mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into AddAppsOverview
This commit is contained in:
MandiOhlinger
commit
7e2ee670d3
@ -20,7 +20,7 @@ We've tried to make editing an existing, public file as simple as possible.
|
||||
|
||||
1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Log into (or sign up for) a GitHub account.
|
||||
|
||||
@ -28,7 +28,7 @@ We've tried to make editing an existing, public file as simple as possible.
|
||||
|
||||
3. Click the **Pencil** icon (in the red box) to edit the content.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
|
||||
- **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
|
||||
@ -37,11 +37,11 @@ We've tried to make editing an existing, public file as simple as possible.
|
||||
|
||||
5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
|
||||
|
||||
|
||||
|
||||
|
||||
6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
|
||||
|
||||
|
||||
|
||||
|
||||
The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
|
||||
|
||||
@ -49,7 +49,7 @@ We've tried to make editing an existing, public file as simple as possible.
|
||||
|
||||
If there are no problems, you’ll see the message, **Able to merge**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Click **Create pull request**.
|
||||
|
||||
|
||||
@ -34,11 +34,11 @@ Before you start, you need to make sure you have the following:
|
||||
|
||||
1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
|
||||
|
||||
@ -280,13 +280,13 @@ You can collect your hardware inventory using the MOF Editor, while you’re con
|
||||
|
||||
1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
|
||||
|
||||
3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select the check boxes next to the following classes, and then click **OK**:
|
||||
|
||||
@ -393,12 +393,12 @@ The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sam
|
||||
### SCCM Report Sample – ActiveX.rdl
|
||||
Gives you a list of all of the ActiveX-related sites visited by the client computer.
|
||||
|
||||
|
||||
|
||||
|
||||
### SCCM Report Sample – Site Discovery.rdl
|
||||
Gives you a list of all of the sites visited by the client computer.
|
||||
|
||||
|
||||
|
||||
|
||||
## View the collected XML data
|
||||
After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like:
|
||||
@ -436,7 +436,7 @@ You can import this XML data into the correct version of the Enterprise Mode Sit
|
||||
|
||||
1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Go to your XML file to add the included sites to the tool, and then click **Open**.<br>Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
|
||||
|
||||
|
||||
@ -27,11 +27,11 @@ ms.date: 07/27/2017
|
||||
|
||||
Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
|
||||
|
||||
|
||||
|
||||
|
||||
The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
|
||||
|
||||
|
||||
|
||||
|
||||
Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
|
||||
|
||||
@ -47,11 +47,11 @@ This lets you create an ASP form that accepts the incoming POST messages.
|
||||
|
||||
3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.<p>
|
||||
Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
|
||||
@ -72,7 +72,7 @@ This code logs your POST fields to your IIS log file, where you can review all o
|
||||
### IIS log file information
|
||||
This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Using the GitHub sample to collect your data
|
||||
@ -99,14 +99,14 @@ The required packages are automatically downloaded and included in the solution.
|
||||
|
||||
1. Right-click on the name, PhoneHomeSample, and click **Publish**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
|
||||
|
||||
**Important**<br>
|
||||
Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
|
||||
|
||||
|
||||
|
||||
|
||||
After you finish the publishing process, you need to test to make sure the app deployed successfully.
|
||||
|
||||
@ -131,7 +131,7 @@ The required packages are automatically downloaded and included in the solution.
|
||||
- Go to `https://<deploy_URL>/List` to see the report results.<p>
|
||||
If you’re already on the webpage, you’ll need to refresh the page to see the results.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Troubleshooting publishing errors
|
||||
@ -141,7 +141,7 @@ If you have errors while you’re publishing your project, you should try to upd
|
||||
|
||||
1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Updates** on the left side of the tool, and click the **Update All** button.<p>
|
||||
You may need to do some additional package cleanup to remove older package versions.
|
||||
|
||||
@ -9,7 +9,7 @@ centralized control, you can create one global list of websites that render usin
|
||||
1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** setting.<p>Turning this setting on also requires you to create and store a site list.
|
||||
|
||||
<!--
|
||||
|
||||
|
||||
-->
|
||||
|
||||
2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
|
||||
@ -24,7 +24,7 @@ All of your managed devices must have access to this location if you want them t
|
||||
|
||||
2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file.<p>For example:
|
||||
<!--
|
||||
 -->
|
||||
 -->
|
||||
|
||||
- **HTTPS location:** `"SiteList"="https://localhost:8080/sites.xml"`
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
|
||||
|
||||
1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
|
||||
|
||||
@ -45,7 +45,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
|
||||
|
||||
3. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
|
||||
|
||||
|
||||
|
||||
|
||||
Your **Value data** location can be any of the following types:
|
||||
|
||||
|
||||
@ -38,11 +38,11 @@ Before you start, you need to make sure you have the following:
|
||||
|
||||
1. Go to the [Microsoft Security Bulletin](/security-updates/) page, and change the filter to **Windows Internet Explorer 11**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
|
||||
|
||||
@ -284,13 +284,13 @@ You can collect your hardware inventory using the MOF Editor, while you’re con
|
||||
|
||||
1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
|
||||
|
||||
3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select the check boxes next to the following classes, and then click **OK**:
|
||||
|
||||
@ -397,12 +397,12 @@ The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sam
|
||||
### SCCM Report Sample – ActiveX.rdl
|
||||
Gives you a list of all of the ActiveX-related sites visited by the client computer.
|
||||
|
||||
|
||||
|
||||
|
||||
### SCCM Report Sample – Site Discovery.rdl
|
||||
Gives you a list of all of the sites visited by the client computer.
|
||||
|
||||
|
||||
|
||||
|
||||
## View the collected XML data
|
||||
After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like:
|
||||
@ -440,7 +440,7 @@ You can import this XML data into the correct version of the Enterprise Mode Sit
|
||||
|
||||
1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Go to your XML file to add the included sites to the tool, and then click **Open**.<br>Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ The compatibility improvements made in IE11 lets older websites just work in the
|
||||
## Document mode selection flowchart
|
||||
This flowchart shows how IE11 works when document modes are used.
|
||||
|
||||
<br>
|
||||
<br>
|
||||
[Click this link to enlarge image](img-ie11-docmode-lg.md)
|
||||
|
||||
## Known Issues with Internet Explorer 8 document mode in Enterprise Mode
|
||||
|
||||
@ -45,7 +45,7 @@ To see if this fix might help you, run through this process one step at a time,
|
||||
|
||||
1. Go to a site having compatibility problems, press **F12** to open the **F12 Developer Tools**, and go to the **Emulation** tool.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Starting with the **11 (Default)** option, test your broken scenario.<br>
|
||||
If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](/previous-versions/windows/internet-explorer/ie-developer/samples/dn255001(v=vs.85)).
|
||||
@ -62,7 +62,7 @@ There are two versions of the Enterprise Mode site list schema and the Enterpris
|
||||
|
||||
1. Open the Enterprise Mode Site List Manager, and click **Add**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Add the **URL** and pick the document mode from the **Launch in** box. This should be the same document mode you found fixed your problems while testing the site.<br>
|
||||
Similar to Enterprise Mode, you can specify a document mode for a particular web path—such as contoso.com/ERP—or at a domain level. In the above, the entire contoso.com domain loads in Enterprise Mode, while microsoft.com is forced to load into IE8 Document Mode and bing.com loads in IE11.
|
||||
@ -74,7 +74,7 @@ For more information about Enterprise Mode, see [What is Enterprise Mode?](what-
|
||||
### Review your Enterprise Mode site list
|
||||
Take a look at your Enterprise Mode site list and make sure everything is the way you want it. The next step will be to turn the list on and start to use it in your company. The Enterprise Mode Site List Manager will look something like:
|
||||
|
||||
|
||||
|
||||
|
||||
And the underlying XML code will look something like:
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@ ms.author: dansimp
|
||||
|
||||
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)<br>
|
||||
|
||||
<p style="overflow: auto;">
|
||||
<p>
|
||||
<img src="images/docmode-decisions-lg.png" alt="Full-sized flowchart detailing how document modes are chosen in IE11" width="1355" height="1625" style="max-width:none;">
|
||||
</p>
|
||||
|
||||
|
||||
@ -62,15 +62,15 @@ When IE blocks an outdated ActiveX control, you’ll see a notification bar simi
|
||||
|
||||
**Internet Explorer 9 through Internet Explorer 11**
|
||||
|
||||
|
||||
|
||||
|
||||
**Windows Internet Explorer 8**
|
||||
|
||||
|
||||
|
||||
|
||||
Out-of-date ActiveX control blocking also gives you a security warning that tells you if a webpage tries to launch specific outdated apps, outside of IE:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## How do I fix an outdated ActiveX control or app?
|
||||
|
||||
@ -27,7 +27,7 @@ You can use the Group Policy setting, **Set a default associations configuration
|
||||
1. Open your Group Policy editor and go to the **Computer Configuration\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
|
||||
Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Enabled**, and then in the **Options** area, type the location to your default associations configuration file.<p>
|
||||
If this setting is turned on and your employee's device is domain-joined, this file is processed and default associations are applied at logon. If this setting isn't configured or is turned off, or if your employee's device isn't domain-joined, no default associations are applied at logon.
|
||||
|
||||
@ -31,11 +31,11 @@ ms.date: 07/27/2017
|
||||
|
||||
Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
|
||||
|
||||
|
||||
|
||||
|
||||
The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
|
||||
|
||||
|
||||
|
||||
|
||||
Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
|
||||
|
||||
@ -51,11 +51,11 @@ When you turn logging on, you need a valid URL that points to a server that can
|
||||
|
||||
3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.<p>
|
||||
Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
|
||||
@ -76,7 +76,7 @@ When you turn logging on, you need a valid URL that points to a server that can
|
||||
### IIS log file information
|
||||
This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Using the GitHub sample to collect your data
|
||||
@ -103,14 +103,14 @@ For logging, you’re going to need a valid URL that points to a server that can
|
||||
|
||||
5. Right-click on the name, PhoneHomeSample, and click **Publish**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
|
||||
|
||||
**Important**<br>
|
||||
Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
|
||||
|
||||
|
||||
|
||||
|
||||
After you finish the publishing process, you need to test to make sure the app deployed successfully.
|
||||
|
||||
@ -135,7 +135,7 @@ For logging, you’re going to need a valid URL that points to a server that can
|
||||
- Go to `https://<deploy_URL>/List` to see the report results.<p>
|
||||
If you’re already on the webpage, you’ll need to refresh the page to see the results.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Troubleshooting publishing errors
|
||||
@ -145,7 +145,7 @@ If you have errors while you’re publishing your project, you should try to upd
|
||||
|
||||
1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Updates** on the left side of the tool, and click the **Update All** button.<p>
|
||||
You may need to do some additional package cleanup to remove older package versions.
|
||||
|
||||
@ -28,7 +28,7 @@ Jump to:
|
||||
|
||||
[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md) can be very effective in providing backward compatibility for older web apps. The Enterprise Mode Site List includes the ability to put any web app in any document mode, include IE8 and IE7 Enterprise Modes, without changing a single line of code on the website.
|
||||
|
||||
|
||||
|
||||
|
||||
Sites in the \<docMode\> section can be rendered in any document mode, as shown in blue above. Some sites designed for older versions of Internet Explorer may require better backward compatibility, and these can leverage the \<emie\> section of the Enterprise Mode Site List. IE8 Enterprise Mode provides higher-fidelity emulation for Internet Explorer 8 by using, among other improvements, the original Internet Explorer 8 user agent string. IE7 Enterprise Mode further improves emulation by adding Compatibility View.
|
||||
|
||||
@ -84,7 +84,7 @@ To see if the site works in the Internet Explorer 5, Internet Explorer 7, Intern
|
||||
|
||||
- Open the site in Internet Explorer 11, load the F12 tools by pressing the **F12** key or by selecting **F12 Developer Tools** from the **Tools** menu, and select the **Emulation** tab.
|
||||
|
||||
|
||||
|
||||
|
||||
- Run the site in each document mode until you find the mode in which the site works.
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
|
||||
1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.<p>
|
||||
Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
|
||||
|
||||
@ -51,7 +51,7 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
|
||||
|
||||
4. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
|
||||
|
||||
|
||||
|
||||
|
||||
- **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
|
||||
|
||||
1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
|
||||
|
||||
@ -49,7 +49,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
|
||||
|
||||
5. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
|
||||
|
||||
|
||||
|
||||
|
||||
Your **Value data** location can be any of the following types:
|
||||
|
||||
|
||||
@ -33,32 +33,32 @@ During installation, you must pick a version of IEAK 11, either **External** or
|
||||
|
||||
| Feature | Internal | External |
|
||||
|-------------------------------------------|:--------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
|
||||
| Welcome screen |  |  |
|
||||
| File locations |  |  |
|
||||
| Platform selection |  |  |
|
||||
| Language selection |  |  |
|
||||
| Package type selection |  |  |
|
||||
| Feature selection |  |  |
|
||||
| Automatic Version Synchronization (AVS) |  |  |
|
||||
| Custom components |  |  |
|
||||
| Internal install |  |  |
|
||||
| User experience |  |  |
|
||||
| Browser user interface |  |  |
|
||||
| Search providers |  |  |
|
||||
| Important URLs – Home page and support |  |  |
|
||||
| Accelerators |  |  |
|
||||
| Favorites, Favorites bar, and feeds |  |  |
|
||||
| Browsing options |  |  |
|
||||
| First Run wizard and Welcome page options |  |  |
|
||||
| Connection manager |  |  |
|
||||
| Connection settings |  |  |
|
||||
| Automatic configuration |  |  |
|
||||
| Proxy settings |  |  |
|
||||
| Security and privacy settings |  |  |
|
||||
| Add a root certificate |  |  |
|
||||
| Programs |  |  |
|
||||
| Additional settings |  |  |
|
||||
| Wizard complete |  |  |
|
||||
| Welcome screen |  |  |
|
||||
| File locations |  |  |
|
||||
| Platform selection |  |  |
|
||||
| Language selection |  |  |
|
||||
| Package type selection |  |  |
|
||||
| Feature selection |  |  |
|
||||
| Automatic Version Synchronization (AVS) |  |  |
|
||||
| Custom components |  |  |
|
||||
| Internal install |  |  |
|
||||
| User experience |  |  |
|
||||
| Browser user interface |  |  |
|
||||
| Search providers |  |  |
|
||||
| Important URLs – Home page and support |  |  |
|
||||
| Accelerators |  |  |
|
||||
| Favorites, Favorites bar, and feeds |  |  |
|
||||
| Browsing options |  |  |
|
||||
| First Run wizard and Welcome page options |  |  |
|
||||
| Connection manager |  |  |
|
||||
| Connection settings |  |  |
|
||||
| Automatic configuration |  |  |
|
||||
| Proxy settings |  |  |
|
||||
| Security and privacy settings |  |  |
|
||||
| Add a root certificate |  |  |
|
||||
| Programs |  |  |
|
||||
| Additional settings |  |  |
|
||||
| Wizard complete |  |  |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -20,17 +20,17 @@ manager: dansimp
|
||||
|
||||
|
||||
|
||||
<span style="font-size: 1.5em">This guide shows you how to quickly and easily try a few transformational tools from Microsoft Education in 5 quick steps.</span>
|
||||
<span>This guide shows you how to quickly and easily try a few transformational tools from Microsoft Education in 5 quick steps.</span>
|
||||
|
||||
| Tool | Description |
|
||||
| :---: |:--- |
|
||||
| [](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. |
|
||||
| [](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
|
||||
| [](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** </br>Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
|
||||
| [](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** </br>Open [OneNote](#edu-task4) and create an example group project for your class. |
|
||||
| [](#edu-task5) | **Curious about telling stories through video?** </br>Try the [Photos app](#edu-task5) to make your own example video. |
|
||||
| [](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
|
||||
| [](#edu-task7) | **Want to provide a personal math tutor for your students?** </br>Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. |
|
||||
| [](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. |
|
||||
| [](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
|
||||
| [](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** </br>Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
|
||||
| [](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** </br>Open [OneNote](#edu-task4) and create an example group project for your class. |
|
||||
| [](#edu-task5) | **Curious about telling stories through video?** </br>Try the [Photos app](#edu-task5) to make your own example video. |
|
||||
| [](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
|
||||
| [](#edu-task7) | **Want to provide a personal math tutor for your students?** </br>Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. |
|
||||
|
||||
|
||||
</br>
|
||||
@ -41,7 +41,7 @@ manager: dansimp
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task1"></a>1. Log in and connect to the school network
|
||||
To try out the educator tasks, start by logging in as a teacher.
|
||||
|
||||
@ -55,7 +55,7 @@ To try out the educator tasks, start by logging in as a teacher.
|
||||
</br>
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task2"></a>2. Significantly improve student reading speed and comprehension
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/GCzSAslq_2Y]
|
||||
@ -78,7 +78,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
|
||||
|
||||
4. Select the **Immersive Reader** button.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Press the **Play** button to hear text read aloud.
|
||||
|
||||
@ -86,14 +86,14 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
|
||||
|
||||
| Text to Speech | Text Preferences | Grammar Options | Line Focus |
|
||||
| :------------: | :--------------: | :-------------: | :--------: |
|
||||
|  |  |  |  |
|
||||
|  |  |  |  |
|
||||
|
||||
</br>
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task3"></a>3. Spark communication, critical thinking, and creativity in the classroom
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/riQr4Dqb8B8]
|
||||
@ -114,7 +114,7 @@ Take a guided tour of Microsoft Teams and test drive this digital hub.
|
||||
</br>
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task4"></a>4. Expand classroom collaboration and interaction between students
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/dzDSWMb_fIE]
|
||||
@ -135,16 +135,16 @@ When you're not using the pen, just use the magnet to stick it to the left side
|
||||
3. Follow the instructions for the project. Look for the **Try this!** callouts to experiment with these engaging activities.
|
||||
- Discover the power of digital ink by selecting the Draw tab. Choose your pen and get scribbling.
|
||||
|
||||
|
||||
|
||||
|
||||
- Type anywhere on the page! Just click your cursor where you want to place text.
|
||||
- Use the checkmark in the **Home** tab to keep track of completed tasks.
|
||||
|
||||
|
||||
|
||||
|
||||
- To find information without leaving OneNote, use the Researcher tool found under the Insert tab.
|
||||
|
||||
|
||||
|
||||
|
||||
</br>
|
||||
</br>
|
||||
@ -178,7 +178,7 @@ Use video to create a project summary.
|
||||
|
||||
8. Drag the videos to the Storyboard, one by one. Your project should look roughly like this:
|
||||
|
||||
|
||||
|
||||
|
||||
9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**.
|
||||
|
||||
@ -191,7 +191,7 @@ Use video to create a project summary.
|
||||
4. Play back your effect.
|
||||
5. Select **Done** when you have it where you want it.
|
||||
|
||||
|
||||
|
||||
|
||||
12. Select **Music** and select a track from the **Recommended** music collection.
|
||||
1. The music will update automatically to match the length of your video project, even as you make changes.
|
||||
@ -208,7 +208,7 @@ Check out this use case video of the Photos team partnering with the Bureau Of F
|
||||
</br>
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task6"></a>6. Get kids to further collaborate and problem solve
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
|
||||
@ -226,7 +226,7 @@ Today, we'll explore a Minecraft world through the eyes of a student.
|
||||
|
||||
3. Scroll down to the **Details** section and select **Download World**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. When prompted, save the world.
|
||||
|
||||
@ -250,7 +250,7 @@ Today, we'll explore a Minecraft world through the eyes of a student.
|
||||
|
||||
To try more advanced movements or building within Minecraft, use the Minecraft Controls Diagram.
|
||||
|
||||
|
||||
|
||||
|
||||
12. Access and adapt over 300 lesson plans, spanning all grades and subjects, to meet your needs. Enjoy exploring new worlds and happy crafting.
|
||||
|
||||
@ -260,13 +260,13 @@ Today, we'll explore a Minecraft world through the eyes of a student.
|
||||
2. Click **Class Resources**.
|
||||
3. Click **Find a Lesson**.
|
||||
|
||||
|
||||
|
||||
|
||||
</br>
|
||||
</br>
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task7"></a>7. Use Windows Ink to provide a personal math tutor for your students
|
||||
|
||||
The **Math Assistant** and **Ink Replay** features available in the OneNote app give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph.
|
||||
@ -275,15 +275,15 @@ The **Math Assistant** and **Ink Replay** features available in the OneNote app
|
||||
To get started:
|
||||
1. Open the OneNote app for Windows 10 (not OneNote 2016).
|
||||
|
||||
|
||||
|
||||
|
||||
2. In the top left corner, click on the **<** arrow to access your notebooks and pages.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click **Add Page** to launch a blank work space.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Make sure your pen is paired to the device. To pair, see <a href="https://support.microsoft.com/help/12383" target="_blank">Connect to Bluetooth devices</a>.
|
||||
|
||||
@ -292,26 +292,26 @@ To solve the equation 3x+4=7, follow these instructions:
|
||||
|
||||
2. If you wrote the equation using digital ink, use the **Lasso tool** to circle the equation. If you typed the equation, highlight it using your mouse.
|
||||
|
||||
|
||||
|
||||
|
||||
3. On the **Draw** tab, click the **Math** button.
|
||||
|
||||
|
||||
|
||||
|
||||
4. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation.
|
||||
|
||||
|
||||
|
||||
|
||||
5. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation.
|
||||
|
||||
6. On the **View** tab, click the **Replay** button. Use your mouse to select the written equation and watch your text in replay. Replay is great for students to review how the teacher solved the equation and for teachers to review how students approached a problem.
|
||||
|
||||
|
||||
|
||||
|
||||
To graph the equation 3x+4=7, follow these instructions:
|
||||
1. From the drop-down menu in the **Math** pane, select the option to **Graph Both Sides in 2D**. You can play with the interactive graph of your equation - use a single finger to move the graph position or two fingers to change the **zoom** level.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click the **Insert on Page** button below the graph to add a screenshot of the graph to your page.
|
||||
</br>
|
||||
|
||||
@ -16,7 +16,7 @@ ms.date: 12/11/2017
|
||||
|
||||
# Microsoft Education Trial in a Box
|
||||
|
||||
|
||||
|
||||
|
||||
</br>
|
||||
|
||||
@ -28,9 +28,9 @@ Welcome to Microsoft Education Trial in a Box. We built this trial to make it ea
|
||||
|
||||
</br>
|
||||
|
||||
| [](educator-tib-get-started.md) | [](itadmin-tib-get-started.md) |
|
||||
| [](educator-tib-get-started.md) | [](itadmin-tib-get-started.md) |
|
||||
| :---: | :---: |
|
||||
| <span style="font-size: 1.5em">**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span style="font-size: 1.5em">**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) |
|
||||
| <span>**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span>**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) |
|
||||
|
||||
|
||||
|
||||
|
||||
@ -20,15 +20,15 @@ manager: dansimp
|
||||
|
||||
|
||||
|
||||
<span style="font-size: 1.5em">Learn how to quickly deploy and manage devices for your school in 5 quick steps.</span>
|
||||
<span>Learn how to quickly deploy and manage devices for your school in 5 quick steps.</span>
|
||||
|
||||
| | |
|
||||
| :---: |:--- |
|
||||
| [](#it-task1) | [Log in](#it-task1) to **Device A** with your IT Admin credentials and connect to your school's network. |
|
||||
| [](#it-task2) | [Configure Device B](#it-task2) with the Set up School PCs app. |
|
||||
| [](#it-task3) | [Express configure Intune for Education](#it-task3) to manage devices, users, and policies. |
|
||||
| [](#it-task4) | [Find apps from the Microsoft Store for Education](#it-task4) and deploy them to manage devices in your tenant. |
|
||||
| [](#it-task5) | [Create custom folders](#it-task5) that will appear on each managed device's **Start** menu. |
|
||||
| [](#it-task1) | [Log in](#it-task1) to **Device A** with your IT Admin credentials and connect to your school's network. |
|
||||
| [](#it-task2) | [Configure Device B](#it-task2) with the Set up School PCs app. |
|
||||
| [](#it-task3) | [Express configure Intune for Education](#it-task3) to manage devices, users, and policies. |
|
||||
| [](#it-task4) | [Find apps from the Microsoft Store for Education](#it-task4) and deploy them to manage devices in your tenant. |
|
||||
| [](#it-task5) | [Create custom folders](#it-task5) that will appear on each managed device's **Start** menu. |
|
||||
|
||||
|
||||
</br>
|
||||
@ -42,7 +42,7 @@ If you run into any problems while following the steps in this guide, or you hav
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="it-task1"></a>1. Log in to Device A with your IT Admin credentials and connect to the school network
|
||||
To try out the IT admin tasks, start by logging in as an IT admin.
|
||||
|
||||
@ -56,7 +56,7 @@ To try out the IT admin tasks, start by logging in as an IT admin.
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="it-task2"></a>2. Configure Device B with Set up School PCs
|
||||
Now you're ready to learn how to configure a brand new device. You will start on **Device A** by downloading and running the Set up School PCs app. Then, you will configure **Device B**.
|
||||
|
||||
@ -66,11 +66,11 @@ If you've previously used Set up School PCs to provision student devices, you ca
|
||||
|
||||
1. From the **Start** menu, find and then click **Microsoft Store** to launch the Store.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Search for the **Set up School PCs** app.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click **Install**.
|
||||
|
||||
@ -78,7 +78,7 @@ If you've previously used Set up School PCs to provision student devices, you ca
|
||||
|
||||
1. On **Device A**, launch the Set up School PCs app.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Get started**.
|
||||
3. Select **Sign-in**.
|
||||
@ -95,7 +95,7 @@ If you've previously used Set up School PCs to provision student devices, you ca
|
||||
|
||||
We recommend checking the highlighted settings below:
|
||||
|
||||
|
||||
|
||||
|
||||
- **Remove apps pre-installed by the device manufacturer** - If you select this option, this will reset the machine and the provisioning process will take longer (about 30 minutes).
|
||||
- **Allow local storage (not recommended for shared devices)** lets students save files to the **Desktop** and **Documents** folder on the student PC.
|
||||
@ -108,7 +108,7 @@ If you've previously used Set up School PCs to provision student devices, you ca
|
||||
|
||||
7. **Set up the Take a Test app** configures the device for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. Windows will lock down the student PC so that students can't access anything else while taking the test.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Specify if you want to create a Take a Test button on the students' sign-in screens.
|
||||
2. Select **Advanced settings** to allow keyboard text suggestions to appear and to allow teachers to monitor online tests.
|
||||
@ -120,7 +120,7 @@ If you've previously used Set up School PCs to provision student devices, you ca
|
||||
|
||||
8. **Add recommended apps** lets you choose from a set of recommended Microsoft Store apps to provision.
|
||||
|
||||
|
||||
|
||||
|
||||
The recommended apps include the following:
|
||||
* **Office 365 for Windows 10 S (Education Preview)** - Optional. This works well for the Trial in a Box PCs running Windows 10 S. However, if you try to install this app on other editions of Windows 10, setup will fail. Also note that if you select **Office 365 for Windows 10 S (Education Preview)**, it will take about 30-45 minutes longer for Set up School PCs to create the provisioning package as the app downloads Office 365 for Windows 10 S (Education Preview) from the Microsoft Store.
|
||||
@ -131,7 +131,7 @@ If you've previously used Set up School PCs to provision student devices, you ca
|
||||
|
||||
To change any of the settings, select the page or section (such as **Sign-in** or **Settings**) to go back to that page and make your changes.
|
||||
|
||||
|
||||
|
||||
|
||||
10. Accept the summary and then insert a USB drive in **Device A**. Use the USB drive that came in the Trial in a Box accessories box to save the provisioning package.
|
||||
11. Select the drive and then **Save** to create the provisioning package.
|
||||
@ -153,7 +153,7 @@ A provisioning package is a method for applying settings to Windows 10 without n
|
||||
|
||||
1. Start with **Device B** turned off or with the PC on the first-run setup screen. In Windows 10 S Fall Creators Update, the first-run setup screen says **Let's start with region. Is this right?**.
|
||||
|
||||
|
||||
|
||||
|
||||
If you go past the region selection screen, select **Ctrl + Shift + F3** which will prompt the "System Preparation Tool." Select **Okay** in the tool to return to the region selection screen. If this doesn't work, reset the PC by going to **Settings > Update & Security > Recovery > Reset this PC.**
|
||||
|
||||
@ -166,20 +166,20 @@ You can complete the rest of the IT admin tasks using **Device A**.
