATCH 10/19] Listed jogeurte as the author --- .../understanding-wdac-policy-settings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 9a9fe9f38b..d54ed1b819 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance +author: jogeurte ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From cc9e3d5a617417f2fc5ddb8dabbb7499f73c5a7a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 9 Nov 2021 12:57:38 -0800 Subject: [PATCH 11/19] corrected Jordan's ID in both the author and ms.reviewer fields. --- .../understanding-wdac-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index d54ed1b819..d68f3d6a3f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,8 +10,8 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: jogeurte -ms.reviewer: jogeurte +author: jgeurten +ms.reviewer: jgeurten ms.author: dansimp manager: dansimp ms.date: 10/11/2021 From 58631b2a54ea4644dceec28f1c31e577e3c0aedf Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 19:00:02 +0530 Subject: [PATCH 12/19] Update policy-csp-printers.md --- .../mdm/policy-csp-printers.md | 302 ++++++++++++++++++ 1 file changed, 302 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 3902457217..d6f2240333 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -22,6 +22,18 @@ manager: dansimp ## Printers policies
+
+ Printers/ApprovedUsbPrintDevices +
+
+ Printers/ApprovedUsbPrintDevicesUser +
+
+ Printers/EnableDeviceControl +
+
+ Printers/EnableDeviceControlUser +
Printers/PointAndPrintRestrictions
@@ -42,6 +54,296 @@ manager: dansimp
+ +**Printers/ApprovedUsbPrintDevices** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. +The format of this setting is /[,/] + +Parent deliverable: 26209274 - Device Control: Printer + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *ApprovedUsbPrintDevices* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + + +
+ + +**Printers/ApprovedUsbPrintDevicesUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. +The format of this setting is /[,/] + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *ApprovedUsbPrintDevicesUser* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + +
+ + +**Printers/EnableDeviceControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. + +The default value of the policy will be Unconfigured. + +If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. + +If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. + + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *EnableDeviceControl* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ + + +**Printers/EnableDeviceControlUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. + +The default value of the policy will be Unconfigured. + +If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. + +If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. + + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *EnableDeviceControlUser* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ **Printers/PointAndPrintRestrictions** From b06079f3acef6f0ff5fb392769236597645c0dda Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 5 Jan 2022 20:19:52 +0530 Subject: [PATCH 13/19] Update policy-csp-printers.md --- windows/client-management/mdm/policy-csp-printers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index d6f2240333..52f26fbc86 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -55,7 +55,7 @@ manager: dansimp
-**Printers/ApprovedUsbPrintDevices** +**Printers/ApprovedUsbPrintDevices** From 25bb30b674ec824ef17e4084f2aa7e6ae417e9d9 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Thu, 27 Jan 2022 10:36:55 +0530 Subject: [PATCH 14/19] Update policy-csp-printers.md --- windows/client-management/mdm/policy-csp-printers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 52f26fbc86..5357273ee3 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -107,7 +107,7 @@ manager: dansimp This policy implements the print portion of the Device Control requirements. These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. -The format of this setting is /[,/] +The format of this setting is `/[,/]` Parent deliverable: 26209274 - Device Control: Printer @@ -178,7 +178,7 @@ ADMX Info: This policy implements the print portion of the Device Control requirements. These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. -The format of this setting is /[,/] +The format of this setting is `/[,/]` From e92048fc607e410130a5e093e52501d8b5bf55f5 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 27 Jan 2022 21:04:04 +0500 Subject: [PATCH 15/19] update in note As mentioned in a Microsoft blog ( https://docs.microsoft.com/en-us/openspecs/blog/ms-winintbloglp/dd98b93c-0a75-4eb0-b92e-e760c502394f ), MMA has been retired. So I have updated the note. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10138 --- windows/client-management/troubleshoot-tcpip-netmon.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index d63ebc5c58..3ba8c0dd3f 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -18,7 +18,7 @@ ms.collection: highpri In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. > [!NOTE] -> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). +> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image: @@ -67,4 +67,4 @@ Network traces which are collected using the **netsh** commands built in to Wind [Network Monitor Wireless Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1900.network-monitor-wireless-filtering.aspx)
[Network Monitor TCP Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1134.network-monitor-tcp-filtering.aspx)
[Network Monitor Conversation Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1829.network-monitor-conversation-filtering.aspx)
-[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
\ No newline at end of file +[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
From e48bf4c78cba91f05a9819d5d0423e129bd45fc4 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 27 Jan 2022 09:24:49 -0800 Subject: [PATCH 16/19] replace semi-annual channel --- .../remove-provisioned-apps-during-update.md | 2 +- windows/client-management/mdm/policy-csp-update.md | 12 ++++++------ windows/client-management/mdm/update-csp.md | 2 +- .../client-management/troubleshoot-stop-errors.md | 2 +- windows/client-management/windows-version-search.md | 8 ++++---- .../create-a-windows-10-reference-image.md | 4 ++-- .../planning/windows-10-deprecated-features.md | 2 +- windows/deployment/update/PSFxWhitepaper.md | 2 +- windows/deployment/update/WIP4Biz-intro.md | 4 ++-- windows/deployment/update/eval-infra-tools.md | 2 +- .../update/get-started-updates-channels-tools.md | 2 +- windows/deployment/update/plan-define-readiness.md | 2 +- windows/deployment/update/plan-define-strategy.md | 2 +- .../update/plan-determine-app-readiness.md | 2 +- windows/deployment/update/prepare-deploy-windows.md | 2 +- windows/deployment/update/quality-updates.md | 2 +- windows/deployment/update/update-baseline.md | 2 +- windows/deployment/update/update-policies.md | 2 +- windows/deployment/update/waas-overview.md | 2 +- windows/deployment/update/waas-quick-start.md | 2 +- ...evel-windows-diagnostic-events-and-fields-1903.md | 2 +- ...quired-windows-11-diagnostic-events-and-fields.md | 2 +- ...windows-diagnostic-data-events-and-fields-2004.md | 2 +- ...ie-hellman-protocol-over-ikev2-vpn-connections.md | 2 +- windows/whats-new/ltsc/index.md | 2 +- windows/whats-new/ltsc/whats-new-windows-10-2016.md | 2 +- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 4 ++-- windows/whats-new/ltsc/whats-new-windows-10-2021.md | 2 +- .../whats-new/whats-new-windows-10-version-21H2.md | 2 +- windows/whats-new/windows-11-plan.md | 2 +- 30 files changed, 41 insertions(+), 41 deletions(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 43afa3c4c5..1660c5406a 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -12,7 +12,7 @@ manager: dansimp --- # How to keep apps removed from Windows 10 from returning during an update ->Applies to: Windows 10 (Semi-Annual Channel) +> Applies to: Windows 10 (General Availability Channel) When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed return post-update. This can happen if the computer was offline when you removed the apps. This issue was fixed in Windows 10, version 1803. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 8866933c87..cf2fac211d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -948,7 +948,7 @@ Supported values: -Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value. +Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of General Availability Channel (Targeted) and General Availability Channel have been combined into one General Availability Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value. @@ -966,8 +966,8 @@ The following list shows the supported values: - 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) - 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) - 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) -- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). -- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16) +- 16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted). +- 32 {0x20} - General Availability Channel. Device gets feature updates from General Availability Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the General Availability Channel and General Availability Channel (Targeted) into a single General Availability Channel with a value of 16) @@ -2627,7 +2627,7 @@ By using this Windows Update for Business policy to upgrade devices to a new pro > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. -Allows the IT admin to set a device to Semi-Annual Channel train. +Allows the IT admin to set a device to General Availability Channel train. @@ -2640,8 +2640,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). -- 1 – User gets upgrades from Semi-Annual Channel. +- 0 (default) – User gets upgrades from General Availability Channel (Targeted). +- 1 – User gets upgrades from General Availability Channel. diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 1d11592519..c57a52f15f 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -204,7 +204,7 @@ Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machi - Condition 4: Machine should be within the uninstall period > [!NOTE] -> This only works for Semi-Annual Channel Targeted devices. +> This only works for General Availability Channel Targeted devices. If the conditions are not true, the device will not Roll Back the Latest Feature Update. diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index cc92de3f11..e9f150cb37 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -129,7 +129,7 @@ More information on how to use Dumpchk.exe to check your dump files: ### Pagefile Settings -- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](/windows/client-management/introduction-page-file) +- [Introduction of page file in Long-Term Servicing Channel and General Availability Channel of Windows](/windows/client-management/introduction-page-file) - [How to determine the appropriate page file size for 64-bit versions of Windows](/windows/client-management/determine-appropriate-page-file-size) - [How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2](/windows/client-management/generate-kernel-or-complete-crash-dump) diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md index 16c416a9cd..52a2fb766d 100644 --- a/windows/client-management/windows-version-search.md +++ b/windows/client-management/windows-version-search.md @@ -1,7 +1,7 @@ --- title: What version of Windows am I running? -description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or Semi-Annual Channel. -keywords: Long-Term Servicing Channel, LTSC, LTSB, Semi-Annual Channel, SAC, Windows, version, OS Build +description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel. +keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel, GAC, Windows, version, OS Build ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -15,7 +15,7 @@ ms.topic: troubleshooting # What version of Windows am I running? -To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [Semi-Annual Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. +To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. ## System Properties Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu @@ -48,4 +48,4 @@ At the Command Prompt or PowerShell, type **"slmgr /dlv"**, and then press ENTER The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This build of Windows doesn’t contain many in-box applications, such as Microsoft Edge, Microsoft Store, Cortana (you do have some limited search capabilities), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. It’s important to remember that the LTSC model is primarily for specialized devices. -In the