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="it-task3"></a>3. Express configure Intune for Education to manage devices, users, and policies
|
||||
Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
|
||||
|
||||
1. Log into the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
|
||||
2. On the Intune for Education dashboard, click **Launch Express Configuration** or select the **Express configuration**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. In the **Welcome to Intune for Education** screen, click **Get started** and follow the prompts until you get to the **Choose group** screen.
|
||||
4. In the **Choose group** screen, select **All Users** so that all apps and settings that we select during express setup will apply to this group.
|
||||
5. In the **Choose apps** screen, you will see a selection of desktop (Win32) apps, Web apps, and Microsoft Store apps.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in step 5.
|
||||
|
||||
@ -197,7 +197,7 @@ Intune for Education provides an **Express configuration** option so you can get
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="it-task4"></a>4. Find apps from the Microsoft Store for Education and deploy them to managed devices in your tenant
|
||||
The Microsoft Store for Education is where you can shop for more apps for your school.
|
||||
|
||||
@ -205,7 +205,7 @@ The Microsoft Store for Education is where you can shop for more apps for your s
|
||||
2. In the **Store apps** section, select **+ New app** to go to the <a href="https://educationstore.microsoft.com" target="_blank">Microsoft Store for Education</a>.
|
||||
3. Select **Sign in** and start shopping for apps for your school.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express configuration for Intune for Education. For example, these apps are free:
|
||||
- Duolingo - Learn Languages for Free
|
||||
@ -222,7 +222,7 @@ The Microsoft Store for Education is where you can shop for more apps for your s
|
||||
|
||||
The apps will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
|
||||
|
||||
|
||||
|
||||
|
||||
In the **Private store** column of the **Products & services** page, the status for some apps will indicate that it's "In private store" while others will say "Adding to private store" or "Not applicable". Learn more about this in <a href="/microsoft-store/distribute-apps-from-your-private-store" target="_blank">Distribute apps using your private store</a>.
|
||||
|
||||
@ -231,7 +231,7 @@ The Microsoft Store for Education is where you can shop for more apps for your s
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="it-task5"></a>5. Create custom folders that will appear on each managed device's Start menu
|
||||
Update settings for all devices in your tenant by adding the **Documents** and **Downloads** folders to all devices managed in Intune for Education.
|
||||
|
||||
@ -239,7 +239,7 @@ Update settings for all devices in your tenant by adding the **Documents** and *
|
||||
2. Select **Group > All Devices > Settings** and expand **Windows interface settings**.
|
||||
3. In **Choose folders that appear in the Start menu**, select **Documents** and **Downloads**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. **Save** your changes.
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ For more information about checking for updates, and how to optionally turn on a
|
||||
> [!NOTE]
|
||||
> For the alternate email address, make sure you use a different address from your Office 365 email address.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Click **Save**.
|
||||
|
||||
@ -46,17 +46,17 @@ For more information about checking for updates, and how to optionally turn on a
|
||||
|
||||
1. Click the **Need help?** button in the lower right-hand corner of the Office 365 console.
|
||||
|
||||
|
||||
|
||||
|
||||
You will see a sidebar window open up on the right-hand side of the screen.
|
||||
|
||||
|
||||
|
||||
|
||||
If you chose to have a support representative call you, a new support ticket will be opened and you can track these in **Support tickets**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click the **question button**  in the top navigation of the sidebar window.
|
||||
2. Click the **question button**  in the top navigation of the sidebar window.
|
||||
3. In the field below **Need help?**, enter a description of your help request.
|
||||
4. Click the **Get help button**.
|
||||
5. In the **Let us call you** section, enter a phone number where you can be reached.
|
||||
@ -69,7 +69,7 @@ Forget your password? Follow these steps to recover it.
|
||||
1. Go to <a href="https://portal.office.com/" target="_blank">https://portal.office.com</a>
|
||||
2. Select **Can't access your account** and follow the prompts to get back into your account.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -61,7 +61,7 @@ You can set the policy using one of these methods:
|
||||
|
||||
- When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
|
||||
|
||||
|
||||
|
||||
|
||||
## Trigger Autopilot Reset
|
||||
Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use.
|
||||
@ -70,7 +70,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
|
||||
|
||||
1. From the Windows device lock screen, enter the keystroke: **CTRL + Windows key + R**.
|
||||
|
||||
|
||||
|
||||
|
||||
This will open up a custom login screen for Autopilot Reset. The screen serves two purposes:
|
||||
|
||||
@ -78,7 +78,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
|
||||
|
||||
2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
|
||||
|
||||
@ -97,7 +97,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
|
||||
|
||||
- Is returned to a known good managed state, connected to Azure AD and MDM.
|
||||
|
||||
|
||||
|
||||
|
||||
Once provisioning is complete, the device is again ready for use.
|
||||
|
||||
|
||||
@ -65,7 +65,7 @@ See [change using Microsoft Store for Education](#change-using-microsoft-store-f
|
||||
|
||||
**Figure 1** - Enter the details for the Windows edition change
|
||||
|
||||
|
||||
|
||||
|
||||
3. The change will automatically be applied to the group you selected.
|
||||
|
||||
@ -78,7 +78,7 @@ You can use Windows Configuration Designer to create a provisioning package that
|
||||
|
||||
**Figure 2** - Enter the license key
|
||||
|
||||
|
||||
|
||||
|
||||
3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education.
|
||||
|
||||
@ -123,7 +123,7 @@ Once you enable the setting to change to Windows 10 Pro Education, the change wi
|
||||
|
||||
**Figure 3** - Check the box to confirm
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click **Change all my devices**.
|
||||
|
||||
@ -169,13 +169,13 @@ If the Windows device is running Windows 10, version 1703, follow these steps.
|
||||
|
||||
**Figure 4** - Select how you'd like to set up the device
|
||||
|
||||
|
||||
|
||||
|
||||
2. On the **Sign in with Microsoft** page, enter the username and password to use with Office 365 or other services from Microsoft, and then click **Next**.
|
||||
|
||||
**Figure 5** - Enter the account details
|
||||
|
||||
|
||||
|
||||
|
||||
3. Go through the rest of Windows device setup. Once you're done, the device will be Azure AD joined to your school's subscription.
|
||||
|
||||
@ -188,21 +188,21 @@ If the Windows device is running Windows 10, version 1703, follow these steps.
|
||||
|
||||
**Figure 6** - Go to **Access work or school** in Settings
|
||||
|
||||
|
||||
|
||||
|
||||
2. In **Access work or school**, click **Connect**.
|
||||
3. In the **Set up a work or school account** window, click the **Join this device to Azure Active Directory** option at the bottom.
|
||||
|
||||
**Figure 7** - Select the option to join the device to Azure Active Directory
|
||||
|
||||
|
||||
|
||||
|
||||
4. On the **Let's get you signed in** window, enter the Azure AD credentials (username and password) and sign in. This will join the device to the school's Azure AD.
|
||||
5. To verify that the device was successfully joined to Azure AD, go back to **Settings > Accounts > Access work or school**. You should now see a connection under the **Connect to work or school** section that indicates the device is connected to Azure AD.
|
||||
|
||||
**Figure 8** - Verify the device connected to Azure AD
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Step 2: Sign in using Azure AD account
|
||||
@ -286,7 +286,7 @@ Once the automatic change to Windows 10 Pro Education is turned off, the change
|
||||
|
||||
**Figure 12** - Revert to Windows 10 Pro
|
||||
|
||||
|
||||
|
||||
|
||||
4. You will be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**.
|
||||
5. Click **Close** in the **Success** page.
|
||||
@ -304,7 +304,7 @@ You need to synchronize these identities so that users will have a *single ident
|
||||
|
||||
**Figure 13** - On-premises AD DS integrated with Azure AD
|
||||
|
||||
|
||||
|
||||
|
||||
For more information about integrating on-premises AD DS domains with Azure AD, see these resources:
|
||||
- [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity)
|
||||
|
||||
@ -118,7 +118,7 @@ At the end of this section, you should have a list of Chromebook user and device
|
||||
|
||||
You use the Google Admin Console (as shown in Figure 1) to manage user and device settings. These settings are applied to all the Chromebook devices in your institution that are enrolled in the Google Admin Console. Review the user and device settings in the Google Admin Console and determine which settings are appropriate for your Windows devices.
|
||||
|
||||
|
||||
|
||||
|
||||
Figure 1. Google Admin Console
|
||||
|
||||
@ -221,7 +221,7 @@ Table 3. Settings in the Security node in the Google Admin Console
|
||||
|
||||
In addition to the settings configured in the Google Admin Console, users may have locally configured their devices based on their own personal preferences (as shown in Figure 2). Table 4 lists the Chromebook user and device settings that you can locally configure. Review the settings and determine which settings you will migrate to Windows. Some of the settings listed in Table 4 can only be seen when you click the **Show advanced settings** link (as shown in Figure 2).
|
||||
|
||||
|
||||
|
||||
|
||||
Figure 2. Locally-configured settings on Chromebook
|
||||
|
||||
@ -497,7 +497,7 @@ Table 6 is a decision matrix that lists the device, user, and app management pro
|
||||
|
||||
Table 6. Device, user, and app management products and technologies
|
||||
|
||||
<table style="width:100%;">
|
||||
<table>
|
||||
<colgroup>
|
||||
<col width="14%" />
|
||||
<col width="14%" />
|
||||
|
||||
@ -94,19 +94,19 @@ Use one of these methods to set this policy.
|
||||
- Data type: Integer
|
||||
- Value: 0
|
||||
|
||||
|
||||
|
||||
|
||||
### Group Policy
|
||||
Set **Computer Configuration > Administrative Templates > Windows Components > Search > AllowCortana** to **Disabled**.
|
||||
|
||||
|
||||
|
||||
|
||||
### Provisioning tools
|
||||
- [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates.
|
||||
- [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package)
|
||||
- Under **Runtime settings**, click the **Policies** settings group, set **Experience > Cortana** to **No**.
|
||||
|
||||
|
||||
|
||||
|
||||
## SetEduPolicies
|
||||
**SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It is a policy node in the [SharedPC configuration service provider](/windows/client-management/mdm/sharedpc-csp).
|
||||
@ -123,7 +123,7 @@ Use one of these methods to set this policy.
|
||||
- Data type: Boolean
|
||||
- Value: true
|
||||
|
||||
|
||||
|
||||
|
||||
### Group Policy
|
||||
**SetEduPolicies** is not natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to set the policy in [MDM SharedPC](/windows/win32/dmwmibridgeprov/mdm-sharedpc).
|
||||
@ -147,7 +147,7 @@ For example:
|
||||
- [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package)
|
||||
- Under **Runtime settings**, click the **SharedPC** settings group, set **PolicyCustomization > SetEduPolicies** to **True**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Ad-free search with Bing
|
||||
Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States.
|
||||
|
||||
@ -34,21 +34,21 @@ Proper preparation is essential for a successful district deployment. To avoid c
|
||||
As part of preparing for your district deployment, you need to plan your district configuration — the focus of this guide. Figure 1 illustrates a typical finished district configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 1. Typical district configuration for this guide*
|
||||
|
||||
A *district* consists of multiple schools, typically at different physical locations. Figure 2 illustrates a typical school configuration within the district that this guide uses.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 2. Typical school configuration for this guide*
|
||||
|
||||
Finally, each school consists of multiple classrooms. Figure 3 shows the classroom configuration this guide uses.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 3. Typical classroom configuration in a school*
|
||||
|
||||
@ -181,7 +181,7 @@ The high-level process for deploying and configuring devices within individual c
|
||||
9. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS–Azure AD integration.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 4. How district configuration works*
|
||||
|
||||
@ -768,7 +768,7 @@ In this method, you have an on-premises AD DS domain. As shown in Figure 5, the
|
||||
> Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](/previous-versions/mim/dn510997(v=ws.10)).
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 5. Automatic synchronization between AD DS and Azure AD*
|
||||
|
||||
@ -779,7 +779,7 @@ For more information about how to perform this step, see the [Integrate on-premi
|
||||
In this method, you have no on-premises AD DS domain. As shown in Figure 6, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 6. Bulk import into Azure AD from other sources*
|
||||
|
||||
@ -812,14 +812,14 @@ You can deploy the Azure AD Connect tool:
|
||||
- **On premises.** As shown in Figure 7, Azure AD Connect runs on premises, which has the advantage of not requiring a VPN connection to Azure. It does, however, require a virtual machine (VM) or physical server.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 7. Azure AD Connect on premises*
|
||||
|
||||
- **In Azure.** As shown in Figure 8, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
*Figure 8. Azure AD Connect in Azure*
|
||||
|
||||
|
||||
@ -30,13 +30,13 @@ Proper preparation is essential for a successful school deployment. To avoid com
|
||||
|
||||
As part of preparing for your school deployment, you need to plan your configuration—the focus of this guide. Figure 1 illustrates a typical finished school configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 1. Typical school configuration for this guide*
|
||||
|
||||
Figure 2 shows the classroom configuration this guide uses.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 2. Typical classroom configuration in a school*
|
||||
|
||||
@ -112,7 +112,7 @@ The high-level process for deploying and configuring devices within individual c
|
||||
6. On the student and faculty devices, deploy Windows 10 to new or existing devices, or upgrade eligible devices to Windows 10.
|
||||
7. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS and Azure AD integration.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 3. How school configuration works*
|
||||
|
||||
@ -346,7 +346,7 @@ In this method, you have an on-premises AD DS domain. As shown in Figure 4, the
|
||||
|
||||
**Note** Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](/previous-versions/mim/dn510997(v=ws.10)?f=255&MSPPError=-2147217396).
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 4. Automatic synchronization between AD DS and Azure AD*
|
||||
|
||||
@ -356,7 +356,7 @@ For more information about how to perform this step, see the [Integrate on-premi
|
||||
|
||||
In this method, you have no on-premises AD DS domain. As shown in Figure 5, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 5. Bulk import into Azure AD from other sources*
|
||||
|
||||
@ -383,13 +383,13 @@ You can deploy the Azure AD Connect tool by using one of the following methods:
|
||||
|
||||
- **On premises.** As shown in Figure 6, Azure AD Connect runs on premises, which has the advantage of not requiring a virtual private network (VPN) connection to Azure. It does, however, require a virtual machine (VM) or physical server.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 6. Azure AD Connect on premises*
|
||||
|
||||
- **In Azure**. As shown in Figure 7, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 7. Azure AD Connect in Azure*
|
||||
|
||||
|
||||
@ -55,11 +55,11 @@ To turn off access to contacts for all apps on individual Windows devices:
|
||||
|
||||
1. On the computer, go to **Settings** and select **Privacy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Under the list of **Privacy** areas, select **Contacts**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Turn off **Let apps access my contacts**.
|
||||
|
||||
@ -73,7 +73,7 @@ For IT-managed Windows devices, you can use a Group Policy to turn off the setti
|
||||
|
||||
If you want to allow only certain apps to have access to contacts, you can use the switch for each app to specify which ones you want on or off.
|
||||
|
||||
|
||||
|
||||
|
||||
The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you have installed and which of these apps access contacts.
|
||||
|
||||
@ -83,7 +83,7 @@ To allow only certain apps to have access to contacts, you can:
|
||||
|
||||
* Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Skype and Xbox settings
|
||||
@ -109,7 +109,7 @@ Skype uses the user’s contact details to deliver important information about t
|
||||
|
||||
To manage and edit your profile in the Skype UWP app, follow these steps:
|
||||
|
||||
1. In the Skype UWP app, select the user profile icon  to go to the user’s profile page.
|
||||
1. In the Skype UWP app, select the user profile icon  to go to the user’s profile page.
|
||||
|
||||
2. In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
|
||||
|
||||
@ -127,7 +127,7 @@ To manage and edit your profile in the Skype UWP app, follow these steps:
|
||||
|
||||
6. To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
|
||||
|
||||
|
||||
|
||||
|
||||
* To take a new picture, click the camera icon in the pop up window. To upload a new picture, click the three dots (**...**).
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ Admins can control whether or not teachers are automatically assigned the **Basi
|
||||
2. Click **Manage**, and then click **Settings**.
|
||||
3. On **Shop**, select or clear **Make everyone a Basic Purchaser**.
|
||||
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> **Make everyone a Basic Purchaser** is on by default.
|
||||
@ -52,7 +52,7 @@ When **Make everyone a Basic Purchaser** is turned off, admins can manually assi
|
||||
2. Click **Manage**, and then choose **Permissions**.
|
||||
3. On **Roles**, click **Assign roles**, type and select a name, choose the role you want to assign, and then click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
**Blocked Basic Purchasers**
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ ms.topic: conceptual
|
||||
|
||||
Teachers and IT administrators can now get early access to **Minecraft: Education Edition** and add it their Microsoft Store for Business for distribution.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
## Prerequisites
|
||||
|
||||
@ -39,11 +39,11 @@ Teachers and IT administrators can now get early access to **Minecraft: Educatio
|
||||
- Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan)
|
||||
- If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](/windows/client-management/mdm/register-your-free-azure-active-directory-subscription)
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
[Learn how teachers can get and distribute **Minecraft: Education Edition**](teacher-get-minecraft.md)
|
||||
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
[Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
|
||||
@ -14,15 +14,15 @@ ms.date: 10/13/2017
|
||||
|
||||
# Windows 10 for Education
|
||||
|
||||
|
||||
|
||||
|
||||
##  Learn
|
||||
##  Learn
|
||||
|
||||
<p><b><a href="windows-editions-for-education-customers.md" data-raw-source="[Windows 10 editions for education customers](windows-editions-for-education-customers.md)">Windows 10 editions for education customers</a></b><br />Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.</p>
|
||||
<p><b><a href="https://www.microsoft.com/WindowsForBusiness/Compare" data-raw-source="[Compare each Windows edition](https://www.microsoft.com/WindowsForBusiness/Compare)">Compare each Windows edition</a></b><br />Find out more about the features and functionality we support in each edition of Windows.</p>
|
||||
<p><b><a href="https://www.microsoft.com/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools" data-raw-source="[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)">Get Windows 10 Education or Windows 10 Pro Education</a></b><br />When you've made your decision, find out how to buy Windows for your school.</p>
|
||||
|
||||
##  Plan
|
||||
##  Plan
|
||||
|
||||
<p><b><a href="configure-windows-for-education.md" data-raw-source="[Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)">Windows 10 configuration recommendations for education customers</a></b><br />Provides guidance on ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school.</p>
|
||||
<p><b><a href="edu-deployment-recommendations.md" data-raw-source="[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)">Deployment recommendations for school IT administrators</a></b><br />Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.</p>
|
||||
@ -30,14 +30,14 @@ ms.date: 10/13/2017
|
||||
<div class="side-by-side-content-right"><p><b><a href="take-tests-in-windows-10.md" data-raw-source="[Take tests in Windows 10](take-tests-in-windows-10.md)">Take tests in Windows 10</a></b><br />Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.</p>
|
||||
<p><b><a href="chromebook-migration-guide.md" data-raw-source="[Chromebook migration guide](chromebook-migration-guide.md)">Chromebook migration guide</a></b><br />Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.</p>
|
||||
|
||||
##  Deploy
|
||||
##  Deploy
|
||||
|
||||
<p><b><a href="set-up-windows-10.md" data-raw-source="[Set up Windows devices for education](set-up-windows-10.md)">Set up Windows devices for education</a></b><br />Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.</p>
|
||||
<p><b><a href="deploy-windows-10-in-a-school.md" data-raw-source="[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)">Deploy Windows 10 in a school</a></b><br />Get step-by-step guidance to help you deploy Windows 10 in a school environment.</p>
|
||||
<p><b><a href="deploy-windows-10-in-a-school-district.md" data-raw-source="[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)">Deploy Windows 10 in a school district</a></b><br />Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.</p>
|
||||
<p><b><a href="test-windows10s-for-edu.md" data-raw-source="[Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md)">Test Windows 10 S on existing Windows 10 education devices</a></b><br />Test Windows 10 S on a variety of Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.</p>
|
||||
|
||||
##  Switch
|
||||
##  Switch
|
||||
|
||||
<p><b><a href="change-to-pro-education.md" data-raw-source="[Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)">Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S</a></b><br />If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.</p>
|
||||
|
||||
|
||||
@ -50,15 +50,15 @@ If you’ve been approved and are part of the Enrollment for Education Solutions
|
||||
|
||||
1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **GET STARTED**.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
2. Enter your email address, and select Educator, Administrator, or Student. </br> If your email address isn't associated to an Azure AD or Office 365 Education tenant, you'll be asked to create one.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
3. Select **Get the app**. This will take you to the Microsoft Store for Education to download the app. You will also receive an email with instructions and a link to the Store.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
4. Sign in to Microsoft Store for Education with your email address.
|
||||
|
||||
@ -66,7 +66,7 @@ If you’ve been approved and are part of the Enrollment for Education Solutions
|
||||
|
||||
6. **Minecraft: Education Edition** opens in the Microsoft Store for Education. Select **Get the app**. This places **Minecraft: Education Edition** in your Store inventory.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
Now that the app is in your Microsoft Store for Education inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
|
||||
|
||||
@ -113,11 +113,11 @@ After you've finished the purchase, you can find your invoice by checking **Mine
|
||||
2. Click **Minecraft: Education Edition** in the list of apps.
|
||||
3. On **Minecraft: Education Edition**, click **View Bills**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. On **Invoice Bills**, click the invoice number to view and download your invoice. It downloads as a .pdf.
|
||||
|
||||
|
||||
|
||||
|
||||
The **Payment Instructions** section on the first page of the invoice has information on invoice amount, due date, and how to pay with electronic funds transfer, or with a check.
|
||||
|
||||
@ -133,11 +133,11 @@ Admins can also add Minecraft: Education Edition to the private store. This allo
|
||||
<!---
|
||||
Here's the page you'll see for Minecraft: Education Edition licenses purchased directly through the Microsoft Store for Business.
|
||||
|
||||
|
||||
|
||||
|
||||
Here's the page you'll see for Minecraft: Education Edition licenses purchased through volume licensing.
|
||||
|
||||
|
||||
|
||||
--->
|
||||
|
||||
### Configure automatic subscription assignment
|
||||
@ -168,7 +168,7 @@ You can install the app on your PC. This gives you a chance to test the app and
|
||||
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Manage**, and then click **Install**.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
3. Click **Install**.
|
||||
|
||||
@ -180,33 +180,33 @@ Enter email addresses for your students, and each student will get an email with
|
||||
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Manage**.
|
||||
|
||||
|
||||
|
||||
3. Click **Invite people**.
|
||||
|
||||
4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
|
||||
|
||||
You can only assign the app to students with work or school accounts. If you don't find the student, you might need to add a work or school account for the student.
|
||||
|
||||
|
||||
|
||||
|
||||
**To finish Minecraft install (for students)**
|
||||
|
||||
1. Students will receive an email with a link that will install the app on their PC.</br>
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Get the app** to start the app install in Microsoft Store app.
|
||||
3. In Microsoft Store app, click **Install**.
|
||||
|
||||
|
||||
|
||||
|
||||
After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**. Microsoft Store app is preinstalled with Windows 10.
|
||||
|
||||
|
||||
|
||||
|
||||
When students click **My Library** they'll find apps assigned to them.
|
||||
|
||||
|
||||
|
||||
|
||||
### Download for others
|
||||
Download for others allows teachers or IT admins to download an app that they can install on PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
|
||||
@ -225,11 +225,11 @@ Minecraft: Education Edition will not install if there are updates pending for o
|
||||
1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
|
||||
2. Click the account button, and then click **Downloads and updates**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click **Check for updates**, and install all available updates.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Restart the computer before installing Minecraft: Education Edition.
|
||||
|
||||
@ -238,7 +238,7 @@ You'll download a .zip file, extract the files, and then use one of the files to
|
||||
|
||||
1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. **Extract files**. Find the .zip file that you downloaded and extract the files. This is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
|
||||
3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.
|
||||
@ -257,7 +257,7 @@ However, tenant admins can control whether or not teachers automatically sign up
|
||||
To prevent educators from automatically signing up for Microsoft Store for Business
|
||||
1. In Microsoft Store for Business, click **Settings**, and then click **Permissions**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Allow educators in my organization to sign up for the Microsoft Store for Business.**
|
||||
|
||||
@ -269,7 +269,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
|
||||
- Acquire and manage the app
|
||||
- Info on Support page (including links to documentation and access to support through customer service)
|
||||
|
||||
|
||||
|
||||
|
||||
**To assign Basic Purchaser role**
|
||||
|
||||
@ -280,15 +280,15 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
|
||||
|
||||
2. Click **Settings**, and then choose **Permissions**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click **Add people**, type a name, select the correct person, choose the role you want to assign, and click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
Microsoft Store for Business updates the list of people and permissions.
|
||||
|
||||
|
||||
|
||||
|
||||
-->
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ Active Directory** \> **Devices** \> **Device settings**.
|
||||
for Azure AD by selecting **All** or **Selected**. If you choose the latter
|
||||
option, select the teachers and IT staff to allow them to connect to Azure AD.
|
||||
|
||||
|
||||
|
||||
|
||||
You can also create an account that holds the exclusive rights to join devices. When a student PC needs to be set up, provide the account credentials to the appropriate teachers or staff.
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
|
||||
|
||||
**Figure 7** - Add the account to use for test-taking
|
||||
|
||||
|
||||
|
||||
|
||||
The account can be in one of the following formats:
|
||||
- username
|
||||
|
||||
@ -35,7 +35,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
|
||||
2.
|
||||
2. On the **Finish** page, select **Switch to advanced editor**.
|
||||
|
||||
|
||||
|
||||
|
||||
**Next steps**
|
||||
- [Add a desktop app to your package](#add-a-desktop-app-to-your-package)
|
||||
@ -52,7 +52,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
|
||||
|
||||
2. Click **Advanced provisioning**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Name your project and click **Next**.
|
||||
|
||||
@ -89,17 +89,17 @@ Universal apps that you can distribute in the provisioning package can be line-o
|
||||
|
||||
2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
|
||||
|
||||
|
||||
|
||||
|
||||
3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
|
||||
|
||||
4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page.
|
||||
|
||||
|
||||
|
||||
|
||||
5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Microsoft Store for Business, you generate the license for the app on the app's download page.
|
||||
|
||||
|
||||
|
||||
|
||||
[Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
|
||||
|
||||
@ -168,7 +168,7 @@ If your build is successful, the name of the provisioning package, output direct
|
||||
**During initial setup, from a USB drive**
|
||||
1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
|
||||
|
||||
@ -176,11 +176,11 @@ If your build is successful, the name of the provisioning package, output direct
|
||||
|
||||
3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Select **Yes, add it**.
|
||||
|
||||
@ -188,11 +188,11 @@ If your build is successful, the name of the provisioning package, output direct
|
||||
|
||||
6. Read and accept the Microsoft Software License Terms.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Select **Use Express settings**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
|
||||
|
||||
@ -200,18 +200,18 @@ If your build is successful, the name of the provisioning package, output direct
|
||||
|
||||
9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
10. Sign in with your domain, Azure AD, or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
**After setup, from a USB drive, network folder, or SharePoint site**
|
||||
|
||||
On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and select the package to install.
|
||||
|
||||
|
||||
|
||||
|
||||
-->
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ Choose the tool that is appropriate for how your students will sign in (Active D
|
||||
|
||||
You can use the following diagram to compare the tools.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## In this section
|
||||
|
||||
@ -39,7 +39,7 @@ If you set up Take a Test, this adds a **Take a Test** button on the student PC'
|
||||
|
||||
**Figure 1** - Configure Take a Test in the Set up School PCs app
|
||||
|
||||
|
||||
|
||||
|
||||
### Set up a test account in Intune for Education
|
||||
You can set up a test-taking account in Intune for Education. To do this, follow these steps:
|
||||
@ -49,7 +49,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
|
||||
|
||||
**Figure 2** - Add a test profile in Intune for Education
|
||||
|
||||
|
||||
|
||||
|
||||
3. In the new profile page:
|
||||
1. Enter a name for the profile.
|
||||
@ -60,7 +60,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
|
||||
|
||||
**Figure 3** - Add information about the test profile
|
||||
|
||||
|
||||
|
||||
|
||||
After you save the test profile, you will see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
|
||||
|
||||
@ -68,13 +68,13 @@ You can set up a test-taking account in Intune for Education. To do this, follow
|
||||
|
||||
**Figure 4** - Assign the test account to a group
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the **Groups** page, click **Change group assignments**.
|
||||
|
||||
**Figure 5** - Change group assignments
|
||||
|
||||
|
||||
|
||||
|
||||
6. In the **Change group assignments** page:
|
||||
1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group.
|
||||
@ -82,7 +82,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
|
||||
|
||||
**Figure 6** - Select the group(s) that will use the test account
|
||||
|
||||
|
||||
|
||||
|
||||
And that's it! When the students from the selected group sign in to the student PCs using the Take a Test user name that you selected, the PC will be locked down and Take a Test will open the assessment URL and students can start taking tests.
|
||||
|
||||
@ -136,7 +136,7 @@ To set up a test account through Windows Configuration Designer, follow these st
|
||||
|
||||
**Figure 7** - Add the account to use for test-taking
|
||||
|
||||
|
||||
|
||||
|
||||
The account can be in one of the following formats:
|
||||
- username
|
||||
|
||||
@ -30,13 +30,13 @@ To configure the assessment URL and a dedicated testing account on a single PC,
|
||||
|
||||
**Figure 1** - Use the Settings app to set up a test-taking account
|
||||
|
||||
|
||||
|
||||
|
||||
4. In the **Set up an account for taking tests** window, choose an existing account to use as the dedicated testing account.
|
||||
|
||||
**Figure 2** - Choose the test-taking account
|
||||
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> If you don't have an account on the device, you can create a new account. To do this, go to **Settings > Accounts > Other people > Add someone else to this PC > I don’t have this person’s sign-in information > Add a user without a Microsoft account**.
|
||||
|
||||
@ -32,7 +32,7 @@ Many schools use online testing for formative and summative assessments. It's cr
|
||||
|
||||
## How to use Take a Test
|
||||
|
||||
|
||||
|
||||
|
||||
There are several ways to configure devices for assessments, depending on your use case:
|
||||
|
||||
|
||||
@ -65,7 +65,7 @@ After Minecraft: Education Edition licenses have been purchased, either directly
|
||||
- You can assign the app to others.
|
||||
- You can download the app to distribute.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
### Install for me
|
||||
You can install the app on your PC. This gives you a chance to work with the app before using it with your students.
|
||||
@ -73,7 +73,7 @@ You can install the app on your PC. This gives you a chance to work with the app
|
||||
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Manage**, and then click **Install**.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
3. Click **Install**.
|
||||
|
||||
@ -84,13 +84,13 @@ Enter email addresses for your students, and each student will get an email with
|
||||
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Manage**.
|
||||
|
||||
<!--  -->
|
||||
<!--  -->
|
||||
|
||||
3. Click **Invite people**.
|
||||
|
||||
4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
|
||||
|
||||
|
||||
|
||||
|
||||
You can assign the app to students with work or school accounts. </br>
|
||||
If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Microsoft 365 admin center where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin.
|
||||
@ -100,20 +100,20 @@ Enter email addresses for your students, and each student will get an email with
|
||||
|
||||
Students will receive an email with a link that will install the app on their PC.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Click **Get the app** to start the app install in Microsoft Store app.
|
||||
2. In Microsoft Store app, click **Install**.
|
||||
|
||||
|
||||
|
||||
|
||||
After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**.
|
||||
|
||||
|
||||
|
||||
|
||||
When students click **My Library** they'll find apps assigned to them.
|
||||
|
||||
|
||||
|
||||
|
||||
### Download for others
|
||||
Download for others allows teachers or IT admins to download a packages that they can install on student PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
|
||||
@ -132,11 +132,11 @@ Minecraft: Education Edition will not install if there are updates pending for o
|
||||
1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
|
||||
2. Click the account button, and then click **Downloads and updates**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Click **Check for updates**, and install all available updates.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Restart the computer before installing Minecraft: Education Edition.
|
||||
|
||||
@ -145,7 +145,7 @@ You'll download a .zip file, extract the files, and then use one of the files to
|
||||
|
||||
1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. **Extract files**. Find the .zip file that you downloaded and extract the files. This is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
|
||||
3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.
|
||||
|
||||
@ -103,7 +103,7 @@ We strongly recommend that you avoid changing preset policies. Changes can slow
|
||||
|
||||
The **Set up School PCs** app guides you through the configuration choices for the student PCs. To begin, open the app on your PC and click **Get started**.
|
||||
|
||||
|
||||
|
||||
|
||||
### Package name
|
||||
Type a unique name to help distinguish your school's provisioning packages. The name appears:
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: conceptual
|
||||
|
||||
# Get started: Deploy and manage a full cloud IT solution for your business
|
||||
|
||||
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
@ -61,7 +61,7 @@ If this is the first time you're setting this up, and you'd like to see how it's
|
||||
|
||||
**Figure 1** - Try or buy Office 365
|
||||
|
||||
|
||||
|
||||
|
||||
2. Fill out the sign up form and provide information about you and your company.
|
||||
3. Create a user ID and password to use to sign into your account.
|
||||
@ -76,7 +76,7 @@ If this is the first time you're setting this up, and you'd like to see how it's
|
||||
|
||||
**Figure 2** - Microsoft 365 admin center
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select the **Admin** tile to go to the admin center.
|
||||
@ -86,7 +86,7 @@ If this is the first time you're setting this up, and you'd like to see how it's
|
||||
|
||||
**Figure 3** - Admin center
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
8. Go back to the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a> to add or buy a domain.
|
||||
@ -94,14 +94,14 @@ If this is the first time you're setting this up, and you'd like to see how it's
|
||||
|
||||
**Figure 4** - Option to add or buy a domain
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*.
|
||||
|
||||
**Figure 5** - Microsoft-provided domain
|
||||
|
||||
|
||||
|
||||
|
||||
- If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
|
||||
- If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
|
||||
@ -110,7 +110,7 @@ If this is the first time you're setting this up, and you'd like to see how it's
|
||||
|
||||
**Figure 6** - Domains
|
||||
|
||||
|
||||
|
||||
|
||||
### 1.2 Add users and assign product licenses
|
||||
Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
|
||||
@ -123,7 +123,7 @@ When adding users, you can also assign admin privileges to certain users in your
|
||||
|
||||
**Figure 7** - Add users
|
||||
|
||||
|
||||
|
||||
|
||||
2. In the **Home > Active users** page, add users individually or in bulk.
|
||||
- To add users one at a time, select **+ Add a user**.
|
||||
@ -132,7 +132,7 @@ When adding users, you can also assign admin privileges to certain users in your
|
||||
|
||||
**Figure 8** - Add an individual user
|
||||
|
||||
|
||||
|
||||
|
||||
- To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
|
||||
|
||||
@ -140,13 +140,13 @@ When adding users, you can also assign admin privileges to certain users in your
|
||||
|
||||
**Figure 9** - Import multiple users
|
||||
|
||||
|
||||
|
||||
|
||||
3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
|
||||
|
||||
**Figure 10** - List of active users
|
||||
|
||||
|
||||
|
||||
|
||||
### 1.3 Add Microsoft Intune
|
||||
Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see <a href="/intune/understand-explore/introduction-to-microsoft-intune" target="_blank">What is Intune?</a>
|
||||
@ -160,14 +160,14 @@ Microsoft Intune provides mobile device management, app management, and PC manag
|
||||
|
||||
**Figure 11** - Assign Intune licenses
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
|
||||
6. Select **Intune**. This will take you to the Intune management portal.
|
||||
|
||||
**Figure 12** - Microsoft Intune management portal
|
||||
|
||||
|
||||
|
||||
|
||||
Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
|
||||
|
||||
@ -185,21 +185,21 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
|
||||
|
||||
**Figure 13** - Access to Azure AD is not available
|
||||
|
||||
|
||||
|
||||
|
||||
3. From the error message, select the country/region for your business. This should match with the location you specified when you signed up for Office 365.
|
||||
4. Click **Azure subscription**. This will take you to a free trial sign up screen.
|
||||
|
||||
**Figure 14** - Sign up for Microsoft Azure
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
|
||||
6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
|
||||
|
||||
**Figure 15** - Start managing your Azure subscription
|
||||
|
||||
|
||||
|
||||
|
||||
This will take you to the <a href="https://portal.azure.com" target="_blank">Microsoft Azure portal</a>.
|
||||
|
||||
@ -216,26 +216,26 @@ To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.c
|
||||
|
||||
**Figure 16** - Azure first sign-in screen
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
|
||||
|
||||
**Figure 17** - Directory home page
|
||||
|
||||
|
||||
|
||||
|
||||
3. From the menu options on top, select **Groups**.
|
||||
|
||||
**Figure 18** - Azure AD groups
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **Add a group** (from the top) or **Add group** at the bottom.
|
||||
5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
|
||||
|
||||
**Figure 19** - Newly added group in Azure AD
|
||||
|
||||
|
||||
|
||||
|
||||
6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
|
||||
|
||||
@ -243,7 +243,7 @@ To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.c
|
||||
|
||||
**Figure 20** - Members in the new group
|
||||
|
||||
|
||||
|
||||
|
||||
7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
|
||||
|
||||
@ -263,14 +263,14 @@ You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/201
|
||||
|
||||
**Figure 21** - List of applications for your company
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Microsoft Intune** to configure the application.
|
||||
3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
|
||||
|
||||
**Figure 22** - Configure Microsoft Intune in Azure
|
||||
|
||||
|
||||
|
||||
|
||||
4. In the Microsoft Intune configuration page:
|
||||
- In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
|
||||
@ -289,7 +289,7 @@ You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/201
|
||||
|
||||
**Figure 23** - Configure Microsoft Intune
|
||||
|
||||
|
||||
|
||||
|
||||
### 1.7 Configure Microsoft Store for Business for app distribution
|
||||
Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune.
|
||||
@ -303,7 +303,7 @@ In this part of the walkthrough, we'll be working on the <a href="https://manage
|
||||
|
||||
**Figure 24** - Mobile device management
|
||||
|
||||
|
||||
|
||||
|
||||
3. Sign into <a href="https://businessstore.microsoft.com/en-us/Store/Apps" target="_blank">Microsoft Store for Business</a> using the same tenant account that you used to sign into Intune.
|
||||
4. Accept the EULA.
|
||||
@ -312,20 +312,20 @@ In this part of the walkthrough, we'll be working on the <a href="https://manage
|
||||
|
||||
**Figure 25** - Activate Intune as the Store management tool
|
||||
|
||||
|
||||
|
||||
|
||||
7. Go back to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
|
||||
8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
|
||||
|
||||
**Figure 26** - Configure Store for Business sync in Intune
|
||||
|
||||
|
||||
|
||||
|
||||
9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
|
||||
|
||||
**Figure 27** - Enable Microsoft Store for Business sync in Intune
|
||||
|
||||
|
||||
|
||||
|
||||
The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
|
||||
|
||||
@ -348,7 +348,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S
|
||||
|
||||
**Figure 28** - Shop for Store apps
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click to select an app, such as **Reader**. This opens the app page.
|
||||
3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
|
||||
@ -358,7 +358,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S
|
||||
|
||||
**Figure 29** - App inventory shows the purchased apps
|
||||
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
|
||||
@ -372,7 +372,7 @@ If you need to sync your most recently purchased apps and have it appear in your
|
||||
|
||||
**Figure 30** - Force a sync in Intune
|
||||
|
||||
|
||||
|
||||
|
||||
**To view purchased apps**
|
||||
- In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
|
||||
@ -393,7 +393,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi
|
||||
|
||||
**Figure 31** - First screen in Windows device setup
|
||||
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
|
||||
@ -403,13 +403,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi
|
||||
|
||||
**Figure 32** - Choose how you'll connect your Windows device
|
||||
|
||||
|
||||
|
||||
|
||||
4. In the **Let's get you signed in** screen, sign in using one of the user accounts you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
|
||||
|
||||
**Figure 33** - Sign in using one of the accounts you added
|
||||
|
||||
|
||||
|
||||
|
||||
5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
|
||||
|
||||
@ -430,7 +430,7 @@ In the <a href="https://manage.microsoft.com/" target="_blank">Intune management
|
||||
|
||||
**Figure 34** - Check the PC name on your device
|
||||
|
||||
|
||||
|
||||
|
||||
2. Log in to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>.
|
||||
3. Select **Groups** and then go to **Devices**.
|
||||
@ -441,7 +441,7 @@ In the <a href="https://manage.microsoft.com/" target="_blank">Intune management
|
||||
|
||||
**Figure 35** - Check that the device appears in Intune
|
||||
|
||||
|
||||
|
||||
|
||||
## 3. Manage device settings and features
|
||||
You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
|
||||
@ -460,7 +460,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
|
||||
|
||||
**Figure 36** - Reconfigure an app's deployment setting in Intune
|
||||
|
||||
|
||||
|
||||
|
||||
6. Click **Finish**.
|
||||
7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
|
||||
@ -470,7 +470,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
|
||||
|
||||
**Figure 37** - Confirm that additional apps were deployed to the device
|
||||
|
||||
|
||||
|
||||
|
||||
### 3.2 Configure other settings in Intune
|
||||
|
||||
@ -486,7 +486,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
|
||||
|
||||
**Figure 38** - Add a configuration policy
|
||||
|
||||
|
||||
|
||||
|
||||
7. Click **Save Policy**. A confirmation window will pop up.
|
||||
8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
|
||||
@ -495,7 +495,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
|
||||
|
||||
**Figure 39** - The new policy should appear in the **Policies** list.
|
||||
|
||||
|
||||
|
||||
|
||||
**To turn off Windows Hello and PINs during device setup**
|
||||
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin**.
|
||||
@ -504,7 +504,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
|
||||
|
||||
**Figure 40** - Policy to disable Windows Hello for Business
|
||||
|
||||
|
||||
|
||||
|
||||
4. Click **Save**.
|
||||
|
||||
@ -531,32 +531,32 @@ For other devices, such as those personally-owned by employees who need to conne
|
||||
|
||||
**Figure 41** - Add an Azure AD account to the device
|
||||
|
||||
|
||||
|
||||
|
||||
4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
|
||||
|
||||
**Figure 42** - Enter the account details
|
||||
|
||||
|
||||
|
||||
|
||||
5. You will be asked to update the password so enter a new password.
|
||||
6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
|
||||
|
||||
**Figure 43** - Make sure this is your organization
|
||||
|
||||
|
||||
|
||||
|
||||
7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
|
||||
|
||||
**Figure 44** - Confirmation that the device is now connected
|
||||
|
||||
|
||||
|
||||
|
||||
8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
|
||||
|
||||
**Figure 45** - Device is now enrolled in Azure AD
|
||||
|
||||
|
||||
|
||||
|
||||
9. You can confirm that the new device and user are showing up as Intune-managed by going to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
|
||||
|
||||
|
||||
@ -17,16 +17,16 @@ audience: itpro
|
||||
|
||||
# Windows 10 for SMB
|
||||
|
||||
|
||||
|
||||
|
||||
##  Learn
|
||||
##  Learn
|
||||
|
||||
<p><b><a href="https://business.microsoft.com/en-us/products/windows" target="_blank">Windows 10 for business</a></b><br />Learn how Windows 10 and Windows devices can help your business.</p>
|
||||
<p><b><a href="https://blogs.business.microsoft.com/" target="_blank">SMB blog</a></b><br />Read about the latest stories, technology insights, and business strategies for SMBs.</p>
|
||||
<p><b><a href="https://business.microsoft.com/en-us/products" target="_blank">How to buy</a></b><br />Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.</p>
|
||||
|
||||
|
||||
##  Deploy
|
||||
##  Deploy
|
||||
|
||||
<p><b><a href="cloud-mode-business-setup.md" data-raw-source="[Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)">Get started: Deploy and manage a full cloud IT solution for your business</a></b><br />Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.</p>
|
||||
|
||||
|
||||
@ -55,7 +55,7 @@ There are a couple of things we need to know when you pay for apps. You can add
|
||||
2. Select **Manage**, and then select **Settings**.
|
||||
3. On **Shop**, , under **Shopping behavior**, turn on or turn off **Allow users to shop**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Allow app requests
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ invoice and descriptions for each term.
|
||||
|
||||
The **Invoice Summary** is on the top of the first page and shows information about your billing profile and how you pay.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
| Term | Description |
|
||||
@ -68,7 +68,7 @@ The **Invoice Summary** is on the top of the first page and shows information ab
|
||||
The **Billing Summary** shows the charges against the billing profile since the previous billing period, any credits that were applied, tax, and the total amount due.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
| Term | Description |
|
||||
| --- | --- |
|
||||
@ -91,7 +91,7 @@ The total amount due for each service family is calculated by subtracting Azure
|
||||
|
||||
`Total = Charges/Credits - Azure Credit + Tax`
|
||||
|
||||
|
||||
|
||||
|
||||
| Term |Description |
|
||||
| --- | --- |
|
||||
|
||||
@ -91,7 +91,7 @@ Get-MSStoreInventory
|
||||
>1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com/).
|
||||
>2. Click **Manage** and then choose **Apps & software**.
|
||||
>3. Click the line-of-business app. The URL of the page will contain the product ID and SKU as part of the URL. For example:
|
||||
>
|
||||
>
|
||||
|
||||
## View people assigned to a product
|
||||
Most items in **Products and Services** in **Microsoft Store for Business and Education** need to be assigned to people in your org. You can view the people in your org assigned to a specific product by using these commands:
|
||||
|
||||
@ -36,23 +36,23 @@ The private store for your organization is a page in Microsoft Store app that co
|
||||
|
||||
1. Click the people icon in Microsoft Store app, and click **Sign in**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Click **Add account**, and then click **Work or school account**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Type the email account and password, and click **Sign in**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. You should see the private store for your organization. In our example, the page is named **Contoso publishing**.
|
||||
|
||||
|
||||
|
||||
|
||||
Click the private store to see apps in your private store.
|
||||
|
||||
|
||||
|
||||
|
||||
## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ Microsoft Store for Business and Education regularly releases new and improved f
|
||||
|
||||
:::row:::
|
||||
:::column span="1":::
|
||||
|
||||
|
||||
:::column-end:::
|
||||
:::column span="1":::
|
||||
**Use security groups with Private store apps**<br /><br /> On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store. <br /><br />[Get more info](./app-inventory-management-microsoft-store-for-business.md#private-store-availability)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education
|
||||
@ -38,7 +38,7 @@ Microsoft Store for Business and Education regularly releases new and improved f
|
||||
We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
|
||||
| | |
|
||||
|-----------------------|---------------------------------|
|
||||
|  |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](./manage-private-store-settings.md#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
|  |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](./manage-private-store-settings.md#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
| <iframe width="288" height="232" src="https://www.youtube-nocookie.com/embed/IpLIZU_j7Z0" frameborder="0" allowfullscreen></iframe>| **Manage Windows device deployment with Windows Autopilot Deployment** <br /><br /> In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device.<br /><br />[Get more info](add-profile-to-devices.md)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
|  |**Request an app**<br /><br />People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](./acquire-apps-microsoft-store-for-business.md#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
||  |**Private store collections**<br /><br> You can groups of apps in your private store with **Collections**. This can help you organize apps and help people find apps for their job or classroom. <br /><br />[Get more info](https://review.docs.microsoft.com/microsoft-store/manage-private-store-settings?branch=msfb-14856406#add-a-collection)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
|
||||
@ -46,7 +46,7 @@ You'll need to set up:
|
||||
- LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
|
||||
|
||||
The process and timing look like this:
|
||||
|
||||
|
||||
|
||||
## <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Admin)
|
||||
Admins need to invite developer or ISVs to become an LOB publisher.
|
||||
|
||||
@ -423,7 +423,7 @@ The process then configures the client for package or connection group additions
|
||||
|
||||
This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user).
|
||||
|
||||
|
||||
|
||||
|
||||
**Package add file and registry data**
|
||||
|
||||
@ -454,7 +454,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu
|
||||
|
||||
Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the Machine and User Catalog information in the preceding sections for details.
|
||||
|
||||
|
||||
|
||||
|
||||
**Package add file and registry data—global**
|
||||
|
||||
@ -481,7 +481,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A
|
||||
|
||||
7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as-needed basis.
|
||||
|
||||
|
||||
|
||||
|
||||
**Package add file and registry data—stream**
|
||||
|
||||
|
||||
@ -20,9 +20,9 @@ This checklist outlines the recommended steps and items to consider when deployi
|
||||
|
||||
|Status|Task|References|Notes|
|
||||
|---|---|---|---|
|
||||
||Prepare the computing environment for App-V deployment during your planning phase.|[App-V planning checklist](appv-planning-checklist.md)||
|
||||
||Review App-V's supported configurations.|[App-V supported configurations](appv-supported-configurations.md)||
|
||||
||Run App-V Setup to deploy the required App-V features for your environment.|[How to install the sequencer](appv-install-the-sequencer.md)<br>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)<br>[How to deploy the App-V server](appv-deploy-the-appv-server.md)||
|
||||
||Prepare the computing environment for App-V deployment during your planning phase.|[App-V planning checklist](appv-planning-checklist.md)||
|
||||
||Review App-V's supported configurations.|[App-V supported configurations](appv-supported-configurations.md)||
|
||||
||Run App-V Setup to deploy the required App-V features for your environment.|[How to install the sequencer](appv-install-the-sequencer.md)<br>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)<br>[How to deploy the App-V server](appv-deploy-the-appv-server.md)||
|
||||
|
||||
>[!NOTE]
|
||||
>Keep track of server names and associated URLs you create during installation. You'll need this information throughout the installation process.
|
||||
|
||||
@ -28,7 +28,7 @@ The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit
|
||||
1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
|
||||
2. Select the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
|
||||
|
||||
|
||||
|
||||
3. To open the Sequencer, go to the **Start** menu and select **Microsoft Application Virtualization (App-V) Sequencer**.
|
||||
|
||||
See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
|
||||
|
||||
@ -23,12 +23,12 @@ This checklist can be used to help you plan for preparing your organization for
|
||||
|
||||
|Status|Task|References|Notes|
|
||||
|---|---|---|---|
|
||||
||Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.|[Getting started with App-V](appv-getting-started.md)||
|
||||
||Plan for App-V deployment prerequisites and prepare your computing environment.|[App-V prerequisites](appv-prerequisites.md)||
|
||||
||If you plan to use the App-V management server, plan for the required roles.|[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md)||
|
||||
||Plan for the App-V sequencer and client to create and run virtualized applications.|[Planning for the App-V Sequencer and client deployment](appv-planning-for-sequencer-and-client-deployment.md)||
|
||||
||If applicable, review the options and steps for migrating from a previous version of App-V.|[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md)||
|
||||
||Decide whether to configure App-V clients in Shared Content Store mode.|[Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)||
|
||||
||Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.|[Getting started with App-V](appv-getting-started.md)||
|
||||
||Plan for App-V deployment prerequisites and prepare your computing environment.|[App-V prerequisites](appv-prerequisites.md)||
|
||||
||If you plan to use the App-V management server, plan for the required roles.|[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md)||
|
||||
||Plan for the App-V sequencer and client to create and run virtualized applications.|[Planning for the App-V Sequencer and client deployment](appv-planning-for-sequencer-and-client-deployment.md)||
|
||||
||If applicable, review the options and steps for migrating from a previous version of App-V.|[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md)||
|
||||
||Decide whether to configure App-V clients in Shared Content Store mode.|[Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -23,15 +23,15 @@ Enterprise users want the same ability to enable or limit background activity. I
|
||||
|
||||
Users have the ability to control background activity for their device through two interfaces in the **Settings** app: the **Background apps** page and the **Battery usage by app** page. The **Background apps** page has a master switch to turn background activity on or off for all apps, and provides individual switches to control each app's ability to run in the background.
|
||||
|
||||
|
||||
|
||||
|
||||
The **Battery usage by app** page allows fine-grained tuning of background activity. Users have the ability to set background activity to by **Managed By Windows**, as well as turning it on or off for each app. Only devices with a battery have this page available in the **Settings** app. Here is the set of available controls on desktop:
|
||||
|
||||
|
||||
|
||||
|
||||
Here is the set of available controls for mobile devices:
|
||||
|
||||
|
||||
|
||||
|
||||
Although the user interface differs across editions of the operating system, the policy and developer interface is consistent across Windows 10. For more information about these controls, see [Optimize background activity](/windows/uwp/debug-test-perf/optimize-background-activity).
|
||||
|
||||
|
||||
@ -102,19 +102,19 @@ If a per-user service can't be disabled using a the security template, you can d
|
||||
|
||||
5. Right-click **Registry** > **New** > **Registry Item**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Make sure that HKEY_Local_Machine is selected for Hive and then click ... (the ellipses) next to Key Path.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and click **Select**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Change **Value data** from **00000003** to **00000004** and click **OK**. Note setting the Value data to **4** = **Disabled**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. To add the other services that cannot be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
|
||||
|
||||
@ -140,14 +140,14 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE
|
||||
|
||||
If you cannot use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
|
||||
|
||||
|
||||
|
||||
|
||||
> [!CAUTION]
|
||||
> We recommend that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the Registry Editor or by the Windows operating system before they are applied. As a result, incorrect values can be stored, and this can result in unrecoverable errors in the system. When possible, instead of editing the registry directly, use Group Policy or other Windows tools such as the Microsoft Management Console (MMC) to accomplish tasks. If you must edit the registry, use extreme caution.
|
||||
|
||||
Beginning with Windows 10, version 1709 and Windows Server, version 1709, you can prevent the per-user service from being created by setting **UserServiceFlags** to 0 under the same service configuration in the registry:
|
||||
|
||||
|
||||
|
||||
|
||||
### Manage template services by modifying the Windows image
|
||||
|
||||
@ -186,4 +186,4 @@ For example, you might see the following per-user services listed in the Service
|
||||
|
||||
You can query the service configuration from the command line. The **Type** value indicates whether the service is a user-service template or user-service instance.
|
||||
|
||||
|
||||
|
||||
@ -48,11 +48,11 @@ Refactoring also makes it easier to view running processes in Task Manager. You
|
||||
|
||||
For example, here are the running processes displayed in Task Manager in Windows 10 version 1607:
|
||||
|
||||
|
||||
|
||||
|
||||
Compare that to the same view of running processes in Windows 10 version 1703:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -66,7 +66,7 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
|
||||
The default value of **1** prevents the service from being split.
|
||||
|
||||
For example, this is the registry key configuration for BFE:
|
||||
|
||||
|
||||
|
||||
## Memory footprint
|
||||
|
||||
@ -77,7 +77,7 @@ Consider the following:
|
||||
|
||||
|Grouped Services (< 3.5GB) | Split Services (3.5GB+)
|
||||
|--------------------------------------- | ------------------------------------------ |
|
||||
| | |
|
||||
| | |
|
||||
|
||||
> [!NOTE]
|
||||
> The above represents the peak observed values.
|
||||
|
||||
@ -23,11 +23,11 @@ ms.topic: article
|
||||
|
||||
Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
|
||||
|
||||
|
||||
|
||||
|
||||
The tools in the folder might vary depending on which edition of Windows you are using.
|
||||
|
||||
|
||||
|
||||
|
||||
These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows 10. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
|
||||
|
||||
|
||||
@ -41,53 +41,53 @@ Check Windows Security Event log on the NPS Server for NPS events that correspon
|
||||
|
||||
In the event message, scroll to the very bottom, and then check the [Reason Code](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
|
||||
|
||||
|
||||
|
||||
*Example: event ID 6273 (Audit Failure)*<br><br>
|
||||
|
||||
|
||||
|
||||
*Example: event ID 6272 (Audit Success)*<br>
|
||||
|
||||
The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
|
||||
|
||||
On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to **..\Wired-AutoConfig/Operational**. See the following example:
|
||||
|
||||
|
||||
|
||||
|
||||
Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation check failure.
|
||||
|
||||
First, validate the type of EAP method that's used:
|
||||
|
||||
|
||||
|
||||
|
||||
If a certificate is used for its authentication method, check whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Select and hold (or right-click) the policy, and then select **Properties**. In the pop-up window, go to the **Constraints** tab, and then select the **Authentication Methods** section.
|
||||
|
||||
|
||||
|
||||
|
||||
The CAPI2 event log is useful for troubleshooting certificate-related issues.
|
||||
By default, this log isn't enabled. To enable this log, expand **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, select and hold (or right-click) **Operational**, and then select **Enable Log**.
|
||||
|
||||
|
||||
|
||||
|
||||
For information about how to analyze CAPI2 event logs, see
|
||||
[Troubleshooting PKI Problems on Windows Vista](/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
|
||||
|
||||
When troubleshooting complex 802.1X authentication issues, it's important to understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
|
||||
|
||||
|
||||
|
||||
|
||||
If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter for a client-side capture, and **EAP** for an NPS-side capture. See the following examples:
|
||||
|
||||
|
||||
|
||||
*Client-side packet capture data*<br><br>
|
||||
|
||||
|
||||
|
||||
*NPS-side packet capture data*<br>
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> If you have a wireless trace, you can also [view ETL files with network monitor](/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. If you need to load the required [parser](/archive/blogs/netmon/parser-profiles-in-network-monitor-3-4), see the instructions under the **Help** menu in Network Monitor. Here's an example:
|
||||
|
||||
|
||||
|
||||
|
||||
## Audit policy
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ The kernel passes control to the session manager process (Smss.exe) which initia
|
||||
|
||||
Here is a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
|
||||
|
||||
<br>
|
||||
<br>
|
||||
[Click to enlarge](img-boot-sequence.md)<br>
|
||||
|
||||
|
||||
|
||||
@ -152,7 +152,7 @@ The important components of the MSM include:
|
||||
- Security Manager (SecMgr) - handles all pre and post-connection security operations.
|
||||
- Authentication Engine (AuthMgr) – Manages 802.1x auth requests
|
||||
|
||||
|
||||
|
||||
|
||||
Each of these components has their own individual state machines which follow specific transitions.
|
||||
Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** filters in TextAnalysisTool for more detail.
|
||||
@ -327,4 +327,4 @@ Copy and paste all the lines below and save them into a text file named "wifi.ta
|
||||
|
||||
In the following example, the **View** settings are configured to **Show Only Filtered Lines**.
|
||||
|
||||
|
||||
|
||||
@ -54,4 +54,4 @@ To change the policy for an external storage device:
|
||||
|
||||
7. Select the policy that you want to use.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ ms.topic: article
|
||||
|
||||
From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
|
||||
|
||||
|
||||
|
||||
|
||||
## Set up
|
||||
|
||||
@ -40,7 +40,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
|
||||
|
||||
2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
|
||||
|
||||
|
||||
@ -14,4 +14,4 @@ ms.prod: w10
|
||||
|
||||
Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
|
||||
|
||||
|
||||
|
||||
|
||||
@ -56,13 +56,13 @@ Page files extend how much "committed memory" (also known as "virtual memory") i
|
||||
|
||||
The system commit memory limit is the sum of physical memory and all page files combined. It represents the maximum system-committed memory (also known as the "system commit charge") that the system can support.
|
||||
|
||||
|
||||
|
||||
|
||||
The system commit charge is the total committed or "promised" memory of all committed virtual memory in the system. If the system commit charge reaches the system commit limit, the system and processes might not get committed memory. This condition can cause freezing, crashing, and other malfunctions. Therefore, make sure that you set the system commit limit high enough to support the system commit charge during peak usage.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The \Memory\% Committed Bytes In Use counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
|
||||
|
||||
|
||||
@ -212,7 +212,7 @@ This policy setting will change the evaluation order in which Allow and Prevent
|
||||
|
||||
Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
|
||||
|
||||
<br/>_Device Installation policies flow chart_
|
||||
<br/>_Device Installation policies flow chart_
|
||||
|
||||
|
||||
|
||||
@ -261,17 +261,17 @@ To find device identification strings using Device Manager
|
||||
|
||||
4. Find the “Printers” section and find the target printer
|
||||
|
||||
<br/>_Selecting the printer in Device Manager_
|
||||
<br/>_Selecting the printer in Device Manager_
|
||||
|
||||
5. Double-click the printer and move to the ‘Details’ tab.
|
||||
|
||||
<br/>_Open the ‘Details’ tab to look for the device identifiers_
|
||||
<br/>_Open the ‘Details’ tab to look for the device identifiers_
|
||||
|
||||
6. From the ‘Value’ window, copy the most detailed Hardware ID – we will use this in the policies.
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>_HWID and Compatible ID_
|
||||
<br/>_HWID and Compatible ID_
|
||||
|
||||
> [!TIP]
|
||||
> You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil) in Microsoft Docs.