Semi-Annual Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment. \ No newline at end of file +In the General Availability Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment. \ No newline at end of file diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index 9dd26e0e66..a0684bd469 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -164,7 +164,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01. For example, you can use the following configuration.xml file, which provides these configuration settings: - Install the 64-bit version of Microsoft 365 Apps for enterprise in English directly from the Office Content Delivery Network (CDN) on the internet. Note: 64-bit is now the default and recommended edition. - - Use the Semi-Annual Channel and get updates directly from the Office CDN on the internet. + - Use the General Availability Channel and get updates directly from the Office CDN on the internet. - Perform a silent installation. You won’t see anything that shows the progress of the installation and you won’t see any error messages. ```xml @@ -179,7 +179,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01. ``` - By using these settings, any time you build the reference image you’ll be installing the most up-to-date Semi-Annual Channel version of Microsoft 365 Apps for enterprise. + By using these settings, any time you build the reference image you’ll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise. >[!TIP] >You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file. diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 6f3f832a1c..290ec3a6cd 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -33,7 +33,7 @@ The features described below are no longer being actively developed, and might b | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**
Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.
The following items might not be available in a future release of Windows client:
- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**
- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)
- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**
- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 | | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 | | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 | -| Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 | +| Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 | | Timeline | Starting in July 2021, if you have your activity history synced across your devices through your Microsoft account (MSA), you'll no longer have the option to upload new activity in Timeline. See [Get help with timeline](https://support.microsoft.com/windows/get-help-with-timeline-febc28db-034c-d2b0-3bbe-79aa0c501039).| 20H2 | | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 | | Companion Device Framework | The [Companion Device Framework](/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 | diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md index 64f85cf6f1..485b7f3d26 100644 --- a/windows/deployment/update/PSFxWhitepaper.md +++ b/windows/deployment/update/PSFxWhitepaper.md @@ -1,7 +1,7 @@ --- title: Windows Updates using forward and reverse differentials description: A technique to produce compact software updates optimized for any origin and destination revision pair -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index b73c7cb293..437ce17f09 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -1,7 +1,7 @@ --- title: Introduction to the Windows Insider Program for Business description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join. -keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight +keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight ms.custom: seo-marvel-apr2020 ms.prod: w10 ms.mktglfcycl: manage @@ -37,7 +37,7 @@ Microsoft recommends that all organizations have at least a few devices enrolled The Windows Insider Program doesn't replace General Availability Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. -[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the Semi-Annual Channel Targeted ring for Pilot deployment, and the Semi-Annual Channel for broad deployment.](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)
+[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the General Availability Channel Targeted ring for Pilot deployment, and the General Availability Channel for broad deployment.](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)
Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. ## Explore new Windows 10 features in Insider Previews diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 1d8974b7b8..e2e8a62576 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -2,7 +2,7 @@ title: Evaluate infrastructure and tools manager: laurawi description: Steps to make sure your infrastructure is ready to deploy updates -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md index e628766463..578ef13f11 100644 --- a/windows/deployment/update/get-started-updates-channels-tools.md +++ b/windows/deployment/update/get-started-updates-channels-tools.md @@ -1,7 +1,7 @@ --- title: Windows client updates, channels, and tools description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them -keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage author: jaimeo diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md index 40198581cc..9b2b2c9c0d 100644 --- a/windows/deployment/update/plan-define-readiness.md +++ b/windows/deployment/update/plan-define-readiness.md @@ -2,7 +2,7 @@ title: Define readiness criteria manager: laurawi description: Identify important roles and figure out how to classify apps -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md index 289cffc216..1195f5d660 100644 --- a/windows/deployment/update/plan-define-strategy.md +++ b/windows/deployment/update/plan-define-strategy.md @@ -1,7 +1,7 @@ --- title: Define update strategy description: Two examples of a calendar-based approach to consistent update installation -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, tools ms.prod: w10 ms.mktglfcycl: manage author: jaimeo diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md index 8fcd5f228e..4d540ee6fb 100644 --- a/windows/deployment/update/plan-determine-app-readiness.md +++ b/windows/deployment/update/plan-determine-app-readiness.md @@ -2,7 +2,7 @@ title: Determine application readiness manager: laurawi