|
||||
@ -360,7 +360,7 @@ Creating the policy to prevent all printers from being installed:
|
||||
|
||||
6. Enter the printer class GUID you found above with the curly braces (this is important! Otherwise, it won’t work): {4d36e979-e325-11ce-bfc1-08002be10318}
|
||||
|
||||
<br/>_List of prevent Class GUIDs_
|
||||
<br/>_List of prevent Class GUIDs_
|
||||
|
||||
7. Click ‘OK’.
|
||||
|
||||
@ -399,7 +399,7 @@ Getting the right device identifier to prevent it from being installed:
|
||||
|
||||
1. Get your printer’s Hardware ID – in this example we will use the identifier we found previously
|
||||
|
||||
<br/>_Printer Hardware ID_
|
||||
<br/>_Printer Hardware ID_
|
||||
|
||||
2. Write down the device ID (in this case Hardware ID) – WSDPRINT\CanonMX920_seriesC1A0; Take the more specific identifier to make sure you block a specific printer and not a family of printers
|
||||
|
||||
@ -417,7 +417,7 @@ Creating the policy to prevent a single printer from being installed:
|
||||
|
||||
5. Enter the printer device ID you found above – WSDPRINT\CanonMX920_seriesC1A0
|
||||
|
||||
<br/>_Prevent Device ID list_
|
||||
<br/>_Prevent Device ID list_
|
||||
|
||||
6. Click ‘OK’.
|
||||
|
||||
@ -477,7 +477,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
|
||||
|
||||
6. Enter the printer class GUID you found above with the curly braces (this is important! Otherwise, it won’t work): {4d36e979-e325-11ce-bfc1-08002be10318}
|
||||
|
||||
<br/>_List of prevent Class GUIDs_
|
||||
<br/>_List of prevent Class GUIDs_
|
||||
|
||||
7. Click ‘OK’.
|
||||
|
||||
@ -489,7 +489,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
|
||||
|
||||
|
||||
|
||||
<br/>_Apply layered order of evaluation policy_
|
||||
<br/>_Apply layered order of evaluation policy_
|
||||
|
||||
9. Now Open **Allow installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
|
||||
|
||||
@ -497,7 +497,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
|
||||
|
||||
11. Enter the printer device ID you found above: WSDPRINT\CanonMX920_seriesC1A0.
|
||||
|
||||
<br/>_Allow Printer Hardware ID_
|
||||
<br/>_Allow Printer Hardware ID_
|
||||
|
||||
12. Click ‘OK’.
|
||||
|
||||
@ -532,22 +532,22 @@ Getting the right device identifier to prevent it from being installed and its l
|
||||
|
||||
3. Find the USB thumb-drive and select it.
|
||||
|
||||
<br/>_Selecting the usb thumb-drive in Device Manager_
|
||||
<br/>_Selecting the usb thumb-drive in Device Manager_
|
||||
|
||||
4. Change View (in the top menu) to ‘Devices by connections’. This view represents the way devices are installed in the PnP tree.
|
||||
|
||||
<br/>_Changing view in Device Manager to see the PnP connection tree_
|
||||
<br/>_Changing view in Device Manager to see the PnP connection tree_
|
||||
|
||||
> [!NOTE]
|
||||
> When blocking\Preventing a device that sits higher in the PnP tree, all the devices that sit under it will be blocked. For example: Preventing a “Generic USB Hub” from being installed, all the devices that lay below a “Generic USB Hub” will be blocked.
|
||||
|
||||
<br/>_When blocking one device, all the devices that are nested below it will be blocked as well_
|
||||
<br/>_When blocking one device, all the devices that are nested below it will be blocked as well_
|
||||
|
||||
5. Double-click the USB thumb-drive and move to the ‘Details’ tab.
|
||||
|
||||
6. From the ‘Value’ window, copy the most detailed Hardware ID—we will use this in the policies. In this case Device ID = USBSTOR\DiskGeneric_Flash_Disk______8.07
|
||||
|
||||
<br/>_USB device hardware IDs_
|
||||
<br/>_USB device hardware IDs_
|
||||
|
||||
Creating the policy to prevent a single USB thumb-drive from being installed:
|
||||
|
||||
@ -563,7 +563,7 @@ Creating the policy to prevent a single USB thumb-drive from being installed:
|
||||
|
||||
5. Enter the USB thumb-drive device ID you found above – USBSTOR\DiskGeneric_Flash_Disk______8.07
|
||||
|
||||
<br/>_Prevent Device IDs list_
|
||||
<br/>_Prevent Device IDs list_
|
||||
|
||||
6. Click ‘OK’.
|
||||
|
||||
@ -620,7 +620,7 @@ As mentioned in scenario #4, it is not enough to enable only a single hardware I
|
||||
- “USB Root Hub (USB 3.0)” -> USB\ROOT_HUB30
|
||||
- “Generic USB Hub” -> USB\USB20_HUB
|
||||
|
||||
<br/>_USB devices nested under each other in the PnP tree_
|
||||
<br/>_USB devices nested under each other in the PnP tree_
|
||||
|
||||
These devices are internal devices on the machine that define the USB port connection to the outside world. Enabling them should not enable any external/peripheral device from being installed on the machine.
|
||||
|
||||
@ -663,7 +663,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
|
||||
|
||||
9. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it – this policy will enable you to override the wide coverage of the ‘Prevent’ policy with a specific device.
|
||||
|
||||
<br/>_Apply layered order of evaluation policy_
|
||||
<br/>_Apply layered order of evaluation policy_
|
||||
|
||||
10. Now Open **Allow installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
|
||||
|
||||
@ -671,7 +671,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
|
||||
|
||||
12. Enter the full list of USB device IDs you found above including the specific USB Thumb-drive you would like to authorize for installation – USBSTOR\DiskGeneric_Flash_Disk______8.07
|
||||
|
||||
<br/>_Allowed USB Device IDs list_
|
||||
<br/>_Allowed USB Device IDs list_
|
||||
|
||||
13. Click ‘OK’.
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ Policy paths:
|
||||
|
||||
**User Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Configuring the Group Policy
|
||||
|
||||
|
||||
@ -92,7 +92,7 @@ For more information about how Windows 10 and Azure AD optimize access to work r
|
||||
|
||||
As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD.
|
||||
|
||||
|
||||
|
||||
|
||||
## Settings and Configuration
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ First, you create a default user profile with the customizations that you want,
|
||||
> [!TIP]
|
||||
> If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\\System32\\Sysprep\\Panther\\setupact.log and look for an entry like the following:
|
||||
>
|
||||
> 
|
||||
> 
|
||||
>
|
||||
> Use the [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage?view=win10-ps&preserve-view=true) and [Remove-AppxPackage -AllUsers](/powershell/module/appx/remove-appxpackage?view=win10-ps&preserve-view=true) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
|
||||
|
||||
@ -86,11 +86,11 @@ First, you create a default user profile with the customizations that you want,
|
||||
1. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
1. In **Copy To**, under **Permitted to use**, click **Change**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
|
||||
|
||||
@ -98,11 +98,11 @@ First, you create a default user profile with the customizations that you want,
|
||||
|
||||
- If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
|
||||
|
||||
|
||||
|
||||
|
||||
- If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Click **OK** to copy the default user profile.
|
||||
|
||||
@ -139,9 +139,9 @@ When a user is configured with a mandatory profile, Windows 10 starts as though
|
||||
|
||||
| Group Policy setting | Windows 10 | Windows Server 2016 | Windows 8.1 | Windows Server 2012 |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled |  |  |  |  |
|
||||
| Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled |  |  |  |  |
|
||||
| Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled |  |  |  |  |
|
||||
| Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled |  |  |  |  |
|
||||
| Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled |  |  |  |  |
|
||||
| Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled |  |  |  |  |
|
||||
|
||||
> [!NOTE]
|
||||
> The Group Policy settings above can be applied in Windows 10 Professional edition.
|
||||
|
||||
@ -22,7 +22,7 @@ AccountManagement CSP is used to configure setting in the Account Manager servic
|
||||
|
||||
The following diagram shows the AccountManagement configuration service provider in tree format.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="accountmanagement"></a>**./Vendor/MSFT/AccountManagement**
|
||||
Root node for the AccountManagement configuration service provider.
|
||||
|
||||
@ -21,45 +21,45 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
|
||||
|
||||
1. Sign up for Azure AD tenant from [this website](https://account.windowsazure.com/organization) by creating an administrator account for your organization.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Enter the information for your organization. Select **check availability** to verify that domain name that you selected is available.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Complete the login and country information. Enter a valid phone number, then select **Send text message** or **Call me**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Enter the code that you receive and then select **Verify code**. After the code is verified and the continue button turns green, select **continue**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. After you finish creating your Azure account, you can add an Azure AD subscription.
|
||||
|
||||
If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to the Office 356 portal at https://portal.office.com/, and then sign in using the admin account that you created in Step 4 (for example, user1@contosoltd.onmicrosoftcom).
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select **Install software**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation.
|
||||
|
||||
|
||||
|
||||
|
||||
8. On the **Purchase services** page, scroll down until you see **Azure Active Directory Premium**, then select to purchase.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Continue with your purchase.
|
||||
|
||||
|
||||
|
||||
|
||||
10. After the purchase is completed, you can log in to your Office 365 Admin Portal and you will see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint, Exchange, etc....).
|
||||
|
||||
|
||||
|
||||
|
||||
When you choose Azure AD, it will take you to the Azure AD portal where you can manage your Azure AD applications.
|
||||
|
||||
@ -69,27 +69,27 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
|
||||
|
||||
1. Sign in to the Microsoft 365 admin center at <https://portal.office.com> using your organization's account.
|
||||
|
||||
|
||||
|
||||
|
||||
2. On the **Home** page, select on the Admin tools icon.
|
||||
|
||||
|
||||
|
||||
|
||||
3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
|
||||
|
||||
|
||||
|
||||
|
||||
4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. It may take a few minutes to process the request.
|
||||
|
||||
|
||||
|
||||
|
||||
6. You will see a welcome page when the process completes.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -263,16 +263,16 @@ Supported operations are Get, Add, Delete, and Replace.
|
||||
|
||||
The **Device Portal** page opens on your browser.
|
||||
|
||||
|
||||
|
||||
|
||||
8. On the desktop **Device Portal** page, click **Apps** to open the **App Manager**.
|
||||
9. On the **App Manager** page under **Running apps**, you will see the **Publisher** and **PackageFullName** of apps.
|
||||
|
||||
|
||||
|
||||
|
||||
10. If you do not see the app that you want, look under **Installed apps**. Using the drop- down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed.
|
||||
|
||||
|
||||
|
||||
|
||||
The following table shows the mapping of information to the AppLocker publisher rule field.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ manager: dansimp
|
||||
|
||||
[EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md)
|
||||
|
||||
|
||||
|
||||
|
||||
<p>(./User/Vendor/MSFT/EnterpriseAppVManagement) contains the following sub-nodes.</p>
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ After the users accepts the Terms of Use, the device is registered in Azure AD a
|
||||
|
||||
The following diagram illustrates the high-level flow involved in the actual enrollment process. The device is first registered with Azure AD. This process assigns a unique device identifier to the device and presents the device with the ability to authenticate itself with Azure AD (device authentication). Subsequently, the device is enrolled for management with the MDM. This is done by calling the enrollment endpoint and requesting enrollment for the user and device. At this point, the user has been authenticated and device has been registered and authenticated with Azure AD. This information is made available to the MDM in the form of claims within an access token presented at the enrollment endpoint.
|
||||
|
||||
|
||||
|
||||
|
||||
The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this topic.
|
||||
|
||||
@ -173,7 +173,7 @@ IT administrators use the Azure AD app gallery to add an MDM for their organizat
|
||||
|
||||
The following image illustrates how MDM applications will show up in the Azure app gallery in a category dedicated to MDM software.
|
||||
|
||||
|
||||
|
||||
|
||||
### Add cloud-based MDM to the app gallery
|
||||
|
||||
@ -195,24 +195,24 @@ The following table shows the required information to create an entry in the Azu
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p><strong>Application ID</strong></p></td>
|
||||
<td style="vertical-align:top"><p>The client ID of your MDM app that is configured within your tenant. This is the unique identifier for your multi-tenant app.</p></td>
|
||||
<td><p><strong>Application ID</strong></p></td>
|
||||
<td><p>The client ID of your MDM app that is configured within your tenant. This is the unique identifier for your multi-tenant app.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p><strong>Publisher</strong></p></td>
|
||||
<td style="vertical-align:top"><p>A string that identifies the publisher of the app.</p></td>
|
||||
<td><p><strong>Publisher</strong></p></td>
|
||||
<td><p>A string that identifies the publisher of the app.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p><strong>Application URL</strong></p></td>
|
||||
<td style="vertical-align:top"><p>A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL is not used for the actual enrollment.</p></td>
|
||||
<td><p><strong>Application URL</strong></p></td>
|
||||
<td><p>A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL is not used for the actual enrollment.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p><strong>Description</strong></p></td>
|
||||
<td style="vertical-align:top"><p>A brief description of your MDM app, which must be under 255 characters.</p></td>
|
||||
<td><p><strong>Description</strong></p></td>
|
||||
<td><p>A brief description of your MDM app, which must be under 255 characters.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p><strong>Icons</strong></p></td>
|
||||
<td style="vertical-align:top"><p>A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215</p></td>
|
||||
<td><p><strong>Icons</strong></p></td>
|
||||
<td><p>A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -261,19 +261,19 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">FRX</td>
|
||||
<td style="vertical-align:top">OOBE</td>
|
||||
<td style="vertical-align:top">Dark theme + blue background color</td>
|
||||
<td style="vertical-align:top">Filename: Ui-dark.css</td>
|
||||
<td style="vertical-align:top">Filename: oobe-dekstop.css</td>
|
||||
<td>FRX</td>
|
||||
<td>OOBE</td>
|
||||
<td>Dark theme + blue background color</td>
|
||||
<td>Filename: Ui-dark.css</td>
|
||||
<td>Filename: oobe-dekstop.css</td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">MOSET</td>
|
||||
<td style="vertical-align:top">Settings/
|
||||
<td>MOSET</td>
|
||||
<td>Settings/
|
||||
<p>Post OOBE</p></td>
|
||||
<td style="vertical-align:top">Light theme</td>
|
||||
<td style="vertical-align:top">Filename: Ui-light.css</td>
|
||||
<td style="vertical-align:top">Filename: settings-desktop.css</td>
|
||||
<td>Light theme</td>
|
||||
<td>Filename: Ui-light.css</td>
|
||||
<td>Filename: settings-desktop.css</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -302,20 +302,20 @@ The following parameters are passed in the query string:
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>redirect_uri</p></td>
|
||||
<td style="vertical-align:top"><p>After the user accepts or rejects the Terms of Use, the user is redirected to this URL.</p></td>
|
||||
<td><p>redirect_uri</p></td>
|
||||
<td><p>After the user accepts or rejects the Terms of Use, the user is redirected to this URL.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>client-request-id</p></td>
|
||||
<td style="vertical-align:top"><p>A GUID that is used to correlate logs for diagnostic and debugging purposes. You use this parameter to log or trace the state of the enrollment request to help find the root cause in case of failures.</p></td>
|
||||
<td><p>client-request-id</p></td>
|
||||
<td><p>A GUID that is used to correlate logs for diagnostic and debugging purposes. You use this parameter to log or trace the state of the enrollment request to help find the root cause in case of failures.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>api-version</p></td>
|
||||
<td style="vertical-align:top"><p>Specifies the version of the protocol requested by the client. This provides a mechanism to support version revisions of the protocol.</p></td>
|
||||
<td><p>api-version</p></td>
|
||||
<td><p>Specifies the version of the protocol requested by the client. This provides a mechanism to support version revisions of the protocol.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>mode</p></td>
|
||||
<td style="vertical-align:top"><p>Specifies that the device is corporate owned when mode=azureadjoin. This parameter is not present for BYOD devices.</p></td>
|
||||
<td><p>mode</p></td>
|
||||
<td><p>Specifies that the device is corporate owned when mode=azureadjoin. This parameter is not present for BYOD devices.</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -342,20 +342,20 @@ The following claims are expected in the access token passed by Windows to the T
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Object ID</p></td>
|
||||
<td style="vertical-align:top"><p>Identifier of the user object corresponding to the authenticated user.</p></td>
|
||||
<td><p>Object ID</p></td>
|
||||
<td><p>Identifier of the user object corresponding to the authenticated user.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>UPN</p></td>
|
||||
<td style="vertical-align:top"><p>A claim containing the user principal name (UPN) of the authenticated user.</p></td>
|
||||
<td><p>UPN</p></td>
|
||||
<td><p>A claim containing the user principal name (UPN) of the authenticated user.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>TID</p></td>
|
||||
<td style="vertical-align:top"><p>A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.</p></td>
|
||||
<td><p>TID</p></td>
|
||||
<td><p>A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Resource</p></td>
|
||||
<td style="vertical-align:top"><p>A sanitized URL representing the MDM application. Example, https:<span></span>//fabrikam.contosomdm.com.</p></td>
|
||||
<td><p>Resource</p></td>
|
||||
<td><p>A sanitized URL representing the MDM application. Example, https:<span></span>//fabrikam.contosomdm.com.</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -438,28 +438,28 @@ The following table shows the error codes.
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>api-version</p></td>
|
||||
<td style="vertical-align:top"><p>302</p></td>
|
||||
<td style="vertical-align:top"><p>invalid_request</p></td>
|
||||
<td style="vertical-align:top"><p>unsupported version</p></td>
|
||||
<td><p>api-version</p></td>
|
||||
<td><p>302</p></td>
|
||||
<td><p>invalid_request</p></td>
|
||||
<td><p>unsupported version</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Tenant or user data are missing or other required prerequisites for device enrollment are not met</p></td>
|
||||
<td style="vertical-align:top"><p>302</p></td>
|
||||
<td style="vertical-align:top"><p>unauthorized_client</p></td>
|
||||
<td style="vertical-align:top"><p>unauthorized user or tenant</p></td>
|
||||
<td><p>Tenant or user data are missing or other required prerequisites for device enrollment are not met</p></td>
|
||||
<td><p>302</p></td>
|
||||
<td><p>unauthorized_client</p></td>
|
||||
<td><p>unauthorized user or tenant</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Azure AD token validation failed</p></td>
|
||||
<td style="vertical-align:top"><p>302</p></td>
|
||||
<td style="vertical-align:top"><p>unauthorized_client</p></td>
|
||||
<td style="vertical-align:top"><p>unauthorized_client</p></td>
|
||||
<td><p>Azure AD token validation failed</p></td>
|
||||
<td><p>302</p></td>
|
||||
<td><p>unauthorized_client</p></td>
|
||||
<td><p>unauthorized_client</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>internal service error</p></td>
|
||||
<td style="vertical-align:top"><p>302</p></td>
|
||||
<td style="vertical-align:top"><p>server_error</p></td>
|
||||
<td style="vertical-align:top"><p>internal service error</p></td>
|
||||
<td><p>internal service error</p></td>
|
||||
<td><p>302</p></td>
|
||||
<td><p>server_error</p></td>
|
||||
<td><p>internal service error</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -486,104 +486,104 @@ With Azure integrated MDM enrollment, there is no discovery phase and the discov
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>MDM auto-discovery using email address to retrieve MDM discovery URL</p></td>
|
||||
<td style="vertical-align:top"><p>Enrollment</p></td>
|
||||
<td style="vertical-align:top"><p>Not applicable</p>
|
||||
<td><p>MDM auto-discovery using email address to retrieve MDM discovery URL</p></td>
|
||||
<td><p>Enrollment</p></td>
|
||||
<td><p>Not applicable</p>
|
||||
<p>Discovery URL provisioned in Azure</p></td>
|
||||
<td style="vertical-align:top"><p></p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Uses MDM discovery URL</p></td>
|
||||
<td style="vertical-align:top"><p>Enrollment</p>
|
||||
<td><p>Uses MDM discovery URL</p></td>
|
||||
<td><p>Enrollment</p>
|
||||
<p>Enrollment renewal</p>
|
||||
<p>ROBO</p></td>
|
||||
<td style="vertical-align:top"><p>Enrollment</p>
|
||||
<td><p>Enrollment</p>
|
||||
<p>Enrollment renewal</p>
|
||||
<p>ROBO</p></td>
|
||||
<td style="vertical-align:top"><p>Enrollment</p>
|
||||
<td><p>Enrollment</p>
|
||||
<p>Enrollment renewal</p>
|
||||
<p>ROBO</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Is MDM enrollment required?</p></td>
|
||||
<td style="vertical-align:top"><p>Yes</p></td>
|
||||
<td style="vertical-align:top"><p>Yes</p></td>
|
||||
<td style="vertical-align:top"><p>No</p>
|
||||
<td><p>Is MDM enrollment required?</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>No</p>
|
||||
<p>User can decline.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Authentication type</p></td>
|
||||
<td style="vertical-align:top"><p>OnPremise</p>
|
||||
<td><p>Authentication type</p></td>
|
||||
<td><p>OnPremise</p>
|
||||
<p>Federated</p>
|
||||
<p>Certificate</p></td>
|
||||
<td style="vertical-align:top"><p>Federated</p></td>
|
||||
<td style="vertical-align:top"><p>Federated</p></td>
|
||||
<td><p>Federated</p></td>
|
||||
<td><p>Federated</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>EnrollmentPolicyServiceURL</p></td>
|
||||
<td style="vertical-align:top"><p>Optional (all auth)</p></td>
|
||||
<td style="vertical-align:top"><p>Optional (all auth)</p>
|
||||
<td><p>EnrollmentPolicyServiceURL</p></td>
|
||||
<td><p>Optional (all auth)</p></td>
|
||||
<td><p>Optional (all auth)</p>
|
||||
<p></p></td>
|
||||
<td style="vertical-align:top"><p>Optional (all auth)</p>
|
||||
<td><p>Optional (all auth)</p>
|
||||
<p></p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>EnrollmentServiceURL</p></td>
|
||||
<td style="vertical-align:top"><p>Required (all auth)</p></td>
|
||||
<td style="vertical-align:top"><p>Used (all auth)</p></td>
|
||||
<td style="vertical-align:top"><p>Used (all auth)</p></td>
|
||||
<td><p>EnrollmentServiceURL</p></td>
|
||||
<td><p>Required (all auth)</p></td>
|
||||
<td><p>Used (all auth)</p></td>
|
||||
<td><p>Used (all auth)</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>EnrollmentServiceURL includes OS Version, OS Platform, and other attributes provided by MDM discovery URL</p></td>
|
||||
<td style="vertical-align:top"><p>Highly recommended</p></td>
|
||||
<td style="vertical-align:top"><p>Highly recommended</p></td>
|
||||
<td style="vertical-align:top"><p>Highly recommended</p></td>
|
||||
<td><p>EnrollmentServiceURL includes OS Version, OS Platform, and other attributes provided by MDM discovery URL</p></td>
|
||||
<td><p>Highly recommended</p></td>
|
||||
<td><p>Highly recommended</p></td>
|
||||
<td><p>Highly recommended</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>AuthenticationServiceURL used</p></td>
|
||||
<td style="vertical-align:top"><p>Used (Federated auth)</p></td>
|
||||
<td style="vertical-align:top"><p>Skipped</p></td>
|
||||
<td style="vertical-align:top"><p>Skipped</p></td>
|
||||
<td><p>AuthenticationServiceURL used</p></td>
|
||||
<td><p>Used (Federated auth)</p></td>
|
||||
<td><p>Skipped</p></td>
|
||||
<td><p>Skipped</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>BinarySecurityToken</p></td>
|
||||
<td style="vertical-align:top"><p>Custom per MDM</p></td>
|
||||
<td style="vertical-align:top"><p>Azure AD issued token</p></td>
|
||||
<td style="vertical-align:top"><p>Azure AD issued token</p></td>
|
||||
<td><p>BinarySecurityToken</p></td>
|
||||
<td><p>Custom per MDM</p></td>
|
||||
<td><p>Azure AD issued token</p></td>
|
||||
<td><p>Azure AD issued token</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>EnrollmentType</p></td>
|
||||
<td style="vertical-align:top"><p>Full</p></td>
|
||||
<td style="vertical-align:top"><p>Device</p></td>
|
||||
<td style="vertical-align:top"><p>Full</p></td>
|
||||
<td><p>EnrollmentType</p></td>
|
||||
<td><p>Full</p></td>
|
||||
<td><p>Device</p></td>
|
||||
<td><p>Full</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Enrolled certificate type</p></td>
|
||||
<td style="vertical-align:top"><p>User certificate</p></td>
|
||||
<td style="vertical-align:top"><p>Device certificate</p></td>
|
||||
<td style="vertical-align:top"><p>User certificate</p></td>
|
||||
<td><p>Enrolled certificate type</p></td>
|
||||
<td><p>User certificate</p></td>
|
||||
<td><p>Device certificate</p></td>
|
||||
<td><p>User certificate</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Enrolled certificate store</p></td>
|
||||
<td style="vertical-align:top"><p>My/User</p></td>
|
||||
<td style="vertical-align:top"><p>My/System</p></td>
|
||||
<td style="vertical-align:top"><p>My/User</p></td>
|
||||
<td><p>Enrolled certificate store</p></td>
|
||||
<td><p>My/User</p></td>
|
||||
<td><p>My/System</p></td>
|
||||
<td><p>My/User</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>CSR subject name</p></td>
|
||||
<td style="vertical-align:top"><p>User Principal Name</p></td>
|
||||
<td style="vertical-align:top"><p>Device ID</p></td>
|
||||
<td style="vertical-align:top"><p>User Principal Name</p></td>
|
||||
<td><p>CSR subject name</p></td>
|
||||
<td><p>User Principal Name</p></td>
|
||||
<td><p>Device ID</p></td>
|
||||
<td><p>User Principal Name</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL</p></td>
|
||||
<td style="vertical-align:top"><p>Not supported</p></td>
|
||||
<td style="vertical-align:top"><p>Supported</p></td>
|
||||
<td style="vertical-align:top"><p>Supported</p></td>
|
||||
<td><p>EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL</p></td>
|
||||
<td><p>Not supported</p></td>
|
||||
<td><p>Supported</p></td>
|
||||
<td><p>Supported</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>CSPs accessible during enrollment</p></td>
|
||||
<td style="vertical-align:top"><p>Windows 10 support:</p>
|
||||
<td><p>CSPs accessible during enrollment</p></td>
|
||||
<td><p>Windows 10 support:</p>
|
||||
<ul>
|
||||
<li>DMClient</li>
|
||||
<li>CertificateStore</li>
|
||||
@ -598,8 +598,8 @@ With Azure integrated MDM enrollment, there is no discovery phase and the discov
|
||||
<ul>
|
||||
<li>EnterpriseAppManagement (Windows Phone 8.1)</li>
|
||||
</ul></td>
|
||||
<td style="vertical-align:top"><p>same as traditional MDM enrollment</p></td>
|
||||
<td style="vertical-align:top"><p>same as traditional MDM enrollment</p></td>
|
||||
<td><p>same as traditional MDM enrollment</p></td>
|
||||
<td><p>same as traditional MDM enrollment</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -732,7 +732,7 @@ Response:
|
||||
|
||||
When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
|
||||
|
||||
|
||||
|
||||
|
||||
## Error codes
|
||||
|
||||
@ -751,184 +751,184 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180001</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x80180001</td>
|
||||
<td>"idErrorServerConnectivity", // MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180002</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_AUTHENTICATION_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180002</td>
|
||||
<td>"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_AUTHENTICATION_ERROR</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180003</td>
|
||||
<td style="vertical-align:top">"idErrorAuthorizationFailure", // MENROLL_E_DEVICE_AUTHORIZATION_ERROR</td>
|
||||
<td style="vertical-align:top"><p>This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180003</td>
|
||||
<td>"idErrorAuthorizationFailure", // MENROLL_E_DEVICE_AUTHORIZATION_ERROR</td>
|
||||
<td><p>This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180004</td>
|
||||
<td style="vertical-align:top">"idErrorMDMCertificateError", // MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180004</td>
|
||||
<td>"idErrorMDMCertificateError", // MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR</td>
|
||||
<td><p>There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180005</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x80180005</td>
|
||||
<td>"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180006</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x80180006</td>
|
||||
<td>"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180007</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_INVALIDSECURITY_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180007</td>
|
||||
<td>"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_INVALIDSECURITY_ERROR</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180008</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // MENROLL_E_DEVICE_UNKNOWN_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x80180008</td>
|
||||
<td>"idErrorServerConnectivity", // MENROLL_E_DEVICE_UNKNOWN_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180009</td>
|
||||
<td style="vertical-align:top">"idErrorAlreadyInProgress", // MENROLL_E_ENROLLMENT_IN_PROGRESS</td>
|
||||
<td style="vertical-align:top"><p>Another enrollment is in progress. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180009</td>
|
||||
<td>"idErrorAlreadyInProgress", // MENROLL_E_ENROLLMENT_IN_PROGRESS</td>
|
||||
<td><p>Another enrollment is in progress. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x8018000A</td>
|
||||
<td style="vertical-align:top">"idErrorMDMAlreadyEnrolled", // MENROLL_E_DEVICE_ALREADY_ENROLLED</td>
|
||||
<td style="vertical-align:top"><p>This device is already enrolled. You can contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x8018000A</td>
|
||||
<td>"idErrorMDMAlreadyEnrolled", // MENROLL_E_DEVICE_ALREADY_ENROLLED</td>
|
||||
<td><p>This device is already enrolled. You can contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x8018000D</td>
|
||||
<td style="vertical-align:top">"idErrorMDMCertificateError", // MENROLL_E_DISCOVERY_SEC_CERT_DATE_INVALID</td>
|
||||
<td style="vertical-align:top"><p>There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x8018000D</td>
|
||||
<td>"idErrorMDMCertificateError", // MENROLL_E_DISCOVERY_SEC_CERT_DATE_INVALID</td>
|
||||
<td><p>There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x8018000E</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // MENROLL_E_PASSWORD_NEEDED</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x8018000E</td>
|
||||
<td>"idErrorAuthenticationFailure", // MENROLL_E_PASSWORD_NEEDED</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x8018000F</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // MENROLL_E_WAB_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x8018000F</td>
|
||||
<td>"idErrorAuthenticationFailure", // MENROLL_E_WAB_ERROR</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180010</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // MENROLL_E_CONNECTIVITY</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x80180010</td>
|
||||
<td>"idErrorServerConnectivity", // MENROLL_E_CONNECTIVITY</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180012</td>
|
||||
<td style="vertical-align:top">"idErrorMDMCertificateError", // MENROLL_E_INVALIDSSLCERT</td>
|
||||
<td style="vertical-align:top"><p>There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180012</td>
|
||||
<td>"idErrorMDMCertificateError", // MENROLL_E_INVALIDSSLCERT</td>
|
||||
<td><p>There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180013</td>
|
||||
<td style="vertical-align:top">"idErrorDeviceLimit", // MENROLL_E_DEVICECAPREACHED</td>
|
||||
<td style="vertical-align:top"><p>Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180013</td>
|
||||
<td>"idErrorDeviceLimit", // MENROLL_E_DEVICECAPREACHED</td>
|
||||
<td><p>Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180014</td>
|
||||
<td style="vertical-align:top">"idErrorMDMNotSupported", // MENROLL_E_DEVICENOTSUPPORTED</td>
|
||||
<td style="vertical-align:top"><p>This feature is not supported. Contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180014</td>
|
||||
<td>"idErrorMDMNotSupported", // MENROLL_E_DEVICENOTSUPPORTED</td>
|
||||
<td><p>This feature is not supported. Contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180015</td>
|
||||
<td style="vertical-align:top">"idErrorMDMNotSupported", // MENROLL_E_NOTSUPPORTED</td>
|
||||
<td style="vertical-align:top"><p>This feature is not supported. Contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180015</td>
|
||||
<td>"idErrorMDMNotSupported", // MENROLL_E_NOTSUPPORTED</td>
|
||||
<td><p>This feature is not supported. Contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180016</td>
|
||||
<td style="vertical-align:top">"idErrorMDMRenewalRejected", // MENROLL_E_NOTELIGIBLETORENEW</td>
|
||||
<td style="vertical-align:top"><p>The server did not accept the request. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180016</td>
|
||||
<td>"idErrorMDMRenewalRejected", // MENROLL_E_NOTELIGIBLETORENEW</td>
|
||||
<td><p>The server did not accept the request. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180017</td>
|
||||
<td style="vertical-align:top">"idErrorMDMAccountMaintenance", // MENROLL_E_INMAINTENANCE</td>
|
||||
<td style="vertical-align:top"><p>The service is in maintenance. You can try to do this again later or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180017</td>
|
||||
<td>"idErrorMDMAccountMaintenance", // MENROLL_E_INMAINTENANCE</td>
|
||||
<td><p>The service is in maintenance. You can try to do this again later or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x80180018</td>
|
||||
<td style="vertical-align:top">"idErrorMDMLicenseError", // MENROLL_E_USERLICENSE</td>
|
||||
<td style="vertical-align:top"><p>There was an error with your license. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180018</td>
|
||||
<td>"idErrorMDMLicenseError", // MENROLL_E_USERLICENSE</td>
|
||||
<td><p>There was an error with your license. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x80180019</td>
|
||||
<td style="vertical-align:top">"idErrorInvalidServerConfig", // MENROLL_E_ENROLLMENTDATAINVALID</td>
|
||||
<td style="vertical-align:top"><p>Looks like the server is not correctly configured. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x80180019</td>
|
||||
<td>"idErrorInvalidServerConfig", // MENROLL_E_ENROLLMENTDATAINVALID</td>
|
||||
<td><p>Looks like the server is not correctly configured. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">"rejectedTermsOfUse"</td>
|
||||
<td style="vertical-align:top">"idErrorRejectedTermsOfUse"</td>
|
||||
<td style="vertical-align:top"><p>Your organization requires that you agree to the Terms of Use. Please try again or ask your support person for more information.</p></td>
|
||||
<td>"rejectedTermsOfUse"</td>
|
||||
<td>"idErrorRejectedTermsOfUse"</td>
|
||||
<td><p>Your organization requires that you agree to the Terms of Use. Please try again or ask your support person for more information.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c0001</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // DSREG_E_DEVICE_MESSAGE_FORMAT_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x801c0001</td>
|
||||
<td>"idErrorServerConnectivity", // DSREG_E_DEVICE_MESSAGE_FORMAT_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x801c0002</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // DSREG_E_DEVICE_AUTHENTICATION_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c0002</td>
|
||||
<td>"idErrorAuthenticationFailure", // DSREG_E_DEVICE_AUTHENTICATION_ERROR</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c0003</td>
|
||||
<td style="vertical-align:top">"idErrorAuthorizationFailure", // DSREG_E_DEVICE_AUTHORIZATION_ERROR</td>
|
||||
<td style="vertical-align:top"><p>This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c0003</td>
|
||||
<td>"idErrorAuthorizationFailure", // DSREG_E_DEVICE_AUTHORIZATION_ERROR</td>
|
||||
<td><p>This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x801c0006</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // DSREG_E_DEVICE_INTERNALSERVICE_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x801c0006</td>
|
||||
<td>"idErrorServerConnectivity", // DSREG_E_DEVICE_INTERNALSERVICE_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c000B</td>
|
||||
<td style="vertical-align:top">"idErrorUntrustedServer", // DSREG_E_DISCOVERY_REDIRECTION_NOT_TRUSTED</td>
|
||||
<td style="vertical-align:top">The server being contacted is not trusted. Contact your system administrator with the error code {0}.</td>
|
||||
<td>0x801c000B</td>
|
||||
<td>"idErrorUntrustedServer", // DSREG_E_DISCOVERY_REDIRECTION_NOT_TRUSTED</td>
|
||||
<td>The server being contacted is not trusted. Contact your system administrator with the error code {0}.</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x801c000C</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // DSREG_E_DISCOVERY_FAILED</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x801c000C</td>
|
||||
<td>"idErrorServerConnectivity", // DSREG_E_DISCOVERY_FAILED</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c000E</td>
|
||||
<td style="vertical-align:top">"idErrorDeviceLimit", // DSREG_E_DEVICE_REGISTRATION_QUOTA_EXCCEEDED</td>
|
||||
<td style="vertical-align:top"><p>Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c000E</td>
|
||||
<td>"idErrorDeviceLimit", // DSREG_E_DEVICE_REGISTRATION_QUOTA_EXCCEEDED</td>
|
||||
<td><p>Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x801c000F</td>
|
||||
<td style="vertical-align:top">"idErrorDeviceRequiresReboot", // DSREG_E_DEVICE_REQUIRES_REBOOT</td>
|
||||
<td style="vertical-align:top"><p>A reboot is required to complete device registration.</p></td>
|
||||
<td>0x801c000F</td>
|
||||
<td>"idErrorDeviceRequiresReboot", // DSREG_E_DEVICE_REQUIRES_REBOOT</td>
|
||||
<td><p>A reboot is required to complete device registration.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c0010</td>
|
||||
<td style="vertical-align:top">"idErrorInvalidCertificate", // DSREG_E_DEVICE_AIK_VALIDATION_ERROR</td>
|
||||
<td style="vertical-align:top"><p>Looks like you have an invalid certificate. Contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c0010</td>
|
||||
<td>"idErrorInvalidCertificate", // DSREG_E_DEVICE_AIK_VALIDATION_ERROR</td>
|
||||
<td><p>Looks like you have an invalid certificate. Contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x801c0011</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // DSREG_E_DEVICE_ATTESTATION_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c0011</td>
|
||||
<td>"idErrorAuthenticationFailure", // DSREG_E_DEVICE_ATTESTATION_ERROR</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c0012</td>
|
||||
<td style="vertical-align:top">"idErrorServerConnectivity", // DSREG_E_DISCOVERY_BAD_MESSAGE_ERROR</td>
|
||||
<td style="vertical-align:top"><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
<td>0x801c0012</td>
|
||||
<td>"idErrorServerConnectivity", // DSREG_E_DISCOVERY_BAD_MESSAGE_ERROR</td>
|
||||
<td><p>There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">0x801c0013</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // DSREG_E_TENANTID_NOT_FOUND</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c0013</td>
|
||||
<td>"idErrorAuthenticationFailure", // DSREG_E_TENANTID_NOT_FOUND</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">0x801c0014</td>
|
||||
<td style="vertical-align:top">"idErrorAuthenticationFailure", // DSREG_E_USERSID_NOT_FOUND</td>
|
||||
<td style="vertical-align:top"><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
<td>0x801c0014</td>
|
||||
<td>"idErrorAuthenticationFailure", // DSREG_E_USERSID_NOT_FOUND</td>
|
||||
<td><p>There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@ -20,10 +20,10 @@ manager: dansimp
|
||||
2. Select **Mobility (MDM and MAM)**, and find the Microsoft Intune app.
|
||||
3. Select **Microsoft Intune** and configure the blade.
|
||||
|
||||
|
||||
|
||||
|
||||
Configure the blade
|
||||
|
||||
|
||||
|
||||
|
||||
You can specify settings to allow all users to enroll a device and make it Intune ready, or choose to allow some users (and then add a group of users).
|
||||
|
||||
@ -27,7 +27,7 @@ The BOOTSTRAP configuration service provider sets the Trusted Provisioning Serve
|
||||
|
||||
The following image shows the BOOTSTRAP configuration service provider in tree format as used by Open Mobile Alliance (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="context-allow"></a>**CONTEXT-ALLOW**
|
||||
Optional. Specifies a context for the TPS. Only one context is supported, so this parameter is ignored and "0" is assumed for its value.
|
||||
|
||||
@ -30,7 +30,7 @@ This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID
|
||||
|
||||
The following diagram shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="favorite-name-------------"></a>***favorite name***
|
||||
Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
|
||||
|
||||
@ -57,7 +57,7 @@ Using the WCD, create a provisioning package using the enrollment information re
|
||||
1. Open the WCD tool.
|
||||
2. Click **Advanced Provisioning**.
|
||||
|
||||
|
||||
|
||||
3. Enter a project name and click **Next**.
|
||||
4. Select **All Windows editions**, since Provisioning CSP is common to all Windows editions, then click **Next**.
|
||||
5. Skip **Import a provisioning package (optional)** and click **Finish**.
|
||||
@ -74,20 +74,20 @@ Using the WCD, create a provisioning package using the enrollment information re
|
||||
For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
|
||||
Here is the screenshot of the WCD at this point.
|
||||
|
||||
|
||||
|
||||
9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
|
||||
10. When you are done adding all the settings, on the **File** menu, click **Save**.
|
||||
11. On the main menu click **Export** > **Provisioning package**.
|
||||
|
||||
|
||||
|
||||
12. Enter the values for your package and specify the package output location.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
13. Click **Build**.
|
||||
|
||||
|
||||
|
||||
14. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
|
||||
15. Apply the package to your devices.
|
||||
|
||||
@ -108,7 +108,7 @@ Using the WCD, create a provisioning package using the enrollment information re
|
||||
5. Set **ExportCertificate** to False.
|
||||
6. For **KeyLocation**, select **Software only**.
|
||||
|
||||
|
||||
|
||||
7. Specify the workplace settings.
|
||||
1. Got to **Workplace** > **Enrollments**.
|
||||
2. Enter the **UPN** for the enrollment and then click **Add**.
|
||||
|
||||
@ -21,12 +21,12 @@ The CellularSettings configuration service provider is used to configure cellula
|
||||
|
||||
The following image shows the CellularSettings CSP in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="dataroam"></a>**DataRoam**
|
||||
<p style="margin-left: 20px"> Optional. Integer. Specifies the default roaming value. Valid values are:</p>
|
||||
<p> Optional. Integer. Specifies the default roaming value. Valid values are:</p>
|
||||
|
||||
<table style="margin-left: 20px"><table>
|
||||
<table><table>
|
||||
<colgroup>
|
||||
<col width="20%" />
|
||||
<col width="80%" />
|
||||
|
||||
@ -192,32 +192,32 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added support for Windows 10 Pro starting in the version 1809.</p>
|
||||
<td><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td><p>Added support for Windows 10 Pro starting in the version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="office-csp.md" data-raw-source="[Office CSP](office-csp.md)">Office CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added FinalStatus setting in Windows 10, version 1809.</p>
|
||||
<td><a href="office-csp.md" data-raw-source="[Office CSP](office-csp.md)">Office CSP</a></td>
|
||||
<td><p>Added FinalStatus setting in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="remotewipe-csp.md" data-raw-source="[RemoteWipe CSP](remotewipe-csp.md)">RemoteWipe CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
|
||||
<td><a href="remotewipe-csp.md" data-raw-source="[RemoteWipe CSP](remotewipe-csp.md)">RemoteWipe CSP</a></td>
|
||||
<td><p>Added new settings in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="tenantlockdown-csp.md" data-raw-source="[TenantLockdown CSP](tenantlockdown-csp.md)">TenantLockdown CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1809.</p>
|
||||
<td><a href="tenantlockdown-csp.md" data-raw-source="[TenantLockdown CSP](tenantlockdown-csp.md)">TenantLockdown CSP</a></td>
|
||||
<td><p>Added new CSP in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="windowsdefenderapplicationguard-csp.md" data-raw-source="[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)">WindowsDefenderApplicationGuard CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
|
||||
<td><a href="windowsdefenderapplicationguard-csp.md" data-raw-source="[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)">WindowsDefenderApplicationGuard CSP</a></td>
|
||||
<td><p>Added new settings in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td style="vertical-align:top"><p>Posted an updated version of the Policy DDF for Windows 10, version 1809.</p>
|
||||
<td><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td><p>Posted an updated version of the Policy DDF for Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, version 1809:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies in Windows 10, version 1809:</p>
|
||||
<ul>
|
||||
<li>Browser/AllowFullScreenMode</li>
|
||||
<li>Browser/AllowPrelaunch</li>
|
||||
@ -270,47 +270,47 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following note:</p>
|
||||
<td><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td><p>Added the following note:</p>
|
||||
<ul>
|
||||
<li>You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="passportforwork-csp.md" data-raw-source="[PassportForWork CSP](passportforwork-csp.md)">PassportForWork CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
|
||||
<td><a href="passportforwork-csp.md" data-raw-source="[PassportForWork CSP](passportforwork-csp.md)">PassportForWork CSP</a></td>
|
||||
<td><p>Added new settings in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="enterprisemodernappmanagement-csp.md" data-raw-source="[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)">EnterpriseModernAppManagement CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added NonRemovable setting under AppManagement node in Windows 10, version 1809.</p>
|
||||
<td><a href="enterprisemodernappmanagement-csp.md" data-raw-source="[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)">EnterpriseModernAppManagement CSP</a></td>
|
||||
<td><p>Added NonRemovable setting under AppManagement node in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="win32compatibilityappraiser-csp.md" data-raw-source="[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)">Win32CompatibilityAppraiser CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new configuration service provider in Windows 10, version 1809.</p>
|
||||
<td><a href="win32compatibilityappraiser-csp.md" data-raw-source="[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)">Win32CompatibilityAppraiser CSP</a></td>
|
||||
<td><p>Added new configuration service provider in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="windowslicensing-csp.md" data-raw-source="[WindowsLicensing CSP](windowslicensing-csp.md)">WindowsLicensing CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added S mode settings and SyncML examples in Windows 10, version 1809.</p>
|
||||
<td><a href="windowslicensing-csp.md" data-raw-source="[WindowsLicensing CSP](windowslicensing-csp.md)">WindowsLicensing CSP</a></td>
|
||||
<td><p>Added S mode settings and SyncML examples in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="supl-csp.md" data-raw-source="[SUPL CSP](supl-csp.md)">SUPL CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added 3 new certificate nodes in Windows 10, version 1809.</p>
|
||||
<td><a href="supl-csp.md" data-raw-source="[SUPL CSP](supl-csp.md)">SUPL CSP</a></td>
|
||||
<td><p>Added 3 new certificate nodes in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="defender-csp.md" data-raw-source="[Defender CSP](defender-csp.md)">Defender CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new node Health/ProductStatus in Windows 10, version 1809.</p>
|
||||
<td><a href="defender-csp.md" data-raw-source="[Defender CSP](defender-csp.md)">Defender CSP</a></td>
|
||||
<td><p>Added a new node Health/ProductStatus in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption in Windows 10, version 1809.</p>
|
||||
<td><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td><p>Added a new node AllowStandardUserEncryption in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="devdetail-csp.md" data-raw-source="[DevDetail CSP](devdetail-csp.md)">DevDetail CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber in Windows 10, version 1809.</p>
|
||||
<td><a href="devdetail-csp.md" data-raw-source="[DevDetail CSP](devdetail-csp.md)">DevDetail CSP</a></td>
|
||||
<td><p>Added a new node SMBIOSSerialNumber in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, version 1809:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies in Windows 10, version 1809:</p>
|
||||
<ul>
|
||||
<li>ApplicationManagement/LaunchAppAfterLogOn</li>
|
||||
<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
|
||||
@ -360,24 +360,24 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="wifi-csp.md" data-raw-source="[Wifi CSP](wifi-csp.md)">Wifi CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, version 1809.</p>
|
||||
<td><a href="wifi-csp.md" data-raw-source="[Wifi CSP](wifi-csp.md)">Wifi CSP</a></td>
|
||||
<td><p>Added a new node WifiCost in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="diagnose-mdm-failures-in-windows-10.md" data-raw-source="[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)">Diagnose MDM failures in Windows 10</a></td>
|
||||
<td style="vertical-align:top"><p>Recent changes:</p>
|
||||
<td><a href="diagnose-mdm-failures-in-windows-10.md" data-raw-source="[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)">Diagnose MDM failures in Windows 10</a></td>
|
||||
<td><p>Recent changes:</p>
|
||||
<ul>
|
||||
<li>Added procedure for collecting logs remotely from Windows 10 Holographic.</li>
|
||||
<li>Added procedure for downloading the MDM Diagnostic Information log.</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new node AllowStandardUserEncryption in Windows 10, version 1809.</p>
|
||||
<td><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td><p>Added new node AllowStandardUserEncryption in Windows 10, version 1809.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Recent changes:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Recent changes:</p>
|
||||
<ul>
|
||||
<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration - removed from docs. Not supported.</li>
|
||||
<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.</li>
|
||||
@ -398,8 +398,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="wirednetwork-csp.md" data-raw-source="[WiredNetwork CSP](wirednetwork-csp.md)">WiredNetwork CSP</a></td>
|
||||
<td style="vertical-align:top">New CSP added in Windows 10, version 1809.
|
||||
<td><a href="wirednetwork-csp.md" data-raw-source="[WiredNetwork CSP](wirednetwork-csp.md)">WiredNetwork CSP</a></td>
|
||||
<td>New CSP added in Windows 10, version 1809.
|
||||
</td></tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -419,8 +419,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the DDF files in the Windows 10 version 1703 and 1709.</p>
|
||||
<td><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td><p>Updated the DDF files in the Windows 10 version 1703 and 1709.</p>
|
||||
<ul>
|
||||
<li><a href="https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml" data-raw-source="[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)">Download the Policy DDF file for Windows 10, version 1709</a></li>
|
||||
<li><a href="https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml" data-raw-source="[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)">Download the Policy DDF file for Windows 10, version 1703</a></li>
|
||||
@ -444,35 +444,35 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="windowsdefenderapplicationguard-csp.md" data-raw-source="[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)">WindowsDefenderApplicationGuard CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<td><a href="windowsdefenderapplicationguard-csp.md" data-raw-source="[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)">WindowsDefenderApplicationGuard CSP</a></td>
|
||||
<td><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>Settings/AllowVirtualGPU</li>
|
||||
<li>Settings/SaveFilesToHost</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="\networkproxy--csp.md" data-raw-source="[NetworkProxy CSP](\networkproxy--csp.md)">NetworkProxy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<td><a href="\networkproxy--csp.md" data-raw-source="[NetworkProxy CSP](\networkproxy--csp.md)">NetworkProxy CSP</a></td>
|
||||
<td><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>ProxySettingsPerUser</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="accounts-csp.md" data-raw-source="[Accounts CSP](accounts-csp.md)">Accounts CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
<td><a href="accounts-csp.md" data-raw-source="[Accounts CSP](accounts-csp.md)">Accounts CSP</a></td>
|
||||
<td><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="https://aka.ms/mmat" data-raw-source="[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)">MDM Migration Analysis Tool (MMAT)</a></td>
|
||||
<td style="vertical-align:top"><p>Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.</p>
|
||||
<td><a href="https://aka.ms/mmat" data-raw-source="[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)">MDM Migration Analysis Tool (MMAT)</a></td>
|
||||
<td><p>Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="configuration-service-provider-reference.md#csp-ddf-files-download" data-raw-source="[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)">CSP DDF files download</a></td>
|
||||
<td style="vertical-align:top"><p>Added the DDF download of Windows 10, version 1803 configuration service providers.</p>
|
||||
<td><a href="configuration-service-provider-reference.md#csp-ddf-files-download" data-raw-source="[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)">CSP DDF files download</a></td>
|
||||
<td><p>Added the DDF download of Windows 10, version 1803 configuration service providers.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>Bluetooth/AllowPromptedProximalConnections</li>
|
||||
<li>KioskBrowser/EnableEndSessionButton</li>
|
||||
@ -500,41 +500,41 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="euiccs-csp.md" data-raw-source="[eUICCs CSP](euiccs-csp.md)">eUICCs CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<td><a href="euiccs-csp.md" data-raw-source="[eUICCs CSP](euiccs-csp.md)">eUICCs CSP</a></td>
|
||||
<td><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>IsEnabled</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="devicestatus-csp.md" data-raw-source="[DeviceStatus CSP](devicestatus-csp.md)">DeviceStatus CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<td><a href="devicestatus-csp.md" data-raw-source="[DeviceStatus CSP](devicestatus-csp.md)">DeviceStatus CSP</a></td>
|
||||
<td><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>OS/Mode</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="understanding-admx-backed-policies.md" data-raw-source="[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)">Understanding ADMX-backed policies</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following videos:</p>
|
||||
<td><a href="understanding-admx-backed-policies.md" data-raw-source="[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)">Understanding ADMX-backed policies</a></td>
|
||||
<td><p>Added the following videos:</p>
|
||||
<ul>
|
||||
<li><a href="https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121" data-raw-source="[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)">How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune</a></li>
|
||||
<li><a href="https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73" data-raw-source="[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)">How to import a custom ADMX file to a device using Intune</a></li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="accountmanagement-csp.md" data-raw-source="[AccountManagement CSP](accountmanagement-csp.md)">AccountManagement CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
<td><a href="accountmanagement-csp.md" data-raw-source="[AccountManagement CSP](accountmanagement-csp.md)">AccountManagement CSP</a></td>
|
||||
<td><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="rootcacertificates-csp.md" data-raw-source="[RootCATrustedCertificates CSP](rootcacertificates-csp.md)">RootCATrustedCertificates CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<td><a href="rootcacertificates-csp.md" data-raw-source="[RootCATrustedCertificates CSP](rootcacertificates-csp.md)">RootCATrustedCertificates CSP</a></td>
|
||||
<td><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>UntrustedCertificates</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>ApplicationDefaults/EnableAppUriHandlers</li>
|
||||
<li>ApplicationManagement/MSIAllowUserControlOverInstall</li>
|
||||
@ -556,16 +556,16 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-csp-bluetooth.md" data-raw-source="[Policy CSP - Bluetooth](policy-csp-bluetooth.md)">Policy CSP - Bluetooth</a></td>
|
||||
<td style="vertical-align:top"><p>Added new section <a href="policy-csp-bluetooth.md#servicesallowedlist-usage-guide" data-raw-source="[ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide)">ServicesAllowedList usage guide</a>.</p>
|
||||
<td><a href="policy-csp-bluetooth.md" data-raw-source="[Policy CSP - Bluetooth](policy-csp-bluetooth.md)">Policy CSP - Bluetooth</a></td>
|
||||
<td><p>Added new section <a href="policy-csp-bluetooth.md#servicesallowedlist-usage-guide" data-raw-source="[ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide)">ServicesAllowedList usage guide</a>.</p>
|
||||
</td></tr>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="multisim-csp.md" data-raw-source="[MultiSIM CSP](multisim-csp.md)">MultiSIM CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added SyncML examples and updated the settings descriptions.</p>
|
||||
<td><a href="multisim-csp.md" data-raw-source="[MultiSIM CSP](multisim-csp.md)">MultiSIM CSP</a></td>
|
||||
<td><p>Added SyncML examples and updated the settings descriptions.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="remotewipe-csp.md" data-raw-source="[RemoteWipe CSP](remotewipe-csp.md)">RemoteWipe CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.</p>
|
||||
<td><a href="remotewipe-csp.md" data-raw-source="[RemoteWipe CSP](remotewipe-csp.md)">RemoteWipe CSP</a></td>
|
||||
<td><p>Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.</p>
|
||||
</td></tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -585,8 +585,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>Display/DisablePerProcessDpiForApps</li>
|
||||
<li>Display/EnablePerProcessDpi</li>
|
||||
@ -603,12 +603,12 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
<ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="vpnv2-profile-xsd.md" data-raw-source="[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)">VPNv2 ProfileXML XSD</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
|
||||
<td><a href="vpnv2-profile-xsd.md" data-raw-source="[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)">VPNv2 ProfileXML XSD</a></td>
|
||||
<td><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
|
||||
<td><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td><p>Added the following nodes in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>Status</li>
|
||||
<li>ShellLauncher</li>
|
||||
@ -617,12 +617,12 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="multisim-csp.md" data-raw-source="[MultiSIM CSP](multisim-csp.md)">MultiSIM CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
<td><a href="multisim-csp.md" data-raw-source="[MultiSIM CSP](multisim-csp.md)">MultiSIM CSP</a></td>
|
||||
<td><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="enterprisemodernappmanagement-csp.md" data-raw-source="[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)">EnterpriseModernAppManagement CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<td><a href="enterprisemodernappmanagement-csp.md" data-raw-source="[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)">EnterpriseModernAppManagement CSP</a></td>
|
||||
<td><p>Added the following node in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>MaintainProcessorArchitectureOnUpdate</li>
|
||||
</ul>
|
||||
@ -645,8 +645,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies for Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>Browser/AllowConfigurationUpdateForBooksLibrary</li>
|
||||
<li>Browser/AlwaysEnableBooksLibrary</li>
|
||||
@ -744,16 +744,16 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
|
||||
<td><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="enterprisemodernappmanagement-csp.md" data-raw-source="[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)">EnterpriseModernAppManagement CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.</p>
|
||||
<td><a href="enterprisemodernappmanagement-csp.md" data-raw-source="[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)">EnterpriseModernAppManagement CSP</a></td>
|
||||
<td><p>Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="dmclient-csp.md" data-raw-source="[DMClient CSP](dmclient-csp.md)">DMClient CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
|
||||
<td><a href="dmclient-csp.md" data-raw-source="[DMClient CSP](dmclient-csp.md)">DMClient CSP</a></td>
|
||||
<td><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>AADSendDeviceToken</li>
|
||||
<li>BlockInStatusPage</li>
|
||||
@ -764,16 +764,16 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="defender-csp.md" data-raw-source="[Defender CSP](defender-csp.md)">Defender CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
|
||||
<td><a href="defender-csp.md" data-raw-source="[Defender CSP](defender-csp.md)">Defender CSP</a></td>
|
||||
<td><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="uefi-csp.md" data-raw-source="[UEFI CSP](uefi-csp.md)">UEFI CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
<td><a href="uefi-csp.md" data-raw-source="[UEFI CSP](uefi-csp.md)">UEFI CSP</a></td>
|
||||
<td><p>Added a new CSP in Windows 10, version 1803.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="update-csp.md" data-raw-source="[Update CSP](update-csp.md)">Update CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
|
||||
<td><a href="update-csp.md" data-raw-source="[Update CSP](update-csp.md)">Update CSP</a></td>
|
||||
<td><p>Added the following nodes in Windows 10, version 1803:</p>
|
||||
<ul>
|
||||
<li>Rollback</li>
|
||||
<li>Rollback/FeatureUpdate</li>
|
||||
@ -799,8 +799,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="configuration-service-provider-reference.md" data-raw-source="[Configuration service provider reference](configuration-service-provider-reference.md)">Configuration service provider reference</a></td>
|
||||
<td style="vertical-align:top"><p>Added new section <a href="configuration-service-provider-reference.md#csp-ddf-files-download" data-raw-source="[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)">CSP DDF files download</a></p>
|
||||
<td><a href="configuration-service-provider-reference.md" data-raw-source="[Configuration service provider reference](configuration-service-provider-reference.md)">Configuration service provider reference</a></td>
|
||||
<td><p>Added new section <a href="configuration-service-provider-reference.md#csp-ddf-files-download" data-raw-source="[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)">CSP DDF files download</a></p>
|
||||
</td></tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -820,8 +820,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following policies for Windows 10, version 1709:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Authentication/AllowFidoDeviceSignon</li>
|
||||
<li>Cellular/LetAppsAccessCellularData</li>
|
||||
@ -858,28 +858,28 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.</p>
|
||||
<td><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td><p>Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the following policies:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Updated the following policies:</p>
|
||||
<ul>
|
||||
<li>Defender/ControlledFolderAccessAllowedApplications - string separator is |.</li>
|
||||
<li>Defender/ControlledFolderAccessProtectedFolders - string separator is |.</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><a href="euiccs-csp.md" data-raw-source="[eUICCs CSP](euiccs-csp.md)">eUICCs CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
|
||||
<td><a href="euiccs-csp.md" data-raw-source="[eUICCs CSP](euiccs-csp.md)">eUICCs CSP</a></td>
|
||||
<td><p>Added new CSP in Windows 10, version 1709.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added SyncML examples for the new Configuration node.</p>
|
||||
<td><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td><p>Added SyncML examples for the new Configuration node.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="dmclient-csp.md" data-raw-source="[DMClient CSP](dmclient-csp.md)">DMClient CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.</p>
|
||||
<td><a href="dmclient-csp.md" data-raw-source="[DMClient CSP](dmclient-csp.md)">DMClient CSP</a></td>
|
||||
<td><p>Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.</p>
|
||||
</td></tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -899,8 +899,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Authentication/AllowAadPasswordReset</li>
|
||||
<li>Handwriting/PanelDefaultModeDocked</li>
|
||||
@ -910,16 +910,16 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
<p>Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.</p>
|
||||
</td></tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.</p>
|
||||
<td><a href="assignedaccess-csp.md" data-raw-source="[AssignedAccess CSP](assignedaccess-csp.md)">AssignedAccess CSP</a></td>
|
||||
<td><p>Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">Microsoft Store for Business and Microsoft Store</td>
|
||||
<td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.</p>
|
||||
<td>Microsoft Store for Business and Microsoft Store</td>
|
||||
<td><p>Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.</p>
|
||||
</td></tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">The <a href="/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692" data-raw-source="[\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)">[MS-MDE2]: Mobile Device Enrollment Protocol Version 2</a></td>
|
||||
<td style="vertical-align:top"><p>The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:</p>
|
||||
<td>The <a href="/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692" data-raw-source="[\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)">[MS-MDE2]: Mobile Device Enrollment Protocol Version 2</a></td>
|
||||
<td><p>The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:</p>
|
||||
<ul>
|
||||
<li>UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. </li>
|
||||
<li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
|
||||
@ -928,20 +928,20 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
<p>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="enterpriseapn-csp.md" data-raw-source="[EnterpriseAPN CSP](enterpriseapn-csp.md)">EnterpriseAPN CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added a SyncML example.</p>
|
||||
<td><a href="enterpriseapn-csp.md" data-raw-source="[EnterpriseAPN CSP](enterpriseapn-csp.md)">EnterpriseAPN CSP</a></td>
|
||||
<td><p>Added a SyncML example.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="vpnv2-csp.md" data-raw-source="[VPNv2 CSP](vpnv2-csp.md)">VPNv2 CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added RegisterDNS setting in Windows 10, version 1709.</p>
|
||||
<td><a href="vpnv2-csp.md" data-raw-source="[VPNv2 CSP](vpnv2-csp.md)">VPNv2 CSP</a></td>
|
||||
<td><p>Added RegisterDNS setting in Windows 10, version 1709.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>
|
||||
<td style="vertical-align:top"><p>Added new topic to introduce a new Group Policy for automatic MDM enrollment.</p>
|
||||
<td><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>
|
||||
<td><p>Added new topic to introduce a new Group Policy for automatic MDM enrollment.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md" data-raw-source="[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)">MDM enrollment of Windows-based devices</a></td>
|
||||
<td style="vertical-align:top"><p>New features in the Settings app:</p>
|
||||
<td><a href="mdm-enrollment-of-windows-devices.md" data-raw-source="[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)">MDM enrollment of Windows-based devices</a></td>
|
||||
<td><p>New features in the Settings app:</p>
|
||||
<ul>
|
||||
<li>User sees installation progress of critical policies during MDM enrollment.</li>
|
||||
<li>User knows what policies, profiles, apps MDM has configured</li>
|
||||
@ -967,23 +967,23 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="enable-admx-backed-policies-in-mdm.md" data-raw-source="[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)">Enable ADMX-backed policies in MDM</a></td>
|
||||
<td style="vertical-align:top"><p>Added new step-by-step guide to enable ADMX-backed policies.</p>
|
||||
<td><a href="enable-admx-backed-policies-in-mdm.md" data-raw-source="[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)">Enable ADMX-backed policies in MDM</a></td>
|
||||
<td><p>Added new step-by-step guide to enable ADMX-backed policies.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="mobile-device-enrollment.md" data-raw-source="[Mobile device enrollment](mobile-device-enrollment.md)">Mobile device enrollment</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following statement:</p>
|
||||
<td><a href="mobile-device-enrollment.md" data-raw-source="[Mobile device enrollment](mobile-device-enrollment.md)">Mobile device enrollment</a></td>
|
||||
<td><p>Added the following statement:</p>
|
||||
<ul>
|
||||
<li>Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in <strong>Settings</strong>. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="cm-cellularentries-csp.md" data-raw-source="[CM\_CellularEntries CSP](cm-cellularentries-csp.md)">CM_CellularEntries CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
|
||||
<td><a href="cm-cellularentries-csp.md" data-raw-source="[CM\_CellularEntries CSP](cm-cellularentries-csp.md)">CM_CellularEntries CSP</a></td>
|
||||
<td><p>Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="enterprisedataprotection-csp.md" data-raw-source="[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)">EnterpriseDataProtection CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Updated the Settings/EDPEnforcementLevel values to the following:</p>
|
||||
<td><a href="enterprisedataprotection-csp.md" data-raw-source="[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)">EnterpriseDataProtection CSP</a></td>
|
||||
<td><p>Updated the Settings/EDPEnforcementLevel values to the following:</p>
|
||||
<ul>
|
||||
<li> 0 (default) – Off / No protection (decrypts previously protected data).</li>
|
||||
<li> 1 – Silent mode (encrypt and audit only).</li>
|
||||
@ -992,31 +992,31 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="applocker-csp.md" data-raw-source="[AppLocker CSP](applocker-csp.md)">AppLocker CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in <a href="applocker-csp.md#allow-list-examples" data-raw-source="[Allowlist examples](applocker-csp.md#allow-list-examples)">Allow list examples</a>.</p>
|
||||
<td><a href="applocker-csp.md" data-raw-source="[AppLocker CSP](applocker-csp.md)">AppLocker CSP</a></td>
|
||||
<td><p>Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in <a href="applocker-csp.md#allow-list-examples" data-raw-source="[Allowlist examples](applocker-csp.md#allow-list-examples)">Allow list examples</a>.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="devicemanageability-csp.md" data-raw-source="[DeviceManageability CSP](devicemanageability-csp.md)">DeviceManageability CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
|
||||
<td><a href="devicemanageability-csp.md" data-raw-source="[DeviceManageability CSP](devicemanageability-csp.md)">DeviceManageability CSP</a></td>
|
||||
<td><p>Added the following settings in Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Provider/<em>ProviderID</em>/ConfigInfo</li>
|
||||
<li> Provider/<em>ProviderID</em>/EnrollmentInfo</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="office-csp.md" data-raw-source="[Office CSP](office-csp.md)">Office CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following setting in Windows 10, version 1709:</p>
|
||||
<td><a href="office-csp.md" data-raw-source="[Office CSP](office-csp.md)">Office CSP</a></td>
|
||||
<td><p>Added the following setting in Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Installation/CurrentStatus</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td style="vertical-align:top">Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
|
||||
<td><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
|
||||
<td>Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="firewall-csp.md" data-raw-source="[Firewall CSP](firewall-csp.md)">Firewall CSP</a></td>
|
||||
<td style="vertical-align:top">Updated the CSP and DDF topics. Here are the changes:
|
||||
<td><a href="firewall-csp.md" data-raw-source="[Firewall CSP](firewall-csp.md)">Firewall CSP</a></td>
|
||||
<td>Updated the CSP and DDF topics. Here are the changes:
|
||||
<ul>
|
||||
<li>Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.</li>
|
||||
<li>Changed some data types from integer to bool.</li>
|
||||
@ -1025,8 +1025,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td style="vertical-align:top">Added another Policy DDF file <a href="https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml" data-raw-source="[download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)">download</a> for the 8C release of Windows 10, version 1607, which added the following policies:
|
||||
<td><a href="policy-ddf-file.md" data-raw-source="[Policy DDF file](policy-ddf-file.md)">Policy DDF file</a></td>
|
||||
<td>Added another Policy DDF file <a href="https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml" data-raw-source="[download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)">download</a> for the 8C release of Windows 10, version 1607, which added the following policies:
|
||||
<ul>
|
||||
<li>Browser/AllowMicrosoftCompatibilityList</li>
|
||||
<li>Update/DisableDualScan</li>
|
||||
@ -1034,8 +1034,8 @@ This article lists new and updated articles for the Mobile Device Management (MD
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<td><a href="policy-configuration-service-provider.md" data-raw-source="[Policy CSP](policy-configuration-service-provider.md)">Policy CSP</a></td>
|
||||
<td><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Browser/ProvisionFavorites</li>
|
||||
<li>Browser/LockdownFavorites</li>
|
||||
|
||||
@ -23,14 +23,14 @@ CleanPC
|
||||
----CleanPCRetainingUserData
|
||||
```
|
||||
<a href="" id="--device-vendor-msft-cleanpc"></a>**./Device/Vendor/MSFT/CleanPC**
|
||||
<p style="margin-left: 20px">The root node for the CleanPC configuration service provider.</p>
|
||||
<p>The root node for the CleanPC configuration service provider.</p>
|
||||
|
||||
<a href="" id="cleanpcwithoutretaininguserdata"></a>**CleanPCWithoutRetainingUserData**
|
||||
<p style="margin-left: 20px">An integer specifying a CleanPC operation without any retention of user data.
|
||||
<p>An integer specifying a CleanPC operation without any retention of user data.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Execute.
|
||||
<p>The only supported operation is Execute.
|
||||
|
||||
<a href="" id="cleanpcwithoutretaininguserdata"></a>**CleanPCRetainingUserData**
|
||||
<p style="margin-left: 20px">An integer specifying a CleanPC operation with retention of user data.
|
||||
<p>An integer specifying a CleanPC operation with retention of user data.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Execute.
|
||||
<p>The only supported operation is Execute.
|
||||
|
||||
@ -20,31 +20,31 @@ This configuration service provider requires the ID\_CAP\_NETWORKING\_ADMIN capa
|
||||
|
||||
The following diagram shows the CM\_CellularEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="entryname"></a>***entryname***
|
||||
<p style="margin-left: 20px">Defines the name of the connection.</p>
|
||||
<p>Defines the name of the connection.</p>
|
||||
|
||||
<p style="margin-left: 20px">The <a href="cmpolicy-csp.md" data-raw-source="[CMPolicy configuration service provider](cmpolicy-csp.md)">CMPolicy configuration service provider</a> uses the value of <em>entryname</em> to identify the connection that is associated with a policy and <a href="cm-proxyentries-csp.md" data-raw-source="[CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md)">CM_ProxyEntries configuration service provider</a> uses the value of <em>entryname</em> to identify the connection that is associated with a proxy.</p>
|
||||
<p>The <a href="cmpolicy-csp.md" data-raw-source="[CMPolicy configuration service provider](cmpolicy-csp.md)">CMPolicy configuration service provider</a> uses the value of <em>entryname</em> to identify the connection that is associated with a policy and <a href="cm-proxyentries-csp.md" data-raw-source="[CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md)">CM_ProxyEntries configuration service provider</a> uses the value of <em>entryname</em> to identify the connection that is associated with a proxy.</p>
|
||||
|
||||
<a href="" id="alwayson"></a>**AlwaysOn**
|
||||
<p style="margin-left: 20px">Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available.
|
||||
<p>Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available.
|
||||
|
||||
<p style="margin-left: 20px">A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS.
|
||||
<p>A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS.
|
||||
|
||||
<p style="margin-left: 20px">A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs.
|
||||
<p>A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs.
|
||||
|
||||
<p style="margin-left: 20px">There must be at least one AlwaysOn Internet connection provisioned for the mobile operator.
|
||||
<p>There must be at least one AlwaysOn Internet connection provisioned for the mobile operator.
|
||||
|
||||
<a href="" id="authtype"></a>**AuthType**
|
||||
<p style="margin-left: 20px">Optional. Type: String. Specifies the method of authentication used for a connection.
|
||||
<p>Optional. Type: String. Specifies the method of authentication used for a connection.
|
||||
|
||||
<p style="margin-left: 20px">A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
|
||||
<p>A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
|
||||
|
||||
<a href="" id="connectiontype"></a>**ConnectionType**
|
||||
<p style="margin-left: 20px">Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available:
|
||||
<p>Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available:
|
||||
|
||||
<table style="margin-left: 20px"><table>
|
||||
<table><table>
|
||||
<colgroup>
|
||||
<col width="20%" />
|
||||
<col width="80%" />
|
||||
@ -80,48 +80,48 @@ The following diagram shows the CM\_CellularEntries configuration service provid
|
||||
|
||||
|
||||
<a href="" id="desc-langid"></a>**Desc.langid**
|
||||
<p style="margin-left: 20px">Optional. Specifies the UI display string used by the defined language ID.
|
||||
<p>Optional. Specifies the UI display string used by the defined language ID.
|
||||
|
||||
<p style="margin-left: 20px"> A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as <code>Desc.0409</code> with a value of <code>"GPRS Connection"</code> will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no <strong>Desc</strong> parameter is provisioned for a given language, the system will default to the name used to create the entry.
|
||||
<p> A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as <code>Desc.0409</code> with a value of <code>"GPRS Connection"</code> will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no <strong>Desc</strong> parameter is provisioned for a given language, the system will default to the name used to create the entry.
|
||||
|
||||
<a href="" id="enabled"></a>**Enabled**
|
||||
<p style="margin-left: 20px"> Specifies if the connection is enabled.
|
||||
<p> Specifies if the connection is enabled.
|
||||
|
||||
<p style="margin-left: 20px"> A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
|
||||
<p> A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
|
||||
|
||||
<a href="" id="ipheadercompression"></a>**IpHeaderCompression**
|
||||
<p style="margin-left: 20px"> Optional. Specifies if IP header compression is enabled.
|
||||
<p> Optional. Specifies if IP header compression is enabled.
|
||||
|
||||
<p style="margin-left: 20px"> A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
|
||||
<p> A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
|
||||
|
||||
<a href="" id="password"></a>**Password**
|
||||
<p style="margin-left: 20px"> Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
|
||||
<p> Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
|
||||
|
||||
<a href="" id="swcompression"></a>**SwCompression**
|
||||
<p style="margin-left: 20px"> Optional. Specifies if software compression is enabled.
|
||||
<p> Optional. Specifies if software compression is enabled.
|
||||
|
||||
<p style="margin-left: 20px"> A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
|
||||
<p> A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
|
||||
|
||||
<a href="" id="username"></a>**UserName**
|
||||
<p style="margin-left: 20px"> Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
|
||||
<p> Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
|
||||
|
||||
<a href="" id="userequiresmappingspolicy"></a>**UseRequiresMappingsPolicy**
|
||||
<p style="margin-left: 20px"> Optional. Specifies if the connection requires a corresponding mappings policy.
|
||||
<p> Optional. Specifies if the connection requires a corresponding mappings policy.
|
||||
|
||||
<p style="margin-left: 20px"> A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
|
||||
<p> A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
|
||||
|
||||
<p style="margin-left: 20px"> For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic.
|
||||
<p> For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic.
|
||||
|
||||
<a href="" id="version"></a>**Version**
|
||||
<p style="margin-left: 20px"> Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
|
||||
<p> Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
|
||||
|
||||
<p style="margin-left: 20px"> This value must be "1" if included.
|
||||
<p> This value must be "1" if included.
|
||||
|
||||
<a href="" id="gprsinfoaccesspointname"></a>**GPRSInfoAccessPointName**
|
||||
<p style="margin-left: 20px"> Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
|
||||
<p> Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
|
||||
|
||||
<a href="" id="roaming"></a>**Roaming**
|
||||
<p style="margin-left: 20px"> Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available:
|
||||
<p> Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available:
|
||||
|
||||
- 0 - Home network only.
|
||||
- 1 (default)- All roaming conditions (home and roaming).
|
||||
@ -131,13 +131,13 @@ The following diagram shows the CM\_CellularEntries configuration service provid
|
||||
- 5 - Roaming only.
|
||||
|
||||
<a href="" id="oemconnectionid"></a>**OEMConnectionID**
|
||||
<p style="margin-left: 20px"> Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value is not specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
|
||||
<p> Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value is not specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
|
||||
|
||||
<a href="" id="apnid"></a>**ApnId**
|
||||
<p style="margin-left: 20px"> Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices.
|
||||
<p> Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices.
|
||||
|
||||
<a href="" id="iptype"></a>**IPType**
|
||||
<p style="margin-left: 20px"> Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4".
|
||||
<p> Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4".
|
||||
|
||||
> [!WARNING]
|
||||
> Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6.
|
||||
@ -145,14 +145,14 @@ The following diagram shows the CM\_CellularEntries configuration service provid
|
||||
|
||||
|
||||
<a href="" id="exemptfromdisablepolicy"></a>**ExemptFromDisablePolicy**
|
||||
<p style="margin-left: 20px"> Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt).
|
||||
<p> Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt).
|
||||
|
||||
<p style="margin-left: 20px"> To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed.
|
||||
<p> To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Do not set ExemptFromDisablePolicy to "1", ExemptFromRoaming to "1", or UseRequiresMappingsPolicy to "1" for general purpose connections.
|
||||
|
||||
<p style="margin-left: 20px"> To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should:
|
||||
<p> To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should:
|
||||
|
||||
- Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1)
|
||||
- Set AllowMMSIfDataIsOff to 1 (default is 0)
|
||||
@ -160,16 +160,16 @@ The following diagram shows the CM\_CellularEntries configuration service provid
|
||||
|
||||
|
||||
<a href="" id="exemptfromroaming"></a>**ExemptFromRoaming**
|
||||
<p style="margin-left: 20px"> Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt).
|
||||
<p> Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt).
|
||||
|
||||
<a href="" id="tetheringnai"></a>**TetheringNAI**
|
||||
<p style="margin-left: 20px"> Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0".
|
||||
<p> Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0".
|
||||
|
||||
<a href="" id="idledisconnecttimeout"></a>**IdleDisconnectTimeout**
|
||||
<p style="margin-left: 20px"> Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
|
||||
<p> Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> <p style="margin-left: 20px"> You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used.
|
||||
> <p> You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used.
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
@ -178,10 +178,10 @@ The following diagram shows the CM\_CellularEntries configuration service provid
|
||||
|
||||
|
||||
<a href="" id="simiccid"></a>**SimIccId**
|
||||
<p style="margin-left: 20px"> For single SIM phones, this parm is optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
|
||||
<p> For single SIM phones, this parm is optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
|
||||
|
||||
<a href="" id="purposegroups"></a>**PurposeGroups**
|
||||
<p style="margin-left: 20px"> Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
|
||||
<p> Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
|
||||
|
||||
- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
|
||||
- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD
|
||||
|
||||
@ -2555,36 +2555,36 @@ The following list shows the CSPs supported in HoloLens devices:
|
||||
|
||||
| Configuration service provider | HoloLens (1st gen) Development Edition | HoloLens (1st gen) Commercial Suite | HoloLens 2 |
|
||||
|------|--------|--------|--------|
|
||||
| [AccountManagement CSP](accountmanagement-csp.md) |  |  <sup>4</sup> | 
|
||||
| [Accounts CSP](accounts-csp.md) |  |  |  |
|
||||
| [ApplicationControl CSP](applicationcontrol-csp.md) |  |  |  |
|
||||
| [AppLocker CSP](applocker-csp.md) |  |  |  |
|
||||
| [AssignedAccess CSP](assignedaccess-csp.md) |  |  <sup>4</sup> |  |
|
||||
| [CertificateStore CSP](certificatestore-csp.md) |  | |  |
|
||||
| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) |  |  |  |
|
||||
| [DevDetail CSP](devdetail-csp.md) |  |  |  |
|
||||
| [DeveloperSetup CSP](developersetup-csp.md) |  |  <sup>2</sup> (runtime provisioning via provisioning packages only; no MDM support)|  |
|
||||
| [DeviceManageability CSP](devicemanageability-csp.md) |  |  |  |
|
||||
| [DeviceStatus CSP](devicestatus-csp.md) |  |  |  |
|
||||
| [DevInfo CSP](devinfo-csp.md) |  |  |  |
|
||||
| [DiagnosticLog CSP](diagnosticlog-csp.md) |  |  |  |
|
||||
| [DMAcc CSP](dmacc-csp.md) |  |  |  |
|
||||
| [DMClient CSP](dmclient-csp.md) |  |  |  |
|
||||
| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) |  |  |  <sup>10</sup> |
|
||||
| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) |  |  |  |
|
||||
| [NetworkProxy CSP](networkproxy-csp.md) |  |  |  |
|
||||
| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) |  |  |  <sup>8</sup>|
|
||||
| [NodeCache CSP](nodecache-csp.md) |  |  |  |
|
||||
[PassportForWork CSP](passportforwork-csp.md) |  |  |  |
|
||||
| [Policy CSP](policy-configuration-service-provider.md) |  |  |  |
|
||||
| [RemoteFind CSP](remotefind-csp.md) |  |  <sup>4</sup> |  |
|
||||
| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only) |  |  <sup>4</sup> |  |
|
||||
| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) |  |  |  |
|
||||
| [TenantLockdown CSP](tenantlockdown-csp.md) |  |  |  <sup>10</sup> |
|
||||
| [Update CSP](update-csp.md) |  |  |  |
|
||||
| [VPNv2 CSP](vpnv2-csp.md) |  |  |  |
|
||||
| [WiFi CSP](wifi-csp.md) |  |  |  |
|
||||
| [WindowsLicensing CSP](windowslicensing-csp.md) |  |  |  |
|
||||
| [AccountManagement CSP](accountmanagement-csp.md) |  |  <sup>4</sup> | 
|
||||
| [Accounts CSP](accounts-csp.md) |  |  |  |
|
||||
| [ApplicationControl CSP](applicationcontrol-csp.md) |  |  |  |
|
||||
| [AppLocker CSP](applocker-csp.md) |  |  |  |
|
||||
| [AssignedAccess CSP](assignedaccess-csp.md) |  |  <sup>4</sup> |  |
|
||||
| [CertificateStore CSP](certificatestore-csp.md) |  | |  |
|
||||
| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) |  |  |  |
|
||||
| [DevDetail CSP](devdetail-csp.md) |  |  |  |
|
||||
| [DeveloperSetup CSP](developersetup-csp.md) |  |  <sup>2</sup> (runtime provisioning via provisioning packages only; no MDM support)|  |
|
||||
| [DeviceManageability CSP](devicemanageability-csp.md) |  |  |  |
|
||||
| [DeviceStatus CSP](devicestatus-csp.md) |  |  |  |
|
||||
| [DevInfo CSP](devinfo-csp.md) |  |  |  |
|
||||
| [DiagnosticLog CSP](diagnosticlog-csp.md) |  |  |  |
|
||||
| [DMAcc CSP](dmacc-csp.md) |  |  |  |
|
||||
| [DMClient CSP](dmclient-csp.md) |  |  |  |
|
||||
| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) |  |  |  <sup>10</sup> |
|
||||
| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) |  |  |  |
|
||||
| [NetworkProxy CSP](networkproxy-csp.md) |  |  |  |
|
||||
| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) |  |  |  <sup>8</sup>|
|
||||
| [NodeCache CSP](nodecache-csp.md) |  |  |  |
|
||||
[PassportForWork CSP](passportforwork-csp.md) |  |  |  |
|
||||
| [Policy CSP](policy-configuration-service-provider.md) |  |  |  |
|
||||
| [RemoteFind CSP](remotefind-csp.md) |  |  <sup>4</sup> |  |
|
||||
| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only) |  |  <sup>4</sup> |  |
|
||||
| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) |  |  |  |
|
||||
| [TenantLockdown CSP](tenantlockdown-csp.md) |  |  |  <sup>10</sup> |
|
||||
| [Update CSP](update-csp.md) |  |  |  |
|
||||
| [VPNv2 CSP](vpnv2-csp.md) |  |  |  |
|
||||
| [WiFi CSP](wifi-csp.md) |  |  |  |
|
||||
| [WindowsLicensing CSP](windowslicensing-csp.md) |  |  |  |
|
||||
|
||||
|
||||
## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
|
||||
|
||||
@ -35,48 +35,48 @@ DeveloperSetup
|
||||
------------HttpsPort
|
||||
```
|
||||
<a href="" id="developersetup"></a>**DeveloperSetup**
|
||||
<p style="margin-left: 20px">The root node for the DeveloperSetup configuration service provider.
|
||||
<p>The root node for the DeveloperSetup configuration service provider.
|
||||
|
||||
<a href="" id="enabledevelopermode"></a>**EnableDeveloperMode**
|
||||
<p style="margin-left: 20px">A Boolean value that is used to enable Developer Mode on the device. The default value is false.
|
||||
<p>A Boolean value that is used to enable Developer Mode on the device. The default value is false.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Replace.
|
||||
<p>The only supported operation is Replace.
|
||||
|
||||
<a href="" id="deviceportal"></a>**DevicePortal**
|
||||
<p style="margin-left: 20px">The node for the Windows Device Portal.
|
||||
<p>The node for the Windows Device Portal.
|
||||
|
||||
<a href="" id="deviceportal-authentication"></a>**DevicePortal/Authentication**
|
||||
<p style="margin-left: 20px">The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal.
|
||||
<p>The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal.
|
||||
|
||||
<a href="" id="deviceportal-authentication-mode"></a>**DevicePortal/Authentication/Mode**
|
||||
<p style="margin-left: 20px">An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.
|
||||
<p>An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Replace.
|
||||
<p>The only supported operation is Replace.
|
||||
|
||||
<a href="" id="deviceportal-authentication-basicauth"></a>**DevicePortal/Authentication/BasicAuth**
|
||||
<p style="margin-left: 20px">The node that describes the credentials that are used for basic authentication with the Windows Device Portal.
|
||||
<p>The node that describes the credentials that are used for basic authentication with the Windows Device Portal.
|
||||
|
||||
<a href="" id="deviceportal-authentication-username"></a>**DevicePortal/Authentication/BasicAuth/Username**
|
||||
<p style="margin-left: 20px">A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal.
|
||||
<p>A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal.
|
||||
The user name must contain only ASCII characters and cannot contain a colon (:).
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Replace.
|
||||
<p>The only supported operation is Replace.
|
||||
|
||||
<a href="" id="deviceportal-authentication-password"></a>**DevicePortal/Authentication/BasicAuth/Password**
|
||||
<p style="margin-left: 20px">A string value that specifies the password to use when authenticating requests against the Windows Device Portal.
|
||||
<p>A string value that specifies the password to use when authenticating requests against the Windows Device Portal.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Replace.
|
||||
<p>The only supported operation is Replace.
|
||||
|
||||
<a href="" id="deviceportal-connection"></a>**DevicePortal/Connection**
|
||||
<p style="margin-left: 20px">The node for configuring connections to the Windows Device Portal service.
|
||||
<p>The node for configuring connections to the Windows Device Portal service.
|
||||
|
||||
<a href="" id="deviceportal-connection-httpport"></a>**DevicePortal/Connection/HttpPort**
|
||||
<p style="margin-left: 20px">An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service.
|
||||
<p>An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service.
|
||||
If authentication is enabled, <strong>HttpPort</strong> will redirect the user to the (required) <strong>HttpsPort</strong>.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Replace.
|
||||
<p>The only supported operation is Replace.
|
||||
|
||||
<a href="" id="deviceportal-connection-httpsport"></a>**DevicePortal/Connection/HttpsPort**
|
||||
<p style="margin-left: 20px">An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.
|
||||
<p>An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.
|
||||
|
||||
<p style="margin-left: 20px">The only supported operation is Replace.
|
||||
<p>The only supported operation is Replace.
|
||||
@ -42,7 +42,7 @@ For more information about the CSPs, see [Update CSP](update-csp.md) and the upd
|
||||
|
||||
The following diagram provides a conceptual overview of how this works:
|
||||
|
||||
|
||||
|
||||
|
||||
The diagram can be roughly divided into three areas:
|
||||
|
||||
@ -56,7 +56,7 @@ The Microsoft Update Catalog is huge and contains many updates that are not need
|
||||
|
||||
This section describes how this is done. The following diagram shows the server-server sync protocol process.
|
||||
|
||||
|
||||
|
||||
|
||||
MSDN provides much information about the Server-Server sync protocol. In particular:
|
||||
|
||||
@ -140,56 +140,56 @@ The enterprise IT can configure auto-update polices via OMA DM using the [Policy
|
||||
|
||||
The following diagram shows the Update policies in a tree format.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="update-activehoursend"></a>**Update/ActiveHoursEnd**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin (when used with <strong>Update/ActiveHoursStart</strong>) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
|
||||
<p>Added in Windows 10, version 1607. Allows the IT admin (when used with <strong>Update/ActiveHoursStart</strong>) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
|
||||
|
||||
> [!NOTE]
|
||||
> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
|
||||
<p>Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
|
||||
|
||||
<p style="margin-left: 20px">The default is 17 (5 PM).
|
||||
<p>The default is 17 (5 PM).
|
||||
|
||||
<a href="" id="update-activehoursmaxrange"></a>**Update/ActiveHoursMaxRange**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 8-18.
|
||||
<p>Supported values are 8-18.
|
||||
|
||||
<p style="margin-left: 20px">The default value is 18 (hours).
|
||||
<p>The default value is 18 (hours).
|
||||
|
||||
<a href="" id="update-activehoursstart"></a>**Update/ActiveHoursStart**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin (when used with <strong>Update/ActiveHoursEnd</strong>) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
|
||||
<p>Added in Windows 10, version 1607. Allows the IT admin (when used with <strong>Update/ActiveHoursEnd</strong>) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
|
||||
|
||||
> [!NOTE]
|
||||
> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
|
||||
<p>Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
|
||||
|
||||
<p style="margin-left: 20px">The default value is 8 (8 AM).
|
||||
<p>The default value is 8 (8 AM).
|
||||
|
||||
<a href="" id="update-allowautoupdate"></a>**Update/AllowAutoUpdate**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
|
||||
<p>Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.
|
||||
<p>Supported operations are Get and Replace.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
|
||||
- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
|
||||
@ -202,16 +202,16 @@ The following diagram shows the Update policies in a tree format.
|
||||
> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">If the policy is not configured, end-users get the default behavior (Auto install and restart).
|
||||
<p>If the policy is not configured, end-users get the default behavior (Auto install and restart).
|
||||
|
||||
<a href="" id="update-allowmuupdateservice"></a>**Update/AllowMUUpdateService**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
|
||||
<p>Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 – Not allowed or not configured.
|
||||
- 1 – Allowed. Accepts updates received through Microsoft Update.
|
||||
@ -221,29 +221,29 @@ The following diagram shows the Update policies in a tree format.
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise and Windows 10 Education.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third party software and patch distribution.
|
||||
<p>Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third party software and patch distribution.
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.
|
||||
<p>Supported operations are Get and Replace.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
|
||||
- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
|
||||
|
||||
<p style="margin-left: 20px">This policy is specific to desktop and local publishing via WSUS for third party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
|
||||
<p>This policy is specific to desktop and local publishing via WSUS for third party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
|
||||
|
||||
<a href="" id="update-allowupdateservice"></a>**Update/AllowUpdateService**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft.
|
||||
<p>Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft.
|
||||
|
||||
<p style="margin-left: 20px">Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft
|
||||
<p>Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft
|
||||
|
||||
<p style="margin-left: 20px">Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft to stop working.
|
||||
<p>Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft to stop working.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 – Update service is not allowed.
|
||||
- 1 (default) – Update service is allowed.
|
||||
@ -257,20 +257,20 @@ The following diagram shows the Update policies in a tree format.
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 15, 30, 60, 120, and 240 (minutes).
|
||||
<p>Supported values are 15, 30, 60, 120, and 240 (minutes).
|
||||
|
||||
<p style="margin-left: 20px">The default value is 15 (minutes).
|
||||
<p>The default value is 15 (minutes).
|
||||
|
||||
<a href="" id="update-autorestartrequirednotificationdismissal"></a>**Update/AutoRestartRequiredNotificationDismissal**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 1 (default) – Auto Dismissal.
|
||||
- 2 – User Dismissal.
|
||||
@ -280,9 +280,9 @@ The following diagram shows the Update policies in a tree format.
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
|
||||
<p>Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 16 (default) – User gets all applicable upgrades from Current Branch (CB).
|
||||
- 32 – User gets upgrades from Current Branch for Business (CBB).
|
||||
@ -291,18 +291,18 @@ The following diagram shows the Update policies in a tree format.
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
|
||||
<p>Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-180.
|
||||
<p>Supported values are 0-180.
|
||||
|
||||
<a href="" id="update-deferqualityupdatesperiodindays"></a>**Update/DeferQualityUpdatesPeriodInDays**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
|
||||
<p>Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-30.
|
||||
<p>Supported values are 0-30.
|
||||
|
||||
<a href="" id="update-deferupdateperiod"></a>**Update/DeferUpdatePeriod**
|
||||
> [!NOTE]
|
||||
@ -311,15 +311,15 @@ The following diagram shows the Update policies in a tree format.
|
||||
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows IT Admins to specify update delays for up to four weeks.
|
||||
<p>Allows IT Admins to specify update delays for up to four weeks.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-4, which refers to the number of weeks to defer updates.
|
||||
<p>Supported values are 0-4, which refers to the number of weeks to defer updates.
|
||||
|
||||
<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
<p>If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
|
||||
<p style="margin-left: 20px">If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
<p>If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
|
||||
<table style="margin-left: 20px">
|
||||
<table>
|
||||
<colgroup>
|
||||
<col width="25%" />
|
||||
<col width="25%" />
|
||||
@ -336,16 +336,16 @@ The following diagram shows the Update policies in a tree format.
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>OS upgrade</p></td>
|
||||
<td style="vertical-align:top"><p>8 months</p></td>
|
||||
<td style="vertical-align:top"><p>1 month</p></td>
|
||||
<td style="vertical-align:top"><p>Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5</p></td>
|
||||
<td><p>OS upgrade</p></td>
|
||||
<td><p>8 months</p></td>
|
||||
<td><p>1 month</p></td>
|
||||
<td><p>Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Update</p></td>
|
||||
<td style="vertical-align:top"><p>1 month</p></td>
|
||||
<td style="vertical-align:top"><p>1 week</p></td>
|
||||
<td style="vertical-align:top"><div class="alert">
|
||||
<td><p>Update</p></td>
|
||||
<td><p>1 month</p></td>
|
||||
<td><p>1 week</p></td>
|
||||
<td><div class="alert">
|
||||
<strong>Note</strong>
|
||||
If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
|
||||
</div>
|
||||
@ -361,10 +361,10 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
</ul></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Other/cannot defer</p></td>
|
||||
<td style="vertical-align:top"><p>No deferral</p></td>
|
||||
<td style="vertical-align:top"><p>No deferral</p></td>
|
||||
<td style="vertical-align:top"><p>Any update category not enumerated above falls into this category.</p>
|
||||
<td><p>Other/cannot defer</p></td>
|
||||
<td><p>No deferral</p></td>
|
||||
<td><p>No deferral</p></td>
|
||||
<td><p>Any update category not enumerated above falls into this category.</p>
|
||||
<p>Definition Update - E0789628-CE08-4437-BE74-2495B842F43B</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
@ -380,71 +380,71 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows IT Admins to specify additional upgrade delays for up to eight months.
|
||||
<p>Allows IT Admins to specify additional upgrade delays for up to eight months.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-8, which refers to the number of months to defer upgrades.
|
||||
<p>Supported values are 0-8, which refers to the number of months to defer upgrades.
|
||||
|
||||
<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
<p>If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
|
||||
<p style="margin-left: 20px">If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
<p>If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
|
||||
<a href="" id="update-engagedrestartdeadline"></a>**Update/EngagedRestartDeadline**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 2-30 days.
|
||||
<p>Supported values are 2-30 days.
|
||||
|
||||
<p style="margin-left: 20px">The default value is 0 days (not specified).
|
||||
<p>The default value is 0 days (not specified).
|
||||
|
||||
<a href="" id="update-engagedrestartsnoozeschedule"></a>**Update/EngagedRestartSnoozeSchedule**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 1-3 days.
|
||||
<p>Supported values are 1-3 days.
|
||||
|
||||
<p style="margin-left: 20px">The default value is three days.
|
||||
<p>The default value is three days.
|
||||
|
||||
<a href="" id="update-engagedrestarttransitionschedule"></a>**Update/EngagedRestartTransitionSchedule**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 2-30 days.
|
||||
<p>Supported values are 2-30 days.
|
||||
|
||||
<p style="margin-left: 20px">The default value is seven days.
|
||||
<p>The default value is seven days.
|
||||
|
||||
<a href="" id="update-excludewudriversinqualityupdate"></a>**Update/ExcludeWUDriversInQualityUpdate**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
|
||||
> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
|
||||
<p>Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Allow Windows Update drivers.
|
||||
- 1 – Exclude Windows Update drivers.
|
||||
|
||||
<a href="" id="update-ignoremoappdownloadlimit"></a>**Update/IgnoreMOAppDownloadLimit**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
|
||||
<p>Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
|
||||
|
||||
> [!WARNING]
|
||||
> Setting this policy might cause devices to incur costs from MO operators.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Do not ignore MO download limit for apps and their updates.
|
||||
- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
|
||||
|
||||
<p style="margin-left: 20px">To validate this policy:
|
||||
<p>To validate this policy:
|
||||
|
||||
1. Enable the policy ensure the device is on a cellular network.
|
||||
2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
|
||||
@ -456,17 +456,17 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
|
||||
|
||||
<a href="" id="update-ignoremoupdatedownloadlimit"></a>**Update/IgnoreMOUpdateDownloadLimit**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
|
||||
<p>Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
|
||||
|
||||
> [!WARNING]
|
||||
> Setting this policy might cause devices to incur costs from MO operators.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Do not ignore MO download limit for OS updates.
|
||||
- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
|
||||
|
||||
<p style="margin-left: 20px">To validate this policy:
|
||||
<p>To validate this policy:
|
||||
|
||||
1. Enable the policy and ensure the device is on a cellular network.
|
||||
2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell:
|
||||
@ -482,24 +482,24 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
|
||||
<p>Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Deferrals are not paused.
|
||||
- 1 – Deferrals are paused.
|
||||
|
||||
<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
<p>If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
|
||||
<p style="margin-left: 20px">If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
<p>If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
|
||||
|
||||
<a href="" id="update-pausefeatureupdates"></a>**Update/PauseFeatureUpdates**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
|
||||
<p>Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Feature Updates are not paused.
|
||||
- 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
|
||||
@ -509,9 +509,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
|
||||
<p>Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Quality Updates are not paused.
|
||||
- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
|
||||
@ -523,9 +523,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows the IT admin to set a device to CBB train.
|
||||
<p>Allows the IT admin to set a device to CBB train.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – User gets upgrades from Current Branch.
|
||||
- 1 – User gets upgrades from Current Branch for Business.
|
||||
@ -541,11 +541,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
|
||||
<p>Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.
|
||||
<p>Supported operations are Get and Replace.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 – Not configured. The device installs all applicable updates.
|
||||
- 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
|
||||
@ -555,24 +555,24 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 15, 30, or 60 (minutes).
|
||||
<p>Supported values are 15, 30, or 60 (minutes).
|
||||
|
||||
<p style="margin-left: 20px">The default value is 15 (minutes).
|
||||
<p>The default value is 15 (minutes).
|
||||
|
||||
<a href="" id="update-scheduledinstallday"></a>**Update/ScheduledInstallDay**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Enables the IT admin to schedule the day of the update installation.
|
||||
<p>Enables the IT admin to schedule the day of the update installation.
|
||||
|
||||
<p style="margin-left: 20px">The data type is a string.
|
||||
<p>The data type is a string.
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
|
||||
<p>Supported operations are Add, Delete, Get, and Replace.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Every day
|
||||
- 1 – Sunday
|
||||
@ -588,35 +588,35 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Enables the IT admin to schedule the time of the update installation.
|
||||
<p>Enables the IT admin to schedule the time of the update installation.
|
||||
|
||||
<p style="margin-left: 20px">The data type is a string.
|
||||
<p>The data type is a string.
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
|
||||
<p>Supported operations are Add, Delete, Get, and Replace.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
|
||||
<p>Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
|
||||
|
||||
<p style="margin-left: 20px">The default value is 3.
|
||||
<p>The default value is 3.
|
||||
|
||||
<a href="" id="update-schedulerestartwarning"></a>**Update/ScheduleRestartWarning**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto restart warning reminder notifications.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto restart warning reminder notifications.
|
||||
|
||||
<p style="margin-left: 20px">Supported values are 2, 4, 8, 12, or 24 (hours).
|
||||
<p>Supported values are 2, 4, 8, 12, or 24 (hours).
|
||||
|
||||
<p style="margin-left: 20px">The default value is 4 (hours).
|
||||
<p>The default value is 4 (hours).
|
||||
|
||||
<a href="" id="update-setautorestartnotificationdisable"></a>**Update/SetAutoRestartNotificationDisable**
|
||||
> [!NOTE]
|
||||
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to disable auto restart notifications for update installations.
|
||||
<p>Added in Windows 10, version 1703. Allows the IT Admin to disable auto restart notifications for update installations.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Enabled
|
||||
- 1 – Disabled
|
||||
@ -628,11 +628,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
|
||||
> [!Important]
|
||||
> Starting in Windows 10, version 1703 this policy is not supported in IoT Enterprise.
|
||||
|
||||
<p style="margin-left: 20px">Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
|
||||
<p>Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.
|
||||
<p>Supported operations are Get and Replace.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
<p>The following list shows the supported values:
|
||||
|
||||
- Not configured. The device checks for updates from Microsoft Update.
|
||||
- Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
|
||||
@ -659,13 +659,13 @@ Example
|
||||
|
||||
> **Note** This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
|
||||
|
||||
<p style="margin-left: 20px">Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
|
||||
<p>Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
|
||||
|
||||
<p style="margin-left: 20px">This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
|
||||
<p>This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
|
||||
|
||||
<p style="margin-left: 20px">To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
|
||||
<p>To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
|
||||
|
||||
<p style="margin-left: 20px">Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
|
||||
<p>Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
|
||||
|
||||
> [!Note]
|
||||
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
|
||||
@ -676,7 +676,7 @@ Example
|
||||
|
||||
The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](update-csp.md). The following diagram shows the Update CSP in tree format..
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="update"></a>**Update**
|
||||
The root node.
|
||||
@ -827,50 +827,50 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>BranchReadinessLevel</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>16: systems take Feature Updates on the Current Branch (CB) train</p>
|
||||
<td><p>BranchReadinessLevel</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>16: systems take Feature Updates on the Current Branch (CB) train</p>
|
||||
<p>32: systems take Feature Updates on the Current Branch for Business</p>
|
||||
<p>Other value or absent: receive all applicable updates (CB)</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>DeferQualityUpdates</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>1: defer quality updates</p>
|
||||
<td><p>DeferQualityUpdates</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>1: defer quality updates</p>
|
||||
<p>Other value or absent: don’t defer quality updates</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>DeferQualityUpdatesPeriodInDays</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>0-30: days to defer quality updates</p></td>
|
||||
<td><p>DeferQualityUpdatesPeriodInDays</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>0-30: days to defer quality updates</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>PauseQualityUpdates</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>1: pause quality updates</p>
|
||||
<td><p>PauseQualityUpdates</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>1: pause quality updates</p>
|
||||
<p>Other value or absent: don’t pause quality updates</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>DeferFeatureUpdates</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>1: defer feature updates</p>
|
||||
<td><p>DeferFeatureUpdates</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>1: defer feature updates</p>
|
||||
<p>Other value or absent: don’t defer feature updates</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>DeferFeatureUpdatesPeriodInDays</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>0-180: days to defer feature updates</p></td>
|
||||
<td><p>DeferFeatureUpdatesPeriodInDays</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>0-180: days to defer feature updates</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>PauseFeatureUpdates</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>1: pause feature updates</p>
|
||||
<td><p>PauseFeatureUpdates</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>1: pause feature updates</p>
|
||||
<p>Other value or absent: don’t pause feature updates</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>ExcludeWUDriversInQualityUpdate</p></td>
|
||||
<td style="vertical-align:top"><p>REG_DWORD</p></td>
|
||||
<td style="vertical-align:top"><p>1: exclude WU drivers</p>
|
||||
<td><p>ExcludeWUDriversInQualityUpdate</p></td>
|
||||
<td><p>REG_DWORD</p></td>
|
||||
<td><p>1: exclude WU drivers</p>
|
||||
<p>Other value or absent: offer WU drivers</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
@ -889,9 +889,9 @@ Here is the list of older policies that are still supported for backward compati
|
||||
|
||||
The following screenshots of the administrator console show the list of update titles, approval status, and additional metadata fields.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## <a href="" id="syncmlexample"></a>SyncML example
|
||||
@ -945,5 +945,5 @@ Set auto update to notify and defer.
|
||||
|
||||
The following diagram and screenshots show the process flow of the device update process using Windows Server Update Services and Microsoft Update Catalog.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ The DeviceInstance CSP is only supported in Windows 10 Mobile.
|
||||
|
||||
The following diagram shows the DeviceInstanceService configuration service provider in tree format.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="roaming"></a>**Roaming**
|
||||
A boolean value that specifies the roaming status of the device. In dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/Roaming is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/Roaming.
|
||||
|
||||
@ -32,7 +32,7 @@ The DevicePasswordEnabled setting must be set to 0 (device password is enabled)
|
||||
|
||||
The following image shows the DeviceLock configuration service provider in tree format.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="provider"></a>**Provider**
|
||||
Required. An interior node to group all policy providers. Scope is permanent. Supported operation is Get.
|
||||
|
||||
@ -20,13 +20,13 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
|
||||
|
||||
1. On your managed device go to **Settings** > **Accounts** > **Access work or school**.
|
||||
1. Click your work or school account, then click **Info.**
|
||||
|
||||
|
||||
|
||||
1. At the bottom of the **Settings** page, click **Create report**.
|
||||
|
||||
|
||||
1. A window opens that shows the path to the log files. Click **Export**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
|
||||
|
||||
@ -59,7 +59,7 @@ Starting with the Windows 10, version 1511, MDM logs are captured in the Event
|
||||
|
||||
Here's a screenshot:
|
||||
|
||||
|
||||
|
||||
|
||||
In this location, the **Admin** channel logs events by default. However, if you need more details logs you can enable **Debug** logs by choosing **Show Analytic and Debug** logs option in **View** menu in Event Viewer.
|
||||
|
||||
@ -238,26 +238,26 @@ For best results, ensure that the PC or VM on which you are viewing logs matches
|
||||
1. Open eventvwr.msc.
|
||||
2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Navigate to the etl file that you got from the device and then open the file.
|
||||
4. Click **Yes** when prompted to save it to the new log format.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Now you are ready to start reviewing the logs.
|
||||
|
||||
|
||||
|
||||
|
||||
## Collect device state data
|
||||
|
||||
|
||||
@ -137,7 +137,7 @@ You can only use the Work Access page to unenroll under the following conditions
|
||||
|
||||
When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
|
||||
|
||||
|
||||
|
||||
|
||||
When a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be re-imaged. When devices are remotely unenrolled from MDM, the AAD association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state.
|
||||
|
||||
|
||||
@ -62,25 +62,25 @@ HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
|
||||
## Parameters
|
||||
|
||||
*pszXmlIn*
|
||||
<ul style="list-style-type:none">
|
||||
<ul>
|
||||
<li>[in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. <strong>DMProcessConfigXMLFiltered</strong> accepts only OMA Client Provisioning XML (also known as WAP provisioning). It does not accept OMA DM SyncML XML (also known as SyncML).</li>
|
||||
</ul>
|
||||
<br>
|
||||
|
||||
*rgszAllowedCspNode*
|
||||
<ul style="list-style-type:none">
|
||||
<ul>
|
||||
<li>[in] Array of <strong>WCHAR\</strong>* that specify which configuration service provider nodes are allowed to be invoked.</li>
|
||||
</ul>
|
||||
<br>
|
||||
|
||||
*dwNumAllowedCspNodes*
|
||||
<ul style="list-style-type:none">
|
||||
<ul>
|
||||
<li>[in] Number of elements passed in <em>rgszAllowedCspNode</em>.</li>
|
||||
</ul>
|
||||
<br>
|
||||
|
||||
*pbstrXmlOut*
|
||||
<ul style="list-style-type:none">
|
||||
<ul>
|
||||
<li>[out] The resulting null–terminated XML from configuration. The caller of <strong>DMProcessConfigXMLFiltered</strong> is responsible for cleanup of the output buffer that the <em>pbstrXmlOut</em> parameter references. Use <a href="/windows/win32/api/oleauto/nf-oleauto-sysfreestring" data-raw-source="[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring)"><strong>SysFreeString</strong></a> to free the memory.</li>
|
||||
</ul>
|
||||
<br>
|
||||
@ -104,24 +104,24 @@ Returns the standard **HRESULT** value **S\_OK** to indicate success. The follow
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p><strong>CONFIG_E_OBJECTBUSY</strong></p></td>
|
||||
<td style="vertical-align:top"><p>Another instance of the configuration management service is currently running.</p></td>
|
||||
<td><p><strong>CONFIG_E_OBJECTBUSY</strong></p></td>
|
||||
<td><p>Another instance of the configuration management service is currently running.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p><strong>CONFIG_E_ENTRYNOTFOUND</strong></p></td>
|
||||
<td style="vertical-align:top"><p>No metabase entry was found.</p></td>
|
||||
<td><p><strong>CONFIG_E_ENTRYNOTFOUND</strong></p></td>
|
||||
<td><p>No metabase entry was found.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p><strong>CONFIG_E_CSPEXCEPTION</strong></p></td>
|
||||
<td style="vertical-align:top"><p>An exception occurred in one of the configuration service providers.</p></td>
|
||||
<td><p><strong>CONFIG_E_CSPEXCEPTION</strong></p></td>
|
||||
<td><p>An exception occurred in one of the configuration service providers.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p><strong>CONFIG_E_TRANSACTIONINGFAILURE</strong></p></td>
|
||||
<td style="vertical-align:top"><p>A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.</p></td>
|
||||
<td><p><strong>CONFIG_E_TRANSACTIONINGFAILURE</strong></p></td>
|
||||
<td><p>A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p><strong>CONFIG_E_BAD_XML</strong></p></td>
|
||||
<td style="vertical-align:top"><p>The XML input is invalid or malformed.</p></td>
|
||||
<td><p><strong>CONFIG_E_BAD_XML</strong></p></td>
|
||||
<td><p>The XML input is invalid or malformed.</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -196,28 +196,28 @@ if ( bstr != NULL )
|
||||
</colgroup>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Minimum supported client</p></td>
|
||||
<td style="vertical-align:top"><p>None supported</p></td>
|
||||
<td><p>Minimum supported client</p></td>
|
||||
<td><p>None supported</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Minimum supported server</p></td>
|
||||
<td style="vertical-align:top"><p>None supported</p></td>
|
||||
<td><p>Minimum supported server</p></td>
|
||||
<td><p>None supported</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Minimum supported phone</p></td>
|
||||
<td style="vertical-align:top"><p>Windows Phone 8.1</p></td>
|
||||
<td><p>Minimum supported phone</p></td>
|
||||
<td><p>Windows Phone 8.1</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>Header</p></td>
|
||||
<td style="vertical-align:top"><p>Dmprocessxmlfiltered.h</p></td>
|
||||
<td><p>Header</p></td>
|
||||
<td><p>Dmprocessxmlfiltered.h</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top"><p>Library</p></td>
|
||||
<td style="vertical-align:top"><p>Dmprocessxmlfiltered.lib</p></td>
|
||||
<td><p>Library</p></td>
|
||||
<td><p>Dmprocessxmlfiltered.lib</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top"><p>DLL</p></td>
|
||||
<td style="vertical-align:top"><p>Dmprocessxmlfiltered.dll</p></td>
|
||||
<td><p>DLL</p></td>
|
||||
<td><p>Dmprocessxmlfiltered.dll</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@ -63,41 +63,41 @@ DMSessionActions
|
||||
------------MaxTimeSessionsSkippedInLowPowerState
|
||||
```
|
||||
<a href="" id="vendor-msft-dmsessionactions"></a>**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**
|
||||
<p style="margin-left: 20px">Defines the root node for the DMSessionActions configuration service provider.</p>
|
||||
<p>Defines the root node for the DMSessionActions configuration service provider.</p>
|
||||
|
||||
<a href="" id="providerid"></a>***ProviderID***
|
||||
<p style="margin-left: 20px">Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. </p>
|
||||
<p>Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. </p>
|
||||
|
||||
<p style="margin-left: 20px">Scope is dynamic. Supported operations are Get, Add, and Delete.</p>
|
||||
<p>Scope is dynamic. Supported operations are Get, Add, and Delete.</p>
|
||||
|
||||
<a href="" id="checkinalertconfiguration"></a>***ProviderID*/CheckinAlertConfiguration**
|
||||
<p style="margin-left: 20px">Node for the custom configuration of alerts to be sent during MDM sync session.</p>
|
||||
<p>Node for the custom configuration of alerts to be sent during MDM sync session.</p>
|
||||
|
||||
<a href="" id="nodes"></a>***ProviderID*/CheckinAlertConfiguration/Nodes**
|
||||
<p style="margin-left: 20px">Required. Root node for URIs to be queried. Scope is dynamic.</p>
|
||||
<p>Required. Root node for URIs to be queried. Scope is dynamic.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operation is Get.</p>
|
||||
<p>Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="nodeid"></a>***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID***
|
||||
<p style="margin-left: 20px">Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic.</p>
|
||||
<p>Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get, Add, and Delete.</p>
|
||||
<p>Supported operations are Get, Add, and Delete.</p>
|
||||
|
||||
<a href="" id="nodeuri"></a>***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI**
|
||||
<p style="margin-left: 20px">Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
<p>Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.</p>
|
||||
<p>Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
|
||||
<a href="" id="alertdata"></a>**AlertData**
|
||||
<p style="margin-left: 20px">Node to query the custom alert per server configuration</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Node to query the custom alert per server configuration</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="powersettings"></a>**PowerSettings**
|
||||
<p style="margin-left: 20px">Node for power-related configrations</p>
|
||||
<p>Node for power-related configrations</p>
|
||||
|
||||
<a href="" id="maxskippedsessionsinlowpowerstate"></a>**PowerSettings/MaxSkippedSessionsInLowPowerState**
|
||||
<p style="margin-left: 20px">Maximum number of continuous skipped sync sessions when the device is in low-power state.</p>
|
||||
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
<p>Maximum number of continuous skipped sync sessions when the device is in low-power state.</p>
|
||||
<p>Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
|
||||
<a href="" id="maxtimesessionsskippedinlowpowerstate"></a>**PowerSettings/MaxTimeSessionsSkippedInLowPowerState**
|
||||
<p style="margin-left: 20px">Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state. </p>
|
||||
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
<p>Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state. </p>
|
||||
<p>Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
|
||||
@ -33,12 +33,12 @@ DynamicManagement
|
||||
----AlertsEnabled
|
||||
```
|
||||
<a href="" id="dynamicmanagement"></a>**DynamicManagement**
|
||||
<p style="margin-left: 20px">The root node for the DynamicManagement configuration service provider.</p>
|
||||
<p>The root node for the DynamicManagement configuration service provider.</p>
|
||||
|
||||
<a href="" id="notificationsenabled"></a>**NotificationsEnabled**
|
||||
<p style="margin-left: 20px">Boolean value for sending notification to the user of a context change.</p>
|
||||
<p style="margin-left: 20px">Default value is False. Supported operations are Get and Replace.</p>
|
||||
<p style="margin-left: 20px">Example to turn on NotificationsEnabled:</p>
|
||||
<p>Boolean value for sending notification to the user of a context change.</p>
|
||||
<p>Default value is False. Supported operations are Get and Replace.</p>
|
||||
<p>Example to turn on NotificationsEnabled:</p>
|
||||
|
||||
```xml
|
||||
<Replace>
|
||||
@ -56,40 +56,40 @@ DynamicManagement
|
||||
</Replace>
|
||||
```
|
||||
<a href="" id="activelist"></a>**ActiveList**
|
||||
<p style="margin-left: 20px">A string containing the list of all active ContextIDs on the device. Delimeter is unicode character 0xF000..</p>
|
||||
<p style="margin-left: 20px">Supported operation is Get.</p>
|
||||
<p>A string containing the list of all active ContextIDs on the device. Delimeter is unicode character 0xF000..</p>
|
||||
<p>Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="contexts"></a>**Contexts**
|
||||
<p style="margin-left: 20px">Node for context information.</p>
|
||||
<p style="margin-left: 20px">Supported operation is Get.</p>
|
||||
<p>Node for context information.</p>
|
||||
<p>Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="contextid"></a>***ContextID***
|
||||
<p style="margin-left: 20px">Node created by the server to define a context. Maximum number of characters allowed is 38.</p>
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, and Delete.</p>
|
||||
<p>Node created by the server to define a context. Maximum number of characters allowed is 38.</p>
|
||||
<p>Supported operations are Add, Get, and Delete.</p>
|
||||
|
||||
<a href="" id="signaldefinition"></a>**SignalDefinition**
|
||||
<p style="margin-left: 20px">Signal Definition XML.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Signal Definition XML.</p>
|
||||
<p>Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="settingspack"></a>**SettingsPack**
|
||||
<p style="margin-left: 20px">Settings that get applied when the Context is active.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Settings that get applied when the Context is active.</p>
|
||||
<p>Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="settingspackresponse"></a>**SettingsPackResponse**
|
||||
<p style="margin-left: 20px">Response from applying a Settings Pack that contains information on each individual action.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Response from applying a Settings Pack that contains information on each individual action.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="contextstatus"></a>**ContextStatus**
|
||||
<p style="margin-left: 20px">Reports status of the context. If there was a failure, SettingsPackResponse should be checked for what exactly failed.</p>
|
||||
<p style="margin-left: 20px">Value type is integer. Supported operation is Get.</p>
|
||||
<p>Reports status of the context. If there was a failure, SettingsPackResponse should be checked for what exactly failed.</p>
|
||||
<p>Value type is integer. Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="altitude"></a>**Altitude**
|
||||
<p style="margin-left: 20px">A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities.</p>
|
||||
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities.</p>
|
||||
<p>Value type is integer. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="alertsenabled"></a>**AlertsEnabled**
|
||||
<p style="margin-left: 20px">A Boolean value for sending an alert to the server when a context fails.</p>
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.</p>
|
||||
<p>A Boolean value for sending an alert to the server when a context fails.</p>
|
||||
<p>Supported operations are Get and Replace.</p>
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -24,35 +24,35 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
|
||||
|
||||
1. Run rasphone.exe.
|
||||
|
||||
|
||||
|
||||
|
||||
1. If you don't currently have a VPN connection and you see the following message, select **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. In the wizard, select **Workplace network**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Enter an Internet address and connection name. These can be fake since it does not impact the authentication parameters.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Create a fake VPN connection. In the UI shown here, select **Properties**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. In the **Test Properties** dialog, select the **Security** tab.
|
||||
|
||||
|
||||
|
||||
|
||||
1. On the **Security** tab, select **Use Extensible Authentication Protocol (EAP)**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. From the drop-down menu, select the EAP method that you want to configure, and then select **Properties** to configure as needed.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
|
||||
|
||||
@ -267,7 +267,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio
|
||||
1. Follow steps 1 through 7 in the EAP configuration article.
|
||||
1. In the **Microsoft VPN SelfHost Properties** dialog box, select **Microsoft: Smart Card or other Certificate** from the drop-down menu (this selects EAP TLS).
|
||||
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> For PEAP or TTLS, select the appropriate method and continue following this procedure.
|
||||
@ -277,11 +277,11 @@ Alternatively, you can use the following procedure to create an EAP configuratio
|
||||
1. Select the **Properties** button underneath the drop-down menu.
|
||||
1. On the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
|
||||
|
||||
|
||||
|
||||
|
||||
1. On the **Configure Certificate Selection** menu, adjust the filters as needed.
|
||||
|
||||
|
||||
|
||||
|
||||
1. Select **OK** to close the windows and get back to the main rasphone.exe dialog box.
|
||||
1. Close the rasphone dialog box.
|
||||
|
||||
@ -47,19 +47,19 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
|
||||
|
||||
2. Under **Best match**, click **Edit group policy** to launch it.
|
||||
|
||||
|
||||
|
||||
|
||||
3. In **Local Computer Policy** navigate to the policy you want to configure.
|
||||
|
||||
In this example, navigate to **Administrative Templates > System > App-V**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Double-click **Enable App-V Client**.
|
||||
|
||||
The **Options** section is empty, which means there are no parameters necessary to enable the policy. If the **Options** section is not empty, follow the procedure in [Enable a policy that requires parameters](#enable-a-policy-that-requires-parameters)
|
||||
|
||||
|
||||
|
||||
|
||||
3. Create the SyncML to enable the policy that does not require any parameter.
|
||||
|
||||
@ -99,15 +99,15 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
|
||||
|
||||
1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. Find the variable names of the parameters in the ADMX file.
|
||||
|
||||
You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
|
||||
|
||||
|
||||
|
||||
|
||||
3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
|
||||
|
||||
|
||||
@ -84,7 +84,7 @@ After the upgrade to Windows 10 is complete, if you decide to push down a new we
|
||||
|
||||
The following diagram shows a high-level overview of the process.
|
||||
|
||||
|
||||
|
||||
|
||||
## Step 1: Prepare a test device to download updates from Microsoft Update
|
||||
|
||||
@ -107,15 +107,15 @@ Trigger the device to check for updates either manually or using Microsoft Endpo
|
||||
|
||||
1. Remotely trigger a scan of the test device by deploying a Trigger Scan configuration baseline.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Set the value of this OMA-URI by going to **Configuration Item**, and then selecting the newly created Trigger Scan settings from the previous step.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Ensure that the value that is specified for this URI is greater than the value on the device(s), and that the **Remediate noncompliant rules when supported** option is selected. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Create a configuration baseline for Trigger Scan and Deploy. We recommend that this configuration baseline be deployed after the Controlled Updates baseline has been applied to the device. (The corresponding files are deployed on the device through a device sync session.)
|
||||
5. Follow the prompts for downloading the updates, but do not install the updates on the device.
|
||||
@ -216,11 +216,11 @@ The deployment process has three parts:
|
||||
|
||||
1. Create a configuration item. In the **Browse Settings** window, select **Device File** as a filter, and then select **Select**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Browse to the DUControlledUpdates.xml that was created from the test device, and then specify the file path and name on the device as `NonPersistent\DUControlledUpdates.xml`.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Select **Remediate noncompliant settings**, and then select **OK**.
|
||||
|
||||
@ -231,7 +231,7 @@ The deployment process has three parts:
|
||||
1. Create a configuration item and specify the file path and name on the device as `NonPersistent\DUCustomContentURIs.xml`
|
||||
2. Select **Remediate noncompliant settings**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Select **OK**.
|
||||
|
||||
@ -242,11 +242,11 @@ The deployment process has three parts:
|
||||
1. Create a configuration baseline item and give it a name (such as ControlledUpdates).
|
||||
2. Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then select **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Deploy the configuration baseline to the appropriate device or device collection.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **OK**.
|
||||
|
||||
@ -472,57 +472,57 @@ Use this procedure for pre-GDR1 devices:
|
||||
2. In Microsoft Endpoint Configuration Manager, under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Items**.
|
||||
3. Select **Create Configuration Item**.
|
||||
|
||||
|
||||
|
||||
4. Enter a filename (such as GetDUReport), and then select **Mobile Device**.
|
||||
5. On the **Mobile Device Settings** page, select **Configure Additional Settings that are not in the default settings group**, and then select **Next**.
|
||||
|
||||
|
||||
|
||||
6. On the **Additional Settings** page, select **Add**.
|
||||
|
||||
|
||||
|
||||
7. On the **Browse Settings** page, select **Create Setting**.
|
||||
|
||||
|
||||
|
||||
8. Enter a unique **Name**. For **Setting type**, select **OMA-URI**, and for **Data type**, select **String**.
|
||||
9. In the **OMA-URI** text box, enter `./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml`, and then select **OK**.
|
||||
|
||||
|
||||
|
||||
10. On the **Browse Settings** page, select **Close**.
|
||||
11. On the **Create Configuration Item Wizard** page, select **All Windows Embedded 8.1 Handheld** as the supported platform, and then select **Next**.
|
||||
|
||||
|
||||
|
||||
12. Close the **Create Configuration Item Wizard** page.
|
||||
13. Right-click on the newly create configuration item, and then select the **Compliance Rules** tab.
|
||||
14. Select the new created mobile device setting (such as DUReport), and then select **Select**.
|
||||
15. Enter a dummy value (such as zzz) that is different from the one on the device.
|
||||
|
||||
|
||||
|
||||
16. Disable remediation by deselecting the **Remediate noncompliant rules when supported** option.
|
||||
17. Select **OK** to close the **Edit Rule** page.
|
||||
18. Create a new configuration baseline. Under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Baselines**.
|
||||
19. Select **Create Configuration Item**.
|
||||
|
||||
|
||||
|
||||
20. Enter a baseline name (such as RetrieveDUReport).
|
||||
21. Add the configuration item that you just created. Select **Add**, and then select the configuration item that you just created (such as DUReport).
|
||||
|
||||
|
||||
|
||||
22. Select **OK**, and then select **OK** again to complete the configuration baseline.
|
||||
23. Deploy the newly created configuration baseline to the appropriate device collection. Right-click on the configuration baseline that you created, and then select **Deploy**.
|
||||
|
||||
|
||||
|
||||
24. Select **Remediate noncompliant rules when supported**.
|
||||
25. Select the appropriate device collection and define the schedule.
|
||||
|
||||
|
||||
|
||||
26. To view the DUReport content, select the appropriate deployment for the configuration baseline that you created. Right-click on the deployment, and then select **View Status**.
|
||||
27. Select **Run Summarization**, and then select **Refresh**. The test device(s) should be listed on the **Non-Compliant** tab.
|
||||
28. Under **Asset Details**, right-click on the test device, and then select **Mode Details**.
|
||||
|
||||
|
||||
|
||||
29. On the **Non-compliant** tab, you can see the DUReport, but you cannot retrieve the content from here.
|
||||
|
||||
|
||||
|
||||
30. To retrieve the DUReport, open C:\\Program Files\\SMS\_CCM\\SMS\_DM.log.
|
||||
31. In the log file, search from the bottom for "./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml" RuleExression="Equals zzz," where zzz is the dummy value. Just above this, copy the information for UpdateData and use this information to create the DUControlledUpdates.xml.
|
||||
|
||||
|
||||
@ -46,11 +46,11 @@ To ensure that the auto-enrollment feature is working as expected, you must veri
|
||||
The following steps demonstrate required settings using the Intune service:
|
||||
1. Verify that the user who is going to enroll the device has a valid Intune license.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
|
||||
|
||||
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
> For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
|
||||
@ -62,23 +62,23 @@ The following steps demonstrate required settings using the Intune service:
|
||||
|
||||
You can confirm that the device is properly hybrid-joined if both **AzureAdJoined** and **DomainJoined** are set to **YES**.
|
||||
|
||||
|
||||
|
||||
|
||||
Additionally, verify that the SSO State section displays **AzureAdPrt** as **YES**.
|
||||
|
||||
|
||||
|
||||
|
||||
This information can also be found on the Azure AD device list.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Verify that the MDM discovery URL during auto-enrollment is https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc
|
||||
|
||||
|
||||
|
||||
|
||||
6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
|
||||
You may contact your domain administrators to verify if the group policy has been deployed successfully.
|
||||
@ -87,7 +87,7 @@ You may contact your domain administrators to verify if the group policy has bee
|
||||
|
||||
9. Verify that Microsoft Intune should allow enrollment of Windows devices.
|
||||
|
||||
|
||||
|
||||
|
||||
## Configure the auto-enrollment Group Policy for a single PC
|
||||
|
||||
@ -102,18 +102,18 @@ Requirements:
|
||||
|
||||
Click Start, then in the text box type gpedit.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Under **Best match**, click **Edit group policy** to launch it.
|
||||
|
||||
3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
|
||||
|
||||
@ -129,7 +129,7 @@ Requirements:
|
||||
|
||||
If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot.
|
||||
|
||||
|
||||
|
||||
|
||||
> [!Tip]
|
||||
> You can avoid this behavior by using Conditional Access Policies in Azure AD.
|
||||
@ -139,7 +139,7 @@ Requirements:
|
||||
|
||||
7. Click **Info** to see the MDM enrollment information.
|
||||
|
||||
|
||||
|
||||
|
||||
If you do not see the **Info** button or the enrollment information, it is possible that the enrollment failed. Check the status in [Task Scheduler app](#task-scheduler-app).
|
||||
|
||||
@ -148,13 +148,13 @@ Requirements:
|
||||
|
||||
1. Click **Start**, then in the text box type **task scheduler**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Under **Best match**, click **Task Scheduler** to launch it.
|
||||
|
||||
3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
|
||||
|
||||
|
||||
|
||||
|
||||
To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
|
||||
|
||||
@ -239,13 +239,13 @@ To collect Event Viewer logs:
|
||||
|
||||
3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully:
|
||||
|
||||
|
||||
|
||||
|
||||
If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons:
|
||||
|
||||
- The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed:
|
||||
|
||||
|
||||
|
||||
|
||||
To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information.
|
||||
|
||||
@ -253,7 +253,7 @@ To collect Event Viewer logs:
|
||||
|
||||
The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot:
|
||||
|
||||
|
||||
|
||||
|
||||
> [!Note]
|
||||
> This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task.
|
||||
@ -262,24 +262,24 @@ To collect Event Viewer logs:
|
||||
**Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**.
|
||||
Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
|
||||
|
||||
|
||||
|
||||
|
||||
When the task is completed, a new event ID 102 is logged.
|
||||
|
||||
|
||||
|
||||
|
||||
Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
|
||||
|
||||
If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
|
||||
One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
|
||||
|
||||
|
||||
|
||||
|
||||
By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
|
||||
|
||||
A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
|
||||
|
||||
|
||||
|
||||
|
||||
### Related topics
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@ These classifications are represented as nodes in the EnterpriseModernAppManagem
|
||||
|
||||
The following diagram shows the EnterpriseModernAppManagement CSP in a tree format.
|
||||
|
||||
|
||||
|
||||
|
||||
Each app displays one package family name and 1-n package full names for installed apps. The apps are categorized based on their origin (Store, nonStore, System).
|
||||
|
||||
|
||||
@ -39,40 +39,40 @@ EnterpriseAPN
|
||||
--------HideView
|
||||
```
|
||||
<a href="" id="enterpriseapn"></a>**EnterpriseAPN**
|
||||
<p style="margin-left: 20px">The root node for the EnterpriseAPN configuration service provider.</p>
|
||||
<p>The root node for the EnterpriseAPN configuration service provider.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname"></a>**EnterpriseAPN/**<strong>*ConnectionName*</strong>
|
||||
<p style="margin-left: 20px">Name of the connection as seen by Windows Connection Manager.</p>
|
||||
<p>Name of the connection as seen by Windows Connection Manager.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-apnname"></a>**EnterpriseAPN/*ConnectionName*/APNName**
|
||||
<p style="margin-left: 20px">Enterprise APN name.</p>
|
||||
<p>Enterprise APN name.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-iptype"></a>**EnterpriseAPN/*ConnectionName*/IPType**
|
||||
<p style="margin-left: 20px">This value can be one of the following:</p>
|
||||
<p>This value can be one of the following:</p>
|
||||
|
||||
- IPv4 - only IPV4 connection type
|
||||
- IPv6 - only IPv6 connection type
|
||||
- IPv4v6 (default)- IPv4 and IPv6 concurrently.
|
||||
- IPv4v6xlat - IPv6 with IPv4 provided by 46xlat
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-isattachapn"></a>**EnterpriseAPN/*ConnectionName*/IsAttachAPN**
|
||||
<p style="margin-left: 20px">Boolean value that indicates whether this APN should be requested as part of an LTE Attach. Default value is false.</p>
|
||||
<p>Boolean value that indicates whether this APN should be requested as part of an LTE Attach. Default value is false.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-classid"></a>**EnterpriseAPN/*ConnectionName*/ClassId**
|
||||
<p style="margin-left: 20px">GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.</p>
|
||||
<p>GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-authtype"></a>**EnterpriseAPN/*ConnectionName*/AuthType**
|
||||
<p style="margin-left: 20px">Authentication type. This value can be one of the following:</p>
|
||||
<p>Authentication type. This value can be one of the following:</p>
|
||||
|
||||
- None (default)
|
||||
- Auto
|
||||
@ -80,39 +80,39 @@ EnterpriseAPN
|
||||
- CHAP
|
||||
- MSCHAPv2
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-username"></a>**EnterpriseAPN/*ConnectionName*/UserName**
|
||||
<p style="margin-left: 20px">User name for use with PAP, CHAP, or MSCHAPv2 authentication.</p>
|
||||
<p>User name for use with PAP, CHAP, or MSCHAPv2 authentication.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-password"></a>**EnterpriseAPN/*ConnectionName*/Password**
|
||||
<p style="margin-left: 20px">Password corresponding to the username.</p>
|
||||
<p>Password corresponding to the username.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-iccid"></a>**EnterpriseAPN/*ConnectionName*/IccId**
|
||||
<p style="margin-left: 20px">Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node is not present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.</p>
|
||||
<p>Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node is not present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-alwayson"></a>**EnterpriseAPN/*ConnectionName*/AlwaysOn**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.</p>
|
||||
<p>Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.</p>
|
||||
|
||||
<p style="margin-left: 20px">The default value is true.</p>
|
||||
<p>The default value is true.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-enabled"></a>**EnterpriseAPN/*ConnectionName*/Enabled**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.</p>
|
||||
<p>Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.</p>
|
||||
|
||||
<p style="margin-left: 20px">The default value is true.</p>
|
||||
<p>The default value is true.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-connectionname-roaming"></a>**EnterpriseAPN/*ConnectionName*/Roaming**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values:</p>
|
||||
<p>Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values:</p>
|
||||
|
||||
<ul>
|
||||
<li>0 - Disallowed</li>
|
||||
@ -123,27 +123,27 @@ EnterpriseAPN
|
||||
<li>5 - UseOnlyForRoaming</li>
|
||||
</ul>
|
||||
|
||||
<p style="margin-left: 20px">Default is 1 (all roaming allowed).</p>
|
||||
<p>Default is 1 (all roaming allowed).</p>
|
||||
|
||||
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
|
||||
|
||||
<a href="" id="enterpriseapn-settings"></a>**EnterpriseAPN/Settings**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Node that contains global settings.</p>
|
||||
<p>Added in Windows 10, version 1607. Node that contains global settings.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-settings-allowusercontrol"></a>**EnterpriseAPN/Settings/AllowUserControl**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.</p>
|
||||
<p>Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.</p>
|
||||
|
||||
<p style="margin-left: 20px">The default value is false.</p>
|
||||
<p>The default value is false.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.</p>
|
||||
<p>Supported operations are Get and Replace.</p>
|
||||
|
||||
<a href="" id="enterpriseapn-settings-hideview"></a>**EnterpriseAPN/Settings/HideView**
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.</p>
|
||||
<p>Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.</p>
|
||||
|
||||
<p style="margin-left: 20px">The default value is false.</p>
|
||||
<p>The default value is false.</p>
|
||||
|
||||
<p style="margin-left: 20px">Supported operations are Get and Replace.</p>
|
||||
<p>Supported operations are Get and Replace.</p>
|
||||
|
||||
## Examples
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ The EnterpriseAppManagement enterprise configuration service provider is used to
|
||||
|
||||
The following diagram shows the EnterpriseAppManagement configuration service provider in tree format.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="enterpriseid"></a>***EnterpriseID***
|
||||
Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications.
|
||||
|
||||
@ -45,68 +45,68 @@ EnterpriseAppVManagement
|
||||
------------Policy
|
||||
```
|
||||
**./Vendor/MSFT/EnterpriseAppVManagement**
|
||||
<p style="margin-left: 20px">Root node for the EnterpriseAppVManagement configuration service provider.</p>
|
||||
<p>Root node for the EnterpriseAppVManagement configuration service provider.</p>
|
||||
|
||||
**AppVPackageManagement**
|
||||
<p style="margin-left: 20px">Used to query App-V package information (post-publish).</p>
|
||||
<p>Used to query App-V package information (post-publish).</p>
|
||||
|
||||
**AppVPackageManagement/EnterpriseID**
|
||||
<p style="margin-left: 20px">Used to query package information. Value is always "HostedInstall".</p>
|
||||
<p>Used to query package information. Value is always "HostedInstall".</p>
|
||||
|
||||
**AppVPackageManagement/EnterpriseID/PackageFamilyName**
|
||||
<p style="margin-left: 20px">Package ID of the published App-V package.</p>
|
||||
<p>Package ID of the published App-V package.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName***
|
||||
<p style="margin-left: 20px">Version ID of the published App-V package.</p>
|
||||
<p>Version ID of the published App-V package.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name**
|
||||
<p style="margin-left: 20px">Name specified in the published AppV package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Name specified in the published AppV package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version**
|
||||
<p style="margin-left: 20px">Version specified in the published AppV package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Version specified in the published AppV package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher**
|
||||
<p style="margin-left: 20px">Publisher as specified in the published asset information of the AppV package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Publisher as specified in the published asset information of the AppV package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation**
|
||||
<p style="margin-left: 20px">Local package path specified in the published asset information of the AppV package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Local package path specified in the published asset information of the AppV package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate**
|
||||
<p style="margin-left: 20px">Date the app was installed, as specified in the published asset information of the AppV package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Date the app was installed, as specified in the published asset information of the AppV package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users**
|
||||
<p style="margin-left: 20px">Registered users for app, as specified in the published asset information of the AppV package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Registered users for app, as specified in the published asset information of the AppV package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId**
|
||||
<p style="margin-left: 20px"> Package ID of the published App-V package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p> Package ID of the published App-V package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId**
|
||||
<p style="margin-left: 20px">Version ID of the published App-V package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Version ID of the published App-V package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri**
|
||||
<p style="margin-left: 20px">Package URI of the published App-V package.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Package URI of the published App-V package.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPublishing**
|
||||
<p style="margin-left: 20px">Used to monitor publishing operations on App-V.</p>
|
||||
<p>Used to monitor publishing operations on App-V.</p>
|
||||
|
||||
**AppVPublishing/LastSync**
|
||||
<p style="margin-left: 20px">Used to monitor publishing status of last sync operation.</p>
|
||||
<p>Used to monitor publishing status of last sync operation.</p>
|
||||
|
||||
**AppVPublishing/LastSync/LastError**
|
||||
<p style="margin-left: 20px">Error code and error description of last sync operation.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Error code and error description of last sync operation.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPublishing/LastSync/LastErrorDescription**
|
||||
<p style="margin-left: 20px">Last sync error status. One of the following values may be returned:</p>
|
||||
<p>Last sync error status. One of the following values may be returned:</p>
|
||||
|
||||
- SYNC\_ERR_NONE (0) - No errors during publish.
|
||||
- SYNC\_ERR\_UNPUBLISH_GROUPS (1) - Unpublish groups failed during publish.
|
||||
@ -116,10 +116,10 @@ EnterpriseAppVManagement
|
||||
- SYNC\_ERR\_NEW_POLICY_WRITE (5) - New policy write failed during publish.
|
||||
- SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occurred during publish.
|
||||
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPublishing/LastSync/SyncStatusDescription**
|
||||
<p style="margin-left: 20px">Latest sync in-progress stage. One of the following values may be returned:</p>
|
||||
<p>Latest sync in-progress stage. One of the following values may be returned:</p>
|
||||
|
||||
- SYNC\_PROGRESS_IDLE (0) - App-V publishing is idle.
|
||||
- SYNC\_PROGRESS\_UNPUBLISH_GROUPS (1) - App-V connection groups publish in progress.
|
||||
@ -127,9 +127,9 @@ EnterpriseAppVManagement
|
||||
- SYNC\_PROGRESS\_PUBLISH\_GROUP_PACKAGES (3) - App-V packages (connection group) publish in progress.
|
||||
- SYN\C_PROGRESS_UNPUBLISH_PACKAGES (4) - App-V packages unpublish in progress.
|
||||
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
<strong>AppVPublishing/LastSync/SyncProgress</strong><br/><p style="margin-left: 20px">Latest sync state. One of the following values may be returned:</p>
|
||||
<strong>AppVPublishing/LastSync/SyncProgress</strong><br/><p>Latest sync state. One of the following values may be returned:</p>
|
||||
|
||||
- SYNC\_STATUS_IDLE (0) - App-V Sync is idle.
|
||||
- SYNC\_STATUS\_PUBLISH_STARTED (1) - App-V Sync is initializing.
|
||||
@ -137,22 +137,22 @@ EnterpriseAppVManagement
|
||||
- SYNC\_STATUS\_PUBLISH\_COMPLETED (3) - App-V Sync is complete.
|
||||
- SYNC\_STATUS\_PUBLISH\_REBOOT_REQUIRED (4) - App-V Sync requires device reboot.
|
||||
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
<p>Value type is string. Supported operation is Get.</p>
|
||||
|
||||
**AppVPublishing/Sync**
|
||||
<p style="margin-left: 20px">Used to perform App-V synchronization.</p>
|
||||
<p>Used to perform App-V synchronization.</p>
|
||||
|
||||
**AppVPublishing/Sync/PublishXML**
|
||||
<p style="margin-left: 20px">Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see <a href="/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8" data-raw-source="[[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8)">[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol</a>.</p>
|
||||
<p style="margin-left: 20px">Supported operations are Get, Delete, and Execute.</p>
|
||||
<p>Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see <a href="/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8" data-raw-source="[[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8)">[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol</a>.</p>
|
||||
<p>Supported operations are Get, Delete, and Execute.</p>
|
||||
|
||||
|
||||
**AppVDynamicPolicy**
|
||||
<p style="margin-left: 20px">Used to set App-V Policy Configuration documents for publishing packages.</p>
|
||||
<p>Used to set App-V Policy Configuration documents for publishing packages.</p>
|
||||
|
||||
**AppVDynamicPolicy/*ConfigurationId***
|
||||
<p style="margin-left: 20px">ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).</p>
|
||||
<p>ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).</p>
|
||||
|
||||
**AppVDynamicPolicy/*ConfigurationId*/Policy**
|
||||
<p style="margin-left: 20px">XML for App-V Policy Configuration documents for publishing packages.</p>
|
||||
<p style="margin-left: 20px">Value type is xml. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
<p>XML for App-V Policy Configuration documents for publishing packages.</p>
|
||||
<p>Value type is xml. Supported operations are Add, Get, Delete, and Replace.</p>
|
||||
@ -40,10 +40,10 @@ EnterpriseExtFileSystem
|
||||
The following list describes the characteristics and parameters.
|
||||
|
||||
<a href="" id="--vendor-msft-enterpriseextfilesystem"></a>**./Vendor/MSFT/EnterpriseExtFileSystem**
|
||||
<p style="margin-left: 25px">The root node for the EnterpriseExtFileSystem configuration service provider. Supported operations are Add and Get.</p>
|
||||
<p>The root node for the EnterpriseExtFileSystem configuration service provider. Supported operations are Add and Get.</p>
|
||||
|
||||
<a href="" id="persistent"></a>**Persistent**
|
||||
<p style="margin-left: 25px">The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Persistent folder, it accesses that data from the EnterpriseExtFileSystem\Persistent node. Files written to the Persistent folder persists over ordinary power cycles.</p>
|
||||
<p>The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Persistent folder, it accesses that data from the EnterpriseExtFileSystem\Persistent node. Files written to the Persistent folder persists over ordinary power cycles.</p>
|
||||
|
||||
> **Important** There is a limit to the amount of data that can be persisted, which varies depending on how much disk space is available on one of the partitions. This data cap amount (that can be persisted) varies by manufacturer.
|
||||
>
|
||||
@ -54,24 +54,24 @@ The following list describes the characteristics and parameters.
|
||||
|
||||
|
||||
<a href="" id="nonpersistent"></a>**NonPersistent**
|
||||
<p style="margin-left: 25px">The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Non-Persistent folder, it accesses that data from the EnterpriseExtFileSystem\NonPersistent node. Files written to the NonPersistent folder will persist over ordinary power cycles.</p>
|
||||
<p>The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Non-Persistent folder, it accesses that data from the EnterpriseExtFileSystem\NonPersistent node. Files written to the NonPersistent folder will persist over ordinary power cycles.</p>
|
||||
|
||||
<p style="margin-left: 25px">When the device is wiped, any data stored in the NonPersistent folder is deleted.</p>
|
||||
<p>When the device is wiped, any data stored in the NonPersistent folder is deleted.</p>
|
||||
|
||||
<a href="" id="oemprofile"></a>**OemProfile**
|
||||
<p style="margin-left: 25px">Added in Windows 10, version 1511. The EnterpriseExtFileSystem CSP allows an enterprise to deploy an OEM profile on the device, such as a barcode scanner profile then can be consumed by the OEM barcode scanner driver. The file is placed into the \data\shareddata\oem\public\profile\ folder of the device.</p>
|
||||
<p>Added in Windows 10, version 1511. The EnterpriseExtFileSystem CSP allows an enterprise to deploy an OEM profile on the device, such as a barcode scanner profile then can be consumed by the OEM barcode scanner driver. The file is placed into the \data\shareddata\oem\public\profile\ folder of the device.</p>
|
||||
|
||||
<a href="" id="directory"></a>***Directory***
|
||||
<p style="margin-left: 25px">The name of a directory in the device file system. Any <em>Directory</em> node can have directories and files as child nodes.</p>
|
||||
<p>The name of a directory in the device file system. Any <em>Directory</em> node can have directories and files as child nodes.</p>
|
||||
|
||||
<p style="margin-left: 25px">Use the Add command to create a new directory. You cannot use it to add a new directory under a file system root.</p>
|
||||
<p>Use the Add command to create a new directory. You cannot use it to add a new directory under a file system root.</p>
|
||||
|
||||
<p style="margin-left: 25px">Use the Get command to return the list of child node names under <em>Directory</em>.</p>
|
||||
<p>Use the Get command to return the list of child node names under <em>Directory</em>.</p>
|
||||
|
||||
<p style="margin-left: 25px">Use the Get command with ?List=Struct to recursively return all child node names, including subdirectory names, under <em>Directory</em>.</p>
|
||||
<p>Use the Get command with ?List=Struct to recursively return all child node names, including subdirectory names, under <em>Directory</em>.</p>
|
||||
|
||||
<a href="" id="filename"></a>***Filename***
|
||||
<p style="margin-left: 25px">The name of a file in the device file system.</p>
|
||||
<p>The name of a file in the device file system.</p>
|
||||
|
||||
Supported operations is Get.
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ The FileSystem configuration service provider is used to query, add, modify, and
|
||||
|
||||
The following diagram shows the FileSystem configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
|
||||
|
||||
|
||||
|
||||
|
||||
<a href="" id="filesystem"></a>**FileSystem**
|
||||
Required. Defines the root of the file system management object. It functions as the root directory for file system queries.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user