description: How to test your apps to know which need attention prior to deploying an update -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md index 4614f94847..37afc617f7 100644 --- a/windows/deployment/update/prepare-deploy-windows.md +++ b/windows/deployment/update/prepare-deploy-windows.md @@ -1,7 +1,7 @@ --- title: Prepare to deploy Windows description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage author: jaimeo diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md index 2bd74d5b87..acae62d5a9 100644 --- a/windows/deployment/update/quality-updates.md +++ b/windows/deployment/update/quality-updates.md @@ -1,7 +1,7 @@ --- title: Monthly quality updates (Windows 10/11) description: Learn about Windows monthly quality updates to stay productive and protected. -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage author: greg-lindsay diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md index a8e162f8c3..a0b4da689e 100644 --- a/windows/deployment/update/update-baseline.md +++ b/windows/deployment/update/update-baseline.md @@ -1,7 +1,7 @@ --- title: Update Baseline description: Use an update baseline to optimize user experience and meet monthly update goals -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, tools, group policy +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, tools, group policy ms.prod: w10 ms.mktglfcycl: manage author: jaimeo diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 4bbcdcad7e..063c32e55c 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -3,7 +3,7 @@ title: Policies for update compliance, activity, and user experience ms.reviewer: manager: laurawi description: Explanation and recommendations for settings -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index fb16b23675..6997fcb62d 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -1,7 +1,7 @@ --- title: Overview of Windows as a service description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works. -keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage author: jaimeo diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 3471f175df..1c54bc8aee 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -1,7 +1,7 @@ --- title: Quick guide to Windows as a service (Windows 10) description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. -keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, tools +keywords: updates, servicing, current, deployment, General Availability Channel, General Availability Channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage author: jaimeo diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 85415f07f6..6d2cc70a0c 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -8508,7 +8508,7 @@ The following fields are available: - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. -- **sacDevice** Device in the semi-annual channel. +- **sacDevice** Device in the General Availability Channel. - **wUfBConnected** Result of WUfB connection check. diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 4d22a793a5..ee4c6b4726 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -6379,7 +6379,7 @@ The following fields are available: - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. -- **sacDevice** Device in the semi-annual channel. +- **sacDevice** Device in the General Availability Channel. - **wUfBConnected** Result of WUfB connection check. diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index ed71ed6cd6..6a226268c2 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -7269,7 +7269,7 @@ The following fields are available: - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. -- **sacDevice** Device in the semi-annual channel. +- **sacDevice** Device in the General Availability Channel. - **wUfBConnected** Result of WUfB connection check. diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 70c0e42b27..9e47da731c 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -15,7 +15,7 @@ manager: dansimp # How to configure Diffie Hellman protocol over IKEv2 VPN connections ->Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10, Windows 11 +>Applies To: Windows Server (General Availability Channel), Windows Server 2016, Windows 10, Windows 11 In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index 91c71ff99f..f233c9e457 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -30,7 +30,7 @@ This topic provides links to articles with information about what's new in each ## The Long-Term Servicing Channel (LTSC) -The following table summarizes equivalent feature update versions of Windows 10 LTSC and semi-annual channel (SAC) releases. +The following table summarizes equivalent feature update versions of Windows 10 LTSC and General Availability Channel (SAC) releases. | LTSC release | Equivalent SAC release | Availability date | | --- | --- | --- | diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 1a98ceb952..50c12d880a 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -41,7 +41,7 @@ Windows ICD now includes simplified workflows for creating provisioning packages ### Windows Upgrade Readiness >[!IMPORTANT] ->Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release. +>Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a General Availability Channel release. Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index fd9c51a888..d62aed7098 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -32,7 +32,7 @@ Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding pr The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below. >[!IMPORTANT] ->The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited. +>The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the General Availability Channel release of Windows 10 might be limited. ## Microsoft Intune @@ -374,7 +374,7 @@ Until now, Windows logon only supported the use of identities federated to ADFS ### Upgrade Readiness >[!IMPORTANT] ->Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release. +>Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a General Availability Channel release. Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index ac90bf888f..12d55d3da6 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -22,7 +22,7 @@ This article lists new and updated features and content that is of interest to I > [!NOTE] > Features in Windows 10 Enterprise LTSC 2021 are equivalent to Windows 10, version 21H2.
-> The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited. +> The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the General Availability Channel release of Windows 10 might be limited. Windows 10 Enterprise LTSC 2021 builds on Windows 10 Enterprise LTSC 2019, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md index 7c111593df..a2cf52e895 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H2.md +++ b/windows/whats-new/whats-new-windows-10-version-21H2.md @@ -35,7 +35,7 @@ To learn more about the status of the November 2021 Update rollout, known issues ## Updates and servicing -Windows 10, version 21H2 feature updates are installed annually using the General Availability Channel. Previous feature updates were installed using the Semi-Annual Channel. For more information on this change, see the [How to get the Windows 10 November 2021 Update](https://blogs.windows.com/windowsexperience/?p=176473). +Windows 10, version 21H2 feature updates are installed annually using the General Availability Channel. Previous feature updates were installed using the General Availability Channel. For more information on this change, see the [How to get the Windows 10 November 2021 Update](https://blogs.windows.com/windowsexperience/?p=176473). Quality updates are still installed monthly on patch Tuesday. diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md index aa1f8b6d33..eb9c208939 100644 --- a/windows/whats-new/windows-11-plan.md +++ b/windows/whats-new/windows-11-plan.md @@ -95,7 +95,7 @@ Along with user experience and security improvements, Windows 11 introduces enha When Windows 11 reaches general availability, a consolidated Windows 11 update history will be available on support.microsoft.com, similar to what is [available today for Windows 10](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11). Similarly, the [Windows release health](/windows/release-health/) hub will offer quick access to Windows 11 servicing announcements, known issues, and safeguard holds. -It is important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations will have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 will continue to receive monthly Windows 10 security updates through 2025, as well as incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page, which offers information about the Windows 10 Semi-Annual Channel and Long-term Servicing Channel (LTSC) releases. +It is important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations will have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 will continue to receive monthly Windows 10 security updates through 2025, as well as incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page, which offers information about the Windows 10 General Availability Channel and Long-term Servicing Channel (LTSC) releases. ## Application compatibility From d97cd72d148e9ed96fa6400a693534167f28d3ba Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 27 Jan 2022 12:41:53 -0800 Subject: [PATCH 17/19] Update troubleshoot-tcpip-netmon.md --- windows/client-management/troubleshoot-tcpip-netmon.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 3ba8c0dd3f..64d8d13db9 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -7,7 +7,7 @@ ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium ms.author: dansimp -ms.date: 12/06/2018 +ms.date: 01/27/2022 ms.reviewer: manager: dansimp ms.collection: highpri @@ -15,7 +15,7 @@ ms.collection: highpri # Collect data using Network Monitor -In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. +In this article, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. > [!NOTE] > Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). From 609b51c9dc532e97c8efb4124864fb9dfabbfd0b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 27 Jan 2022 12:43:30 -0800 Subject: [PATCH 18/19] Update troubleshoot-tcpip-netmon.md --- windows/client-management/troubleshoot-tcpip-netmon.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 64d8d13db9..7bbb4f70f3 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -18,7 +18,7 @@ ms.collection: highpri In this article, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. > [!NOTE] -> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). +> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages were removed from microsoft.com sites on November 25, 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, consider using another, non-Microsoft network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image: @@ -28,11 +28,11 @@ When the driver gets hooked to the network interface card (NIC) during installat **To capture traffic** -1. Run netmon in an elevated status by choosing Run as Administrator. +1. Run netmon in an elevated status by choosing **Run as Administrator**. ![Image of Start search results for Netmon.](images/nm-start.png) -2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then click **Start**. +2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then select **Start**. ![Image of the New Capture option on menu.](images/tcp-ts-4.png) From 98007ce9eb064c8c6581a27002d0ddde5cad7ae8 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 27 Jan 2022 15:14:19 -0800 Subject: [PATCH 19/19] Update understanding-wdac-policy-settings.md --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index d68f3d6a3f..fd7b1f528e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -1,5 +1,5 @@ --- -title: Understanding WDAC secure settings. +title: Understanding Windows Defender Application Control (WDAC) secure settings description: Learn about secure settings in Windows Defender Application Control. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb