**Important**
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
-You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-Each XML file must include:
-
-- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
**Important**
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
-
-- **<docMode> tag.**This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-### Enterprise Mode v.1 XML schema example
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-```
-
**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). - -3. Click **OK** to close the **Bulk add sites to the list** menu. - -4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
deleted file mode 100644
index b4da3f64f5..0000000000
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ /dev/null
@@ -1,122 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: dansimp
-ms.prod: ie11
-ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/24/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
-
-To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-
-You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
->**Important:**
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
-
-You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
-Each XML file must include:
-
-- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains.
-
-- **<open-in> tag.** This tag specifies what browser opens for each sites or domain.
-
-### Enterprise Mode v.2 XML schema example
-
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-```
-
**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). - -3. Click **OK** to close the **Bulk add sites to the list** menu. - -4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md). - -## Next steps -After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Related topics -- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) -- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) - - - - - - diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md deleted file mode 100644 index 55b2dcd28a..0000000000 --- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -ms.localizationpriority: low -ms.mktglfcycl: deploy -ms.pagetype: appcompat -description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: dansimp -ms.prod: ie11 -ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26 -ms.reviewer: -manager: dansimp -ms.author: dansimp -title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) - -**Applies to:** - -- Windows 8.1 -- Windows 7 -- Windows Server 2008 R2 with Service Pack 1 (SP1) - -Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important**
You can only add specific URLs, not Internet or Intranet Zones.
-
-
**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see [Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-
**Note**
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. - -3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool. - -4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE. - -The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. - -Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). - -5. Click **Save** to validate your website and to add it to the site list for your enterprise.
-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. - -6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Next steps -After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Related topics -- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) - - - - - - diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md deleted file mode 100644 index c1a7aee9b8..0000000000 --- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -ms.localizationpriority: low -ms.mktglfcycl: deploy -ms.pagetype: appcompat -description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. -author: dansimp -ms.prod: ie11 -ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b -ms.reviewer: -manager: dansimp -ms.author: dansimp -title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) - -**Applies to:** - -- Windows 10 -- Windows 8.1 -- Windows 7 - -Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important**
You can only add specific URLs, not Internet or Intranet Zones.
-
-
**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-**Note**
If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. - -3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool. - -4. In the **Compat Mode** box, choose one of the following: - - - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode. - - - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode. - - - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode. - - - **Default Mode**. Loads the site using the default compatibility mode for the page. - - The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. - - Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). - -5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. - - - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. - - - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. - - - **None**. Opens in whatever browser the employee chooses. - -6. Click **Save** to validate your website and to add it to the site list for your enterprise.
-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. - -7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Next steps -After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). - -## Related topics -- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) - - - - - - diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md deleted file mode 100644 index d92810ceb5..0000000000 --- a/browsers/enterprise-mode/administrative-templates-and-ie11.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -ms.localizationpriority: low -ms.mktglfcycl: deploy -ms.pagetype: security -description: Administrative templates and Internet Explorer 11 -author: dansimp -ms.prod: ie11 -ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Administrative templates and Internet Explorer 11 - -Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including: - -- What registry locations correspond to each setting. - -- What value options or restrictions are associated with each setting. - -- The default value for many settings. - -- Text explanations about each setting and the supported version of Internet Explorer. - -For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519). - -## What are Administrative Templates? -Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates: - -- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor. - -- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language. - -## How do I store Administrative Templates? -As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs). -
**Important**
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
-
-## Administrative Templates-related Group Policy settings
-When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
-
**Note**
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the **PolicyDefinitions** folder on this computer.
-
-IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
-
-- Computer Configuration\\Administrative Templates\\Windows Components\\
-
-- User Configuration\\Administrative Templates\\Windows Components\\
-
-
-|Catalog |Description |
-| ------------------------------------------------ | --------------------------------------------|
-|IE |Turns standard IE configuration on and off. |
-|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
-|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
-|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
-|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
-|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
-|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
-|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
-|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
-|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
-|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
-|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
-|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
-|RSS Feeds |Sets up and manages RSS feeds in the browser. |
-
-
-## Editing Group Policy settings
-Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
-
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
-
-## Related topics
-- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
-
diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
deleted file mode 100644
index fd58f63df5..0000000000
--- a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Approve a change request using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
-
-## Approve or reject a change request
-The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
-
-**To approve or reject a change request**
-1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
-
- The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
-
-2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
-
-3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
-
- An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
-
-
-## Send a reminder to the Approver(s) group
-If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
-
-- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
-
- An email is sent to the selected Approver(s).
-
-
-## View rejected change requests
-The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
-
-**To view the rejected change request**
-
-- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
-
- All rejected change requests appear, with role assignment determining which ones are visible.
-
-
-## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
deleted file mode 100644
index 7696eedaca..0000000000
--- a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
-description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
-ms.reviewer:
-manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: low
----
-
-
-# Check for a new Enterprise Mode site list xml file
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
-
-**How Internet Explorer 11 looks for an updated site list**
-
-1. Internet Explorer starts up and looks for an updated site list in the following places:
-
- 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
-
- 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
-
- 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
-
-2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
**Note**
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
deleted file mode 100644
index 91c262c502..0000000000
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ /dev/null
@@ -1,446 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: dansimp
-ms.prod: ie11
-ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Collect data using Enterprise Site Discovery
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Collect data using Enterprise Site Discovery
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7 with Service Pack 1 (SP1)
-
-Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
-
->**Upgrade Analytics and Windows upgrades**
->You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-get-started).
-
-
-## Before you begin
-Before you start, you need to make sure you have the following:
-
-- Latest cumulative security update (for all supported versions of Internet Explorer):
-
- 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
-
- 
-
- 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
-
- 
-
- 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
-
-- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
-
- - Configuration-related PowerShell scripts
-
- - IETelemetry.mof file
-
- - Sample Configuration Manager report templates
-
- You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
-
-Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
-
-## What data is collected?
-Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
-
-|Data point |IE11 |IE10 |IE9 |IE8 |Description |
-|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
-|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. |
-|Domain | X | X | X | X |Top-level domain of the browsed site. |
-|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. |
-|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. |
-|Document mode reason | X | X | | |The reason why a document mode was set by IE. |
-|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. |
-|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. |
-|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. |
-|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. |
-|Number of visits | X | X | X | X |Number of times a site has been visited. |
-|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. |
-
-
->**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-### Understanding the returned reason codes
-The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
-
-#### DocMode reason
-The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
-|4 |Page is using an X-UA-compatible meta tag. |
-|5 |Page is using an X-UA-compatible HTTP header. |
-|6 |Page appears on an active **Compatibility View** list. |
-|7 |Page is using native XML parsing. |
-|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
-|9 |Page state is set by the browser mode and the page's DOCTYPE.|
-
-#### Browser state reason
-The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
-|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
-|3 |Site appears on an active **Compatibility View** list, created by the user. |
-|4 |Page is using an X-UA-compatible tag. |
-|5 |Page state is set by the **Developer** toolbar. |
-|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
-|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
-|8 |Site appears on the **Quirks** list, created in Group Policy. |
-|11 |Site is using the default browser. |
-
-#### Zone
-The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|-1 |Internet Explorer is using an invalid zone. |
-|0 |Internet Explorer is using the Local machine zone. |
-|1 |Internet Explorer is using the Local intranet zone. |
-|2 |Internet Explorer is using the Trusted sites zone. |
-|3 |Internet Explorer is using the Internet zone. |
-|4 |Internet Explorer is using the Restricted sites zone. |
-
-## Where is the data stored and how do I collect it?
-The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
-
-- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
-
-- **XML file**. Any agent that works with XML can be used.
-
-## WMI Site Discovery suggestions
-We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
-
-On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:
250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB
-
->**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-## Getting ready to use Enterprise Site Discovery
-Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
--OR- -- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
-You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
-
->**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
-
-**To set up Enterprise Site Discovery**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
-
-### WMI only: Set up your firewall for WMI data
-If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
-
-**To set up your firewall**
-
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-
-3. Restart your computer to start collecting your WMI data.
-
-## Use PowerShell to finish setting up Enterprise Site Discovery
-You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
-
->**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-
-- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
-
-- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
-
-**To set up data collection using a domain allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-
- >**Important**
Wildcards, like \*.microsoft.com, aren’t supported.
-
-**To set up data collection using a zone allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
-
- >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-
-## Use Group Policy to finish setting up Enterprise Site Discovery
-You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
-
->**Note**
All of the Group Policy settings can be used individually or as a group.
-
- **To set up Enterprise Site Discovery using Group Policy**
-
-- Open your Group Policy editor, and go to these new settings:
-
- |Setting name and location |Description |Options |
- |---------------------------|-------------|---------|
- |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone
**Example 1:** Include only the Local Intranet zone
Binary representation: *00010*, based on:
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone
**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones
Binary representation: *10110*, based on:
1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone |
- |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:
microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com |
-
-### Combining WMI and XML Group Policy settings
-You can use both the WMI and XML settings individually or together:
-
-**To turn off Enterprise Site Discovery**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | Off |
-|Turn on Site Discovery XML output | Blank |
-
-**Turn on WMI recording only**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | On |
-|Turn on Site Discovery XML output | Blank |
-
-**To turn on XML recording only**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | Off |
-|Turn on Site Discovery XML output | XML file path |
-
-**To turn on both WMI and XML recording**
-
-|Setting name |Option |
-|---------|---------|
-|Turn on Site Discovery WMI output | On |
-|Turn on Site Discovery XML output | XML file path |
-
-## Use Configuration Manager to collect your data
-After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
--OR- -- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### Collect your hardware inventory using the MOF Editor while connected to a client device
-You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
- 
-
-2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
-
-3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
-
- 
-
-4. Select the check boxes next to the following classes, and then click **OK**:
-
- - IESystemInfo
-
- - IEURLInfo
-
- - IECountInfo
-
-5. Click **OK** to close the default windows. **or** Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
-|<docMode>|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section. **or** For IPv6 ranges: Where **Important** Your sites are all cleared from your list.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
deleted file mode 100644
index 91ff0fab17..0000000000
--- a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local compatibility view list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local compatibility view list
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local compatibility view list by mistake or because they no longer have compatibility problems.
-
- **To remove sites from a local compatibility view list**
-
-1. Open Internet Explorer 11, click **Tools**, and then click **Compatibility View Settings**.
-
-2. Pick the site to remove, and then click **Remove**.
-Sites can only be removed one at a time. If one is removed by mistake, it can be added back using this same box and the **Add** section.
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
deleted file mode 100644
index 4e7e10efde..0000000000
--- a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local Enterprise Mode site list
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems.
-
-**Note**
-The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
-
-**Note**
-The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
deleted file mode 100644
index c946663dda..0000000000
--- a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Schedule approved change requests for production using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time.
-
-**To schedule an immediate change**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Now**, and then clicks **Save**.
-
- The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes.
-
-
-**To schedule the change for a different day or time**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**.
-
- The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes.
-
-
-## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index bf7e73664e..0000000000
--- a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can search to see if a specific site already appears in your global Enterprise Mode site list so you don’t try to add it again.
-
- **To search your compatibility list**
-
-- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
-The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
deleted file mode 100644
index 923d4dfe04..0000000000
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set up Enterprise Mode logging and data collection
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
-
-
-
-The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
-
-
-
-Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Using ASP to collect your data
-When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu.
-
- **To set up an endpoint server**
-
-1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
-
-2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
-This lets you create an ASP form that accepts the incoming POST messages.
-
-3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
-
- 
-
-4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
-
- 
-
-5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
-Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
-
-6. Apply these changes to your default website and close the IIS Manager.
-
-7. Put your EmIE.asp file into the root of the web server, using this command:
-
- ```
- <% @ LANGUAGE=javascript %>
- <%
- Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
- %>
- ```
-This code logs your POST fields to your IIS log file, where you can review all of the collected data.
-
-
-### IIS log file information
-This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
-
-
-
-
-## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.
-This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-**Note**
-The required packages are automatically downloaded and included in the solution.
-
- **To set up your endpoint server**
-
-1. Right-click on the name, PhoneHomeSample, and click **Publish**.
-
- 
-
-2. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
-
- **Important**
-If you’re already on the webpage, you’ll need to refresh the page to see the results.
-
- 
-
-
-### Troubleshooting publishing errors
-If you have errors while you’re publishing your project, you should try to update your packages.
-
- **To update your packages**
-
-1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
-
- 
-
-2. Click **Updates** on the left side of the tool, and click the **Update All** button.
-You may need to do some additional package cleanup to remove older package versions.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
deleted file mode 100644
index ff7107b46a..0000000000
--- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
+++ /dev/null
@@ -1,235 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: dansimp
-ms.prod: ie11
-title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Set up the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment.
-
-## Step 1 - Copy the deployment folder to the web server
-You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server.
-
-**To download the source code**
-1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server.
-
-2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
-
- > [!NOTE]
- > You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
-
-3. Open File Explorer and then open the **EMIEWebPortal/** folder.
-
-4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**.
-
-5. Type _npm i_ into the command prompt, then press **Enter**.
-
- Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
-
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
-
-7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
-
-## Step 2 - Create the Application Pool and website, by using IIS
-Create a new Application Pool and the website, by using the IIS Manager.
-
-**To create a new Application Pool**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**.
-
- The **Add Application Pool** box appears.
-
-2. In the **Add Application Pool** box, enter the following info:
-
- - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_.
-
- - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher.
-
- - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content.
-
-3. Click **OK**.
-
-4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane.
-
- The **Advanced Settings** box appears.
-
-5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box.
-
-6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_.
-
-7. Right-click on the directory, click **Properties**, and then click the **Security** tab.
-
-8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer.
-
-9. Add **Everyone** to the list with **Read & execute access**.
-
-**To create the website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**.
-
- The **Add Website** box appears.
-
-2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**.
-
- The **Select Application Pool** box appears.
-
-4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_.
-
-5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_.
-
-6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization.
-
-7. Clear the **Start Website immediately** check box, and then click **OK**.
-
-8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_.
-
- The **<website_name> Home** pane appears.
-
-9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**.
-
- > [!NOTE]
- > You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
-
-10. Return to the **<website_name> Home** pane, and double-click the **Connection Strings** icon.
-
-11. Open the **LOBMergedEntities Connection String** to edit:
-
- - **Data source.** Type the name of your local computer.
-
- - **Initial catalog.** The name of your database.
-
- > [!NOTE]
- > Step 3 of this topic provides the steps to create your database.
-
-## Step 3 - Create and prep your database
-Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
-
-**To create and prep your database**
-1. Start SQL Server Management Studio.
-
-2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine.
-
-3. Expand the instance, right-click on **Databases**, and then click **New Database**.
-
-4. Type a database name. For example, _EMIEDatabase_.
-
-5. Leave all default values for the database files, and then click **OK**.
-
-6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory.
-
-7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_.
-
-8. Run the query.
-
-## Step 4 - Map your Application Pool to a SQL Server role
-Map your ApplicationPoolIdentity to your database, adding the db_owner role.
-
-**To map your ApplicationPoolIdentity to a SQL Server role**
-1. Start SQL Server Management Studio and connect to your database.
-
-2. Expand the database instance and then open the server-level **Security** folder.
-
- > [!IMPORTANT]
- > Make sure you open the **Security** folder at the server level and not for the database.
-
-3. Right-click **Logins**, and then click **New Login**.
-
- The **Login-New** dialog box appears.
-
-4. Type the following into the **Login name** box, based on your server instance type:
-
- - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_.
-
- - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`.
-
- > [!IMPORTANT]
- > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID).
-
-5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane.
-
-6. Click **OK**.
-
-## Step 5 - Restart the Application Pool and website
-Using the IIS Manager, you must restart both your Application Pool and your website.
-
-**To restart your Application Pool and website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane.
-
-2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane.
-
-## Step 6 - Registering as an administrator
-After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
-
-**To register as an administrator**
-1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
-
-2. Click **Register now**.
-
-3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box.
-
-4. Click **Administrator** from the **Role** box, and then click **Save**.
-
-5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
-
- A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
-
-6. Select your name from the available list, and then click **Activate**.
-
-7. Go to the Enterprise Mode Site List Portal Home page and sign in.
-
-## Step 7 - Configure the SMTP server and port for email notification
-After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system.
-
-**To set up your SMTP server and port for emails**
-1. Open Visual Studio, and then open the web.config file from your deployment directory.
-
-2. Update the SMTP server and port info with your info, using this format:
-
- ```
-
-Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
-
- **To turn off local control using Group Policy**
-
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-2. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
-
-3. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
-
- **To turn off the site list using the registry**
-
-1. Open a registry editor, such as regedit.exe.
-
-2. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
-You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
-
-3. Close all and restart all instances of Internet Explorer.
-IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
-
- **To turn off local control using the registry**
-
-1. Open a registry editor, such as regedit.exe.
-
-2. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
-You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
-
-3. Close and restart all instances of IE.
-Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
-
-## Related topics
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
deleted file mode 100644
index 2cfad8e8db..0000000000
--- a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.date: 07/17/2018
----
-Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing
-centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.
-
-> [!NOTE]
-> We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
-
-**Group Policy**
-
-1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** setting. Turning this setting on also requires you to create and store a site list.
-
-
-
-2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
-
-3. Refresh your policy and then view the affected sites in Microsoft Edge. The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
-
-**Registry**
-
-All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list.
-
-1. **To turn on Enterprise Mode for all users on the PC:** Open the registry editor and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode`.
-
-2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
-
-
- - **HTTPS location:** `"SiteList"="https://localhost:8080/sites.xml"`
-
- - **Local network:** `"SiteList"="\\network\shares\sites.xml"`
-
- - **Local file:** `"SiteList"="file:///c:\\Users\\ The site shows a message in Microsoft Edge, saying that the page needs IE.
- At the same time, the page opens in IE11; in a new frame if it is not yet
- running, or in a new tab if it is.
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
deleted file mode 100644
index c8ef3d030c..0000000000
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Turn on local user control and logging for Enterprise Mode.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Turn on local control and logging for Enterprise Mode
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can turn on local control of Enterprise Mode so that your users can turn Enterprise Mode on from the **Tools** menu. Turning on this feature also adds the **Enterprise** browser profile to the **Emulation** tab of the F12 developer tools.
-
-Besides turning on this feature, you also have the option to provide a URL for Enterprise Mode logging. If you turn logging on, Internet Explorer initiates a simple POST back to the supplied address, including the URL and a specification that **EnterpriseMode** was turned on or off through the **Tools** menu.
-
- **To turn on local control of Enterprise Mode using Group Policy**
-
-1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
-
- 
-
-2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
-
- **To turn on local control of Enterprise Mode using the registry**
-
-1. Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
-
-2. In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
-
-3. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
-
- 
-
-Your **Value data** location can be any of the following types:
-
-- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu. **Important** This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-
-## Related topics
-
-
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md
deleted file mode 100644
index c6f3e6048e..0000000000
--- a/browsers/enterprise-mode/using-enterprise-mode.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using IE7 Enterprise Mode or IE8 Enterprise Mode
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode gives you a way for your legacy websites and apps to run using emulated versions of Windows Internet Explorer 7 or Windows Internet Explorer 8, while your new sites and apps run using Internet Explorer 11, including modern standards and features.
-
-Although it’s called IE7 Enterprise Mode, it actually turns on Enterprise Mode along with Internet Explorer 7 or Microsoft Internet Explorer 5 Compatibility View. Compatibility View chooses which document mode to use based on whether there’s a `DOCTYPE` tag in your code:
-
-- **DOCTYPE tag found.** Webpages render using the Internet Explorer 7 document mode.
-- **No DOCTYPE tag found.** Webpages render using the Internet Explorer 5 document mode.
-
-**Important** For example, `C:\users\ **Important** **Important** **Important** **Important**
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
deleted file mode 100644
index 18c0b63cac..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ /dev/null
@@ -1,121 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: dansimp
-ms.prod: ie11
-ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/24/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
-
-To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-
-You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
->**Important:** **Important** **Important**
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
deleted file mode 100644
index 8c5e4b4426..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. **Important** Note Note
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool.
-
-4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
-
-The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
-Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. Click **Save** to validate your website and to add it to the site list for your enterprise.
- If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
- You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
deleted file mode 100644
index 10f60620a8..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. **Important** Note
-**Note**
- Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
- Administrators can only see comments while they’re in this tool.
-
-4. In the **Compat Mode** box, choose one of the following:
-
- - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode.
-
- - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode.
-
- - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode.
-
- - **Default Mode**. Loads the site using the default compatibility mode for the page.
-
- The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
- Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
-
- - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode.
-
- - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
-
- - **None**. Opens in whatever browser the employee chooses.
-
-6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior.
-
-7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](./enterprise-mode-schema-version-2-guidance.md#updated-schema-attributes).
-
-8. Click **Save** to validate your website and to add it to the site list for your enterprise.
- If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
- You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
deleted file mode 100644
index 4de574cbe2..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Administrative templates and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Administrative templates and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
-
-- What registry locations correspond to each setting.
-
-- What value options or restrictions are associated with each setting.
-
-- The default value for many settings.
-
-- Text explanations about each setting and the supported version of Internet Explorer.
-
-For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](/previous-versions/windows/it-pro/windows-vista/cc709647(v=ws.10)).
-
-## What are Administrative Templates?
-Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
-
-- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
-
-- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
-
-## How do I store Administrative Templates?
-As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
- Important Note **Note** **Note** **Important** **Important** Important **Important** **Note** **Note** **-OR-** Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file. **Note** **Note** **Important** **Note** **Note** 250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB
-
->**Important**
--OR-
-- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
-You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
-
->**Important** 0 – Restricted Sites zone **Example 1:** Include only the Local Intranet zone Binary representation: *00010*, based on: 0 – Restricted Sites zone **Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones Binary representation: *10110*, based on: 1 – Restricted Sites zone microsoft.sharepoint.com
--OR-
-- Collect your hardware inventory using the MOF Editor with a .MOF import file.
--OR-
-- Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-
-### Collect your hardware inventory using the MOF Editor while connected to a client device
-You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
- 
-
-2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
-
-3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
-
- 
-
-4. Select the check boxes next to the following classes, and then click **OK**:
-
- - IESystemInfo
-
- - IEURLInfo
-
- - IECountInfo
-
-5. Click **OK** to close the default windows.
-**Important** **Note** **or** Where `https://fabrikam.com` doesn't use IE8 Enterprise Mode, but `https://fabrikam.com/products` does.|Internet Explorer 11 and Microsoft Edge|
-|docMode|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section. Where `https://fabrikam.com` opens in the IE11 browser, but `https://fabrikam.com/products` loads in the current browser (eg. Microsoft Edge)|Internet Explorer 11 and Microsoft Edge|
-|forceCompatView|Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false. Where `https://fabrikam.com` does not use Enterprise Mode, but `https://fabrikam.com/products` uses IE7 Enterprise Mode.|Internet Explorer 11|
-
-### Using Enterprise Mode and document mode together
-If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain.
-
-For example, say you want all of the sites in the contoso.com domain to open using IE8 Enterprise Mode, except test.contoso.com, which needs to open in document mode 11. Because Enterprise Mode takes precedence over document mode, if you want test.contoso.com to open using document mode, you'll need to explicitly add it as an exclusion to the <emie> parent node.
-
-```xml
- **or** For IPv6 ranges: Where **Important** After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
-
-8. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-9. Expand *ComputerName*, and then click **Synchronizations**.
-
-10. Click **Synchronize Now**.
-
-11. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
-
-12. Choose **Unapproved** in the **Approval** drop down box.
-
-13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
-
- > [!NOTE]
- > There may be multiple updates, depending on the imported language and operating system updates.
-
-**Optional**
-
-If you need to reset your Update Rollups packages to auto-approve, do this:
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves updates of different classifications, and then click **Edit**.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
-6. Check the **Update Rollups** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-
-> [!NOTE]
-> Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server won’t cause this update to be auto-approved.
-
-
-## Additional resources
-
-- [Automatic delivery process](what-is-the-internet-explorer-11-blocker-toolkit.md#automatic-delivery-process)
-
-- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-
-- [Internet Explorer 11 FAQ for IT pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-
-- [Internet Explorer 11 delivery through automatic updates]()
-
-- [Internet Explorer 11 deployment guide](./index.md)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/affectedsoftware.png b/browsers/internet-explorer/ie11-deploy-guide/images/affectedsoftware.png
deleted file mode 100644
index df63b88432..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/affectedsoftware.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/bulkadd-emiesitelistmgr.png b/browsers/internet-explorer/ie11-deploy-guide/images/bulkadd-emiesitelistmgr.png
deleted file mode 100644
index 040df5bb07..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/bulkadd-emiesitelistmgr.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/configmgractivexreport.png b/browsers/internet-explorer/ie11-deploy-guide/images/configmgractivexreport.png
deleted file mode 100644
index a782b6657c..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/configmgractivexreport.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png b/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png
deleted file mode 100644
index 7626296e87..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-lg.png b/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-lg.png
deleted file mode 100644
index 07a182461b..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-lg.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-sm.png b/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-sm.png
deleted file mode 100644
index c887d9c193..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-decisions-sm.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-f12.png b/browsers/internet-explorer/ie11-deploy-guide/images/docmode-f12.png
deleted file mode 100644
index 28adf37af6..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/docmode-f12.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/emie-listmgr.png b/browsers/internet-explorer/ie11-deploy-guide/images/emie-listmgr.png
deleted file mode 100644
index f3a1773a45..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/emie-listmgr.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/emie-sitelistmgr.png b/browsers/internet-explorer/ie11-deploy-guide/images/emie-sitelistmgr.png
deleted file mode 100644
index ccd5c9cd4b..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/emie-sitelistmgr.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editbindings.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editbindings.png
deleted file mode 100644
index 3d22ce267e..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editbindings.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editpolicy.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editpolicy.png
deleted file mode 100644
index f2b011d717..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editpolicy.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editregistrystring.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editregistrystring.png
deleted file mode 100644
index dc365fc8ad..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-editregistrystring.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicy.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicy.png
deleted file mode 100644
index 115e7d8a05..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicy.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png
deleted file mode 100644
index 14079ffd7c..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logfile.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logfile.png
deleted file mode 100644
index b58e2a21b8..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logfile.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logging.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logging.png
deleted file mode 100644
index becf942ecd..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-logging.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-packageupdate.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-packageupdate.png
deleted file mode 100644
index 66480b5f6c..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-packageupdate.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishsolution.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishsolution.png
deleted file mode 100644
index a3daa4e483..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishsolution.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishweb.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishweb.png
deleted file mode 100644
index eaf44305e2..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-publishweb.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png
deleted file mode 100644
index 3c32b1af1a..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-reportwdetails.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-reportwdetails.png
deleted file mode 100644
index 7209452cf3..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-reportwdetails.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-toolsmenu.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-toolsmenu.png
deleted file mode 100644
index 66e8ecf082..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-toolsmenu.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie-site-discovery-sample-report.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie-site-discovery-sample-report.png
deleted file mode 100644
index c53b4d160e..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie-site-discovery-sample-report.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ie11-inventory-addclassconnectscreen.png b/browsers/internet-explorer/ie11-deploy-guide/images/ie11-inventory-addclassconnectscreen.png
deleted file mode 100644
index 629267fb62..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ie11-inventory-addclassconnectscreen.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontroloutsideofie.png b/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontroloutsideofie.png
deleted file mode 100644
index 8c1d246aaf..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontroloutsideofie.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontrolwarning.png b/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontrolwarning.png
deleted file mode 100644
index 4a6ea00e6f..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/ieoutdatedcontrolwarning.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/img-enterprise-mode-site-list-xml.jpg b/browsers/internet-explorer/ie11-deploy-guide/images/img-enterprise-mode-site-list-xml.jpg
deleted file mode 100644
index 0bcfd3b650..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/img-enterprise-mode-site-list-xml.jpg and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/img-f12-developer-tools-emulation.jpg b/browsers/internet-explorer/ie11-deploy-guide/images/img-f12-developer-tools-emulation.jpg
deleted file mode 100644
index 48ed75b701..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/img-f12-developer-tools-emulation.jpg and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/outdatedcontrolwarning.png b/browsers/internet-explorer/ie11-deploy-guide/images/outdatedcontrolwarning.png
deleted file mode 100644
index 87e49b5093..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/outdatedcontrolwarning.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/securitybulletin-filter.png b/browsers/internet-explorer/ie11-deploy-guide/images/securitybulletin-filter.png
deleted file mode 100644
index 73d11e3644..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/securitybulletin-filter.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/setdefaultbrowsergp.png b/browsers/internet-explorer/ie11-deploy-guide/images/setdefaultbrowsergp.png
deleted file mode 100644
index 2a52b20e23..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/setdefaultbrowsergp.png and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/wedge.gif b/browsers/internet-explorer/ie11-deploy-guide/images/wedge.gif
deleted file mode 100644
index aa3490aee9..0000000000
Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/wedge.gif and /dev/null differ
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
deleted file mode 100644
index 83c7c6b9b8..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-description: A full-sized view of how document modes are chosen in IE11.
-title: Full-sized flowchart detailing how document modes are chosen in IE11
-author: dansimp
-ms.date: 04/19/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-ms.prod: ie11
----
-
-# Full-sized flowchart detailing how document modes are chosen in IE11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
-
-:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png":::
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index f585e3210d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Import your Enterprise Mode site list to the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-
-**Important**
-Importing your file overwrites everything that’s currently in the tool, so make sure it’s what you really mean to do.
-
- **To import your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Import**.
-
-2. Go to your exported .EMIE file (for example, `C:\users\ This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices. Note Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy preferences, Administrative Templates (.admx), or the IEAK 11. Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the Security settings or Group Policy Preferences within the Internet Zone settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user. |
-|[Missing the Compatibility View Button](missing-the-compatibility-view-button.md) |Compatibility View was introduced in Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the IE web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior. Thanks to these changes, using IE11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the Compatibility View button and reducing the number of compatibility options in the F12 developer tools for developers. |
-|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List. The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](/mem/configmgr/mdt/).
-
-
-## IE11 naming conventions
-IE11 offers differing experiences in Windows 8.1:
-
-|Name |Description |
-|-----|------------|
-|Internet Explorer or IE |The immersive browser, or IE, without a specific version. |
-|Internet Explorer for the desktop |The desktop browser. This is the only experience available when running IE11 on Windows 7 SP1 |
-|Internet Explorer 11 or IE11 |The whole browser, which includes both IE and Internet Explorer for the desktop. |
-
-## Related topics
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
deleted file mode 100644
index 47a4d07569..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
-author: dansimp
-ms.prod: ie11
-ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install and Deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install and Deploy Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1 Update
-- Windows 7 with Service Pack 1 (SP1)
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps.
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Customize Internet Explorer 11 installation packages](customize-ie11-install-packages.md) |Guidance about how to use .INF files or the IE Administration Kit 11 (IEAK 11) to create custom packages and about how to create those packages for multiple operating systems. |
-|[Choose how to install Internet Explorer 11 (IE11)](choose-how-to-install-ie11.md) |Guidance for the different ways you can install IE, including using System Center 2012 R2 Configuration Manager, Windows Server Update Services (WSUS), Microsoft Intune, your network, the operating system deployment system, or third-party tools. |
-|[Choose how to deploy Internet Explorer 11 (IE11)](choose-how-to-deploy-ie11.md) |Guidance about how to deploy your custom version of IE using Automatic Version Synchronization (AVS) or using your software distribution tools. |
-|[Virtualization and compatibility with Internet Explorer 11](virtualization-and-compatibility-with-ie11.md) |Info about the Microsoft-supported options for virtualizing web apps. |
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
deleted file mode 100644
index 0ec2a15346..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
-author: dansimp
-ms.prod: ie11
-ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using Microsoft Intune
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](/mem/intune/).
-
-## Adding and deploying the IE11 package
-You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune.
-
- **To add the IE11 package**
-
-1. From the Microsoft Intune administrator console, start the Microsoft Intune Software Publisher.
-
-2. Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi).
-
-For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](/mem/intune/).
-
- **To automatically deploy and install the IE11 package**
-
-1. From the Microsoft Intune administrator console, start and run through the Deploy Software wizard.
-
-2. Deploy the package to any of your employee computers that are managed by Microsoft Intune.
-
-3. After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard.
-
-For more info about this, see [Deploy and configure apps](/mem/intune/).
-
- **To let your employees install the IE11 package**
-
-1. Install the package on your company's Microsoft Intune site, marking it as **Available** for the appropriate groups.
-
-2. Any employee in the assigned group can now install the package.
-
-For more info about this, see [Update apps using Microsoft Intune](/mem/intune/apps/apps-windows-10-app-deploy)
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
deleted file mode 100644
index 469b700481..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-You can install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images.
-
-You'll need to extract the .cab file for each supported operating system and platform combination and the .msu file for each prerequisite update. Download the IE11 update and prerequisites here:
-
-- [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=279697)
-
-- [Microsoft Update Catalog](https://go.microsoft.com/fwlink/p/?LinkId=214287)
-
-After you install the .msu file updates, you'll need to add them to your MDT deployment. You'll also need to extract the IE11 .cab update file from the IE11 installation package, using the `/x` command-line option. For example, `IE11-Windows6.1-x64-en-us.exe /x:c:\ie11cab`.
-
-## Installing IE11 using Microsoft Deployment Toolkit (MDT)
-
-MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/).
-
- **To add IE11 to a MDT deployment share**
-
-1. Right-click **Packages** from each **Deployment Shares** location, and then click **Import OS Packages**.
-
-2. Go to the **Specify Directory** page, search for your folder with your update files (.cab and .msu) for import, and click **Next**.
-
-3. Go to the **Summary** page and click **Next**.
-MDT starts importing your update files. **Note**
- The wizard automatically puts your custom installation files in your `\ **Important**
- Where `
-If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](https://go.microsoft.com/fwlink/p/?LinkId=302316).
-
-4. Restart your computer, making sure all of your the updates are finished.
-
-5. Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
deleted file mode 100644
index 803fc7fb83..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to fix intranet search problems with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Fix intranet search problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Fix intranet search problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After upgrading to Internet Explorer 11, you might experience search issues while using your intranet site.
-
-## Why is my intranet redirecting me to search results?
-IE11 works differently with search, based on whether your organization is domain-joined.
-
-- **Domain-joined computers.** A single word entry is treated as a search term. However, IE11 also checks for available intranet sites and offers matches through the **Notification bar**. If you select **Yes** from the **Notification bar** to navigate to the intranet site, IE11 associates that word with the site so that the next time you type in the intranet site name, inline auto-complete will resolve to the intranet site address.
-
-- **Non-domain-joined computers.** A single word entry is treated as an intranet site. However, if the term doesn't resolve to a site, IE11 then treats the entry as a search term and opens your default search provider.
-
-To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like `contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
-
- **To enable single-word intranet search**
-
-1. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
-
-2. Click **Advanced**, check the **Go to an intranet site for a single word entry in the Address bar** box, and then click **OK**.
-
-If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `https://contoso`.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
deleted file mode 100644
index 58a2d5298b..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Manage Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Manage Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. |
-|[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
-|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
deleted file mode 100644
index e3e56157b3..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Missing Internet Explorer Maintenance settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Missing Internet Explorer Maintenance settings for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy Preferences, Administrative Templates (.admx), and the IE Administration Kit 11 (IEAK 11).
-
-Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy Preferences, Administrative Templates (.admx), or IE Administration Kit 11 (IEAK 11).
-
-Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the **Security** settings or Group Policy Preferences within the **Internet Zone** settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user.
-
-For more information about all of the new options and Group Policy, see:
-
-- [Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md)
-
-- [Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md)
-
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-
-- [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876)
-
-- [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10))
-
-- [Enable and Disable Settings in a Preference Item](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754299(v=ws.11))
-
-## IEM replacements
-The IEM settings have replacements you can use in either Group Policy Preferences or IEAK 11.
-
-### Browser user interface replacements
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Browser title |Lets you customize the text that shows up in the title bar of the browser.|On the **Browser User Interface** page of IEAK 11, click **Customize Title Bars**, and then type the text that appears on the title bar of the **Title Bar Text** box. Your text is appended to the text," Microsoft Internet Explorer provided by". |
-|Browser toolbar customizations (background and buttons) |Lets you customize the buttons on the browser toolbar. -OR- On the **Connection Settings** page of IEAK 11, change your connection settings, including importing your current connection settings and deleting existing dial-up connection settings (as needed). |
-|Automatic browser configuration |Lets you update your employee's computer after you've deployed IE11, by specifying a URL to an .ins file, an auto-proxy URL, or both. You can decide when the update occurs, in minutes. Typing zero, or not putting in any number, means that automatic configuration only happens after the browser is started and used to go to a page. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Automatic Configuration** tab, and then add your URL. On the **Automatic Configuration** page of IEAK 11, modify the configuration settings, including providing the URL to an .ins file or an auto-proxy site. |
-|Proxy settings |Lets you specify your proxy servers. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Connections** tab, click **LAN Settings**, and then choose whether to turn on automatic detection of your configuration settings and if you want to use proxy servers. -OR- On the **Proxy Settings** page of IEAK 11, turn on your proxy settings, adding your proxy server addresses and exceptions. |
-|User Agent string |Lets the browser provide identification to visited servers. This string is often used to keep Internet traffic statistics. |This setting isn't available anymore. |
-
-### URLs replacements
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Favorites and links |Lets you use custom URLs for the **Favorites** and **Links** folders. You can also specify the folder order, disable IE Suggested Sites, and import an existing folder structure. |On the **Favorites, Favorites Bar and Feeds** page of IEAK 11, add your custom URLs to the **Favorites**, **Favorites Bar**, or **RSS Feeds** folders, or create new folders. You can also edit, test, or remove your URLs, sort the list order, or disable IE Suggested Sites. |
-|Important URLs |Lets you add custom **Home** pages that can open different tabs. You can also add a **Support** page that shows up when an employee clicks online Help.|In the **Internet Settings Group Policy Preferences** dialog box, click the **General** tab, and add your custom **Home** page. On the **Important URLs - Home page and Support** page of IEAK 11, add the custom URLs to your **Home** and **Support** pages. You can also click to retain the previous home page information when the user upgrades to a newer version of IE. |
-
-### Security Zones and Content Ratings
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Security zones |Lets you change your security settings, by zone |In the **Internet Settings Group Policy Preferences** dialog box, click the **Security** tab, and update your security settings, based on zone. -OR- On the **Security and Privacy Settings** page of IEAK 11, choose your **Security Zones and Privacy** setting, changing it, as necessary. |
-|Content ratings |Lets you change your content ratings so your employees can't view sites with risky content. |On the **Security and Privacy Settings** page of IEAK 11, choose your **Content Ratings** setting, changing it, as necessary. |
-|Authenticode settings |Lets you pick your trustworthy software publishers and stop your employees from adding new, untrusted publishers while browsing. |These settings aren't available anymore. |
-
-### Programs
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Programs |Lets you import your default program settings, which specify the programs Windows uses for each Internet service. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Programs** tab, and choose how to open IE11 links. -OR- On the **Programs** page of IEAK 11, choose whether to customize or import your program settings. |
-
-#### Advanced IEM settings
-The Advanced IEM settings, including Corporate and Internet settings, were also deprecated. However, they also have replacements you can use in either Group Policy Preferences or IEAK 11.
-
-**Note** -OR- On the Additional Settings page of IEAK 11, expand Internet Settings, and then customize your default values in the Internet Options dialog box. |
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
deleted file mode 100644
index a002fae480..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Missing the Compatibility View Button (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Missing the Compatibility View Button
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Compatibility View was introduced in Windows Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the Internet Explorer web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior.
-
-Thanks to these changes, using Internet Explorer 11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-
-## What happened to the Compatibility View button?
-In previous versions of IE, the **Compatibility View** button would attempt to fix a broken standards-based website, by getting the page to appear like it did in Internet Explorer 7. Today however, more standards-based websites are broken by attempting to appear like they did in Internet Explorer 7. So instead of implementing and using Compatibility View, developers are updating their server configuration to add X-UA-Compatible meta tags, which forces the content to the “edge”, making the **Compatibility View** button disappear. In support of these changes, the Compatibility View button has been completely removed for IE11.
-
-## What if I still need Compatibility View?
-There might be extenuating circumstances in your company, which require you to continue to use Compatibility View. In this situation, this process should be viewed strictly as a workaround. You should work with the website vendor to make sure that the affected pages are updated to match the latest web standards. The functionality described here is currently deprecated and will be removed at a time in the future.
-
-**Important**
-Compatibility View is turned on for this single website, for this specific computer.
-
-3. Decide if you want your intranet sites displayed using Compatibility View, decide whether to use Microsoft compatibility lists, and then click **Close**.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
deleted file mode 100644
index 6c68a1ec01..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: How to turn managed browser hosting controls back on in Internet Explorer 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: .NET Framework problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# .NET Framework problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-## Summary
-
-If you’re having problems launching your legacy apps while running Internet Explorer 11, it’s most likely because Internet Explorer no longer starts apps that use managed browser hosting controls, like in .NET Framework 1.1 and 2.0.
-
- **To turn managed browser hosting controls back on**
-
-1. **For x86 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
-2. **For 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
-## More information
-
-IEHost is a Microsoft .NET Framework 1.1-based technology that provides a better model than ActiveX controls to host controls within the browser. The IEHost controls are lightweight and are operated under the .NET security model where they are operated inside a sandbox.
-
-From the .NET Framework 4, we remove the IEHost.dll file for the following reasons:
-
-- IEHost/HREF-EXE-style controls are exposed to the Internet. This poses a high security risk, and most customers who install the Framework are benefiting very little from this security risk.
-- Managed hosting controls and invoking random ActiveX controls may be unsafe, and this risk cannot be countered in the .NET Framework. Therefore, the ability to host is disabled. We strongly suggest that IEHost should be disabled in any production environment.
-- Potential security vulnerabilities and assembly versioning conflicts in the default application domain. By relying on COM Interop wrappers to load your assembly, it is implicitly loaded in the default application domain. If other browser extensions do the same function, they have the risks in the default application domain such as disclosing information, and so on. If you are not using strong-named assemblies as dependencies, type loading exceptions can occur. You cannot freely configure the common language runtime (CLR), because you do not own the host process, and you cannot run any code before your extension is loaded.
-
-For more information about .NET Framework application compatibility, see [Application compatibility in the .NET Framework](/dotnet/framework/migration-guide/application-compatibility).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
deleted file mode 100644
index 1dd3438086..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: New group policy settings for Internet Explorer 11
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: New group policy settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# New group policy settings for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
-
-
-| Policy | Category Path | Supported on | Explanation |
-|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Allow IE to use the HTTP2 network protocol | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization. If you enable this policy setting, IE uses the HTTP2 network protocol. If you disable this policy setting, IE won't use the HTTP2 network protocol. If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on. |
-| Allow IE to use the SPDY/3 network protocol | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization. If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol. If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol. If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced\* tab of the \*\*Internet Options** dialog box. The default is on. **Note** If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm. If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm. If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
-| Allow only approved domains to use the TDC ActiveX control | If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone. If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
-| Allow SSL3 Fallback | Administrative Templates\Windows Components\Internet Explorer\Security Features | Internet Explorer 11 on Windows 10 | This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled. If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols. If you disable or don’t configure this setting, Internet Explorer uses the default system protocols. **Important:** If you enable this policy setting (default), you must also pick one of the following options from the Options box: If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone. |
-| Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header. If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user. **In Internet Explorer 9 and 10:** **In at least IE11:** If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
-| Don't run antimalware programs against ActiveX controls If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
-| Don't run antimalware programs against ActiveX controls If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
-| Hide Internet Explorer 11 Application Retirement Notification | Administrative Templates\Windows Components\Internet Explorer | Internet Explorer 11 on Windows 10 20H2 & newer | This policy setting allows you to prevent the notification bar that informs users of Internet Explorer 11’s retirement from showing up. If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden. If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears. If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
-| Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu. If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports. If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
-| Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit. If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains. **Note:** If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones. To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order: **Note:** **In IE11:** If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**. If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**. If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
-| Send all sites not included in the Enterprise Mode Site List to Microsoft Edge | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1607 | This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge. If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list. If you disable or don't configure this policy setting, all sites will open based on the currently active browser. **Note:** If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode. If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. |
-| Turn off automatic download of the ActiveX VersionList | Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management | At least Windows Internet Explorer 8 | This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading. If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file. If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file. **Important:** If you enable this policy setting, IE doesn't load any websites or content in the background. If you disable this policy setting, IE preemptively loads websites and content in the background. If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
-| Turn off phone number detection | Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing | IE11 on Windows 10 | This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system. If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting. If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting. If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
-| Turn off sending URL path as UTF-8 | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding | At least Windows Internet Explorer 7 | This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language. If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting. If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting. If you don't configure this policy setting, users can turn this behavior on or off. |
-| Turn off sending UTF-8 query strings for URLs | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers. If you enable this policy setting, you must specify when to use UTF-8 to encode query strings: If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
-| Turn off the ability to launch report site problems using a menu option | Administrative Templates\Windows Components\Internet Explorer\Browser menus | Internet Explorer 11 | This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu. If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
-| Turn off the flip ahead with page prediction feature | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 on Windows 8 | This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background. If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background. If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm. **Note** If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default. **Important** If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as Microsoft Configuration Manager. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class. **Note:** If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location. If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file. **Note:** If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering. If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |
-
-## Removed Group Policy settings
-IE11 no longer supports these Group Policy settings:
-
-- Turn on Internet Explorer 7 Standards Mode
-
-- Turn off Compatibility View button
-
-- Turn off Quick Tabs functionality
-
-- Turn off the quick pick menu
-
-- Use large icons for command buttons
-
-## Viewing your policy settings
-After you've finished updating and deploying your Group Policy, you can use the Resultant Set of Policy (RSoP) snap-in to view your settings.
-
-**To use the RSoP snap-in**
-
-1. Open and run the Resultant Set of Policy (RSoP) wizard, specifying the information you want to see.
-
-2. Open your wizard results in the Group Policy Management Console (GPMC).
-For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](/previous-versions/windows/it-pro/windows-server-2003/cc736424(v=ws.10))
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
deleted file mode 100644
index 4eed39657f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ /dev/null
@@ -1,211 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Out-of-date ActiveX control blocking (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-
-# Out-of-date ActiveX control blocking
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-- Windows Vista SP2
-
-ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a new security feature, called *out-of-date ActiveX control blocking*.
-
-Out-of-date ActiveX control blocking lets you:
-
-- Know when IE prevents a webpage from loading common, but outdated ActiveX controls.
-
-- Interact with other parts of the webpage that aren’t affected by the outdated control.
-
-- Update the outdated control, so that it’s up-to-date and safer to use.
-
-The out-of-date ActiveX control blocking feature works with all [Security Zones](https://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
-
-It also works with these operating system and IE combinations:
-
-|Windows operating system |IE version |
-|----------------------------------------|---------------------------------|
-|Windows 10 |All supported versions of IE.
-IE opens the ActiveX control’s website.
-
-2. Download the latest version of the control.
-
-**Security Note:**
-IE opens the app’s website.
-
-2. Download the latest version of the app.
-
-**Security Note:** If you enable this setting, IE logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file. If you disable or don't configure this setting, IE won't log ActiveX control information. Note that you can turn this setting on or off regardless of the **Turn off blocking of outdated ActiveX controls for IE** or **Turn off blocking of outdated ActiveX controls for IE on specific domains** settings. |
-|Remove the **Run this time** button for outdated ActiveX controls in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`|Internet Explorer 8 through IE11 |This setting allows you stop users from seeing the **Run this time** button and from running specific outdated ActiveX controls in IE. If you enable this setting, users won't see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. If you disable or don't configure this setting, users will see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. |
-|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following: If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. |
-|Turn off blocking of outdated ActiveX controls for IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this setting, IE stops blocking outdated ActiveX controls. If you disable or don't configure this setting, IE continues to block specific outdated ActiveX controls. |
-|Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |This functionality is only available through the registry |Internet Explorer 8 through IE11 |This setting determines whether the out-of-date ActiveX control blocking notification shows the **Update** button. This button points users to update specific out-of-date ActiveX controls in IE. |
-
-
-If you don't want to use Group Policy, you can also turn these settings on or off using the registry. You can update the registry manually.
-
-|Setting |Registry setting |
-|-------------------------|----------------------------------------------------------------|
-|Turn on ActiveX control logging in IE |`reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v AuditModeEnabled /t REG_DWORD /d 1 /f` Where: Where: Where: Where: Where: **Note**
- If the browser doesn't crash, open Internet Explorer for the desktop, click the **Tools** menu, and click **Manage Add-ons**.
-
-3. Click **Toolbars and Extensions**, click each toolbar or extension, clicking **Disable** to turn off all of the browser extensions and toolbars.
-
-4. Restart IE11. Go back to the **Manage Add-Ons** window and turn on each item, one-by-one.
- After you turn each item back on, see if IE crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to crash. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.
-
- **To check for Software Rendering mode**
-
-5. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
-
-6. On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
- If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
-
-## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
-IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Microsoft Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 4c973ffad6..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can clear all of the sites from your global Enterprise Mode site list.
-
-**Important**
-This is a permanent removal and erases everything. However, if you determine it was a mistake, and you saved an XML copy of your list, you can add the file again by following the steps in the [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md), depending on your operating system.
-
- **To clear your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Clear list**.
-
-2. Click **Yes** in the warning message. Your sites are all cleared from your list.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
deleted file mode 100644
index 4a0eace5e7..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local compatibility view list.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local compatibility view list
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local compatibility view list by mistake or because they no longer have compatibility problems.
-
- **To remove sites from a local compatibility view list**
-
-1. Open Internet Explorer 11, click **Tools**, and then click **Compatibility View Settings**.
-
-2. Pick the site to remove, and then click **Remove**.
-Sites can only be removed one at a time. If one is removed by mistake, it can be added back using this same box and the **Add** section.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
deleted file mode 100644
index d6bb2e98eb..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Remove sites from a local Enterprise Mode site list
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems.
-
-> [!NOTE]
-> The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
-
-**To remove single sites from a local Enterprise Mode site list**
-
-1. Open Internet Explorer 11 and go to the site you want to remove.
-
-2. Click **Tools**, and then click **Enterprise Mode**.
-
- The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
-
- > [!NOTE]
- > If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
-
-**To remove all sites from a local Enterprise Mode site list**
-
-1. Open Internet Explorer 11, click **Tools**, and then click **Internet options**.
-
-2. Click the **Delete** button from the **Browsing history** area.
-
-3. Click the box next to **Cookies and website data**, and then click **Delete**.
-
- > [!NOTE]
- > This removes all of the sites from a local Enterprise Mode site list.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
deleted file mode 100644
index 4b385be382..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: How to use Site List Manager to review neutral sites for IE mode
-author: dansimp
-ms.prod: windows-client
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
-ms.sitesec: library
-ms.date: 04/02/2020
----
-
-# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8
-- Windows Server 2012 R2
-- Microsoft Edge version 77 or later
-
-> [!NOTE]
-> This feature is available on the Enterprise Mode Site List Manager version 11.0.
-
-## Overview
-
-While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users.
-
-The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion.
-
-## Flag neutral sites
-
-To identify neutral sites to review:
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**.
-2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge.
-3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again.
-
-## Related topics
-
-- [About IE Mode](/deployedge/edge-ie-mode)
-- [Configure neutral sites](/deployedge/edge-ie-mode-sitelist#configure-neutral-sites)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 7b80dd178d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Save your site list to XML in the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-
- **To save your list as XML**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Save to XML**.
-
-2. Save the file to the location you specified in your Enterprise Mode registry key, set up when you turned on Enterprise Mode for use in your company. For information about the Enterprise Mode registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
deleted file mode 100644
index 52343886ce..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: windows-client
-title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itprom
-manager: dansimp
-ms.author: dansimp
----
-
-# Schedule approved change requests for production using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time.
-
-**To schedule an immediate change**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Now**, and then clicks **Save**.
-
- The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes.
-
-
-**To schedule the change for a different day or time**
-1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
-
-2. The Requester clicks the **Approved** status for the change request.
-
- The **Schedule changes** page appears.
-
-3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**.
-
- The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes.
-
-
-## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index f96a952626..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can search to see if a specific site already appears in your global Enterprise Mode site list so you don’t try to add it again.
-
- **To search your compatibility list**
-
-- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
- The search query searches all of the text. For example, entering *“micro”* will return results like, `www.microsoft.com`, `microsoft.com`, and `microsoft.com/images`. Wildcard characters aren’t supported.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
deleted file mode 100644
index 6ea7312b42..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Set the default browser using Group Policy (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set the default browser using Group Policy
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can use the Group Policy setting, **Set a default associations configuration file**, to set the default browser for your company devices running Windows 10.
-
- **To set the default browser as Internet Explorer 11**
-
-1. Open your Group Policy editor and go to the **Computer Configuration\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.
-Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
-
- 
-
-2. Click **Enabled**, and then in the **Options** area, type the location to your default associations configuration file.
-If this setting is turned on and your employee's device is domain-joined, this file is processed and default associations are applied at logon. If this setting isn't configured or is turned off, or if your employee's device isn't domain-joined, no default associations are applied at logon.
-
-Your employees can change this setting by changing the Internet Explorer default value from the **Set Default Programs** area of the Control Panel.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
deleted file mode 100644
index b42426f1d7..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set up Enterprise Mode logging and data collection
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
-
-
-
-The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
-
-
-
-Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Using ASP to collect your data
-When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu.
-
- **To set up an endpoint server**
-
-1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](/iis/install/installing-iis-7/installing-necessary-iis-components-on-windows-vista).
-
-2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
- This lets you create an ASP form that accepts the incoming POST messages.
-
-3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
-
- 
-
-4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
-
- 
-
-5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
- Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
-
-6. Apply these changes to your default website and close the IIS Manager.
-
-7. Put your EmIE.asp file into the root of the web server, using this command:
-
- ```
- <% @ LANGUAGE=javascript %>
- <%
- Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
- %>
- ```
- This code logs your POST fields to your IIS log file, where you can review all of the collected data.
-
-
-### IIS log file information
-This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
-
-
-
-
-## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.
-This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-**Note**
- The required packages are automatically downloaded and included in the solution.
-
- **To set up your endpoint server**
-
-5. Right-click on the name, PhoneHomeSample, and click **Publish**.
-
- 
-
-6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
-
- **Important**
-If you’re already on the webpage, you’ll need to refresh the page to see the results.
-
- 
-
-
-### Troubleshooting publishing errors
-If you have errors while you’re publishing your project, you should try to update your packages.
-
- **To update your packages**
-
-1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
-
- 
-
-2. Click **Updates** on the left side of the tool, and click the **Update All** button.
-You may need to do some additional package cleanup to remove older package versions.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
deleted file mode 100644
index c022c08569..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ /dev/null
@@ -1,231 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: dansimp
-ms.prod: ie11
-title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Set up the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment.
-
-## Step 1 - Copy the deployment folder to the web server
-You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server.
-
-**To download the source code**
-1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server.
-
-2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
-
- > [!NOTE]
- > You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
-
-3. Open File Explorer and then open the **EMIEWebPortal/** folder.
-
-4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**.
-
-5. Type _npm i_ into the command prompt, then press **Enter**.
-
- Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
-
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution.
-
- > [!NOTE]
- > Step 3 of this topic provides the steps to create your database.
-
-7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
-
-## Step 2 - Create the Application Pool and website, by using IIS
-Create a new Application Pool and the website, by using the IIS Manager.
-
-**To create a new Application Pool**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**.
-
- The **Add Application Pool** box appears.
-
-2. In the **Add Application Pool** box, enter the following info:
-
- - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_.
-
- - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher.
-
- - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content.
-
-3. Click **OK**.
-
-4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane.
-
- The **Advanced Settings** box appears.
-
-5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box.
-
-6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_.
-
-7. Right-click on the directory, click **Properties**, and then click the **Security** tab.
-
-8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer.
-
-9. Add **Everyone** to the list with **Read & execute access**.
-
-**To create the website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**.
-
- The **Add Website** box appears.
-
-2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**.
-
- The **Select Application Pool** box appears.
-
-4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_.
-
-5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_.
-
-6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization.
-
-7. Clear the **Start Website immediately** check box, and then click **OK**.
-
-8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_.
-
- The **<website_name> Home** pane appears.
-
-9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**.
-
- > [!NOTE]
- > You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
-
-## Step 3 - Create and prep your database
-Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
-
-**To create and prep your database**
-1. Start SQL Server Management Studio.
-
-2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine.
-
-3. Expand the instance, right-click on **Databases**, and then click **New Database**.
-
-4. Type a database name. For example, _EMIEDatabase_.
-
-5. Leave all default values for the database files, and then click **OK**.
-
-6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory.
-
-7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_.
-
-8. Run the query.
-
-## Step 4 - Map your Application Pool to a SQL Server role
-Map your ApplicationPoolIdentity to your database, adding the db_owner role.
-
-**To map your ApplicationPoolIdentity to a SQL Server role**
-1. Start SQL Server Management Studio and connect to your database.
-
-2. Expand the database instance and then open the server-level **Security** folder.
-
- > [!IMPORTANT]
- > Make sure you open the **Security** folder at the server level and not for the database.
-
-3. Right-click **Logins**, and then click **New Login**.
-
- The **Login-New** dialog box appears.
-
-4. Type the following into the **Login name** box, based on your server instance type:
-
- - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_.
-
- - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`.
-
- > [!IMPORTANT]
- > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID).
-
-5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane.
-
-6. Click **OK**.
-
-## Step 5 - Restart the Application Pool and website
-Using the IIS Manager, you must restart both your Application Pool and your website.
-
-**To restart your Application Pool and website**
-1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane.
-
-2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane.
-
-## Step 6 - Registering as an administrator
-After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
-
-**To register as an administrator**
-1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
-
-2. Click **Register now**.
-
-3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box.
-
-4. Click **Administrator** from the **Role** box, and then click **Save**.
-
-5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
-
- A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
-
-6. Select your name from the available list, and then click **Activate**.
-
-7. Go to the Enterprise Mode Site List Portal Home page and sign in.
-
-## Step 7 - Configure the SMTP server and port for email notification
-After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system.
-
-**To set up your SMTP server and port for emails**
-1. Open Visual Studio, and then open the web.config file from your deployment directory.
-
-2. Update the SMTP server and port info with your info, using this format:
-
- ```
-
- Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
-
- **To turn off local control using Group Policy**
-
-3. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-4. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
-
-5. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
-
- **To turn off the site list using the registry**
-
-6. Open a registry editor, such as regedit.exe.
-
-7. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
- You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
-
-8. Close all and restart all instances of Internet Explorer.
- IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
-
- **To turn off local control using the registry**
-
-9. Open a registry editor, such as regedit.exe.
-
-10. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
- You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
-
-11. Close and restart all instances of IE.
- Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
-
-## Related topics
-- [What is Enterprise Mode?](what-is-enterprise-mode.md)
-- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
deleted file mode 100644
index 178085c2ad..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Turn off natural metrics for Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Fix font rendering problems by turning off natural metrics (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Fix font rendering problems by turning off natural metrics
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-By default, Internet Explorer 11 uses “natural metrics”. Natural metrics use inter-pixel spacing that creates more accurately rendered and readable text, avoiding many common font rendering problems with Windows Internet Explorer 9 or older sites.
-
-However, you might find that many intranet sites need you to use Windows Graphics Device Interface (GDI) metrics. To avoid potential compatibility issues, you must turn off natural metrics for those sites.
-
- **To turn off natural metrics**
-
-- Add the following HTTP header to each site: `X-UA-TextLayoutMetrics: gdi`
-
- -OR-
-
-- Add the following <meta> tag to each site: ``
-
-Turning off natural metrics automatically turns on GDI metrics.
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
deleted file mode 100644
index 1b32fa64ad..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Turn on Enterprise Mode and use a site list (Internet Explorer 11 for IT Pros)
-description: How to turn on Enterprise Mode and specify a site list.
-ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: medium
----
-
-
-# Turn on Enterprise Mode and use a site list
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Before you can use a site list with Enterprise Mode, you need to turn the functionality on and set up the system for centralized control. By allowing centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.
-
-> [!NOTE]
-> We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
-
- **To turn on Enterprise Mode using Group Policy**
-
-1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
- Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
-
- 
-
-2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
-
- **To turn on Enterprise Mode using the registry**
-
-3. **For only the local user:** Open a registry editor, like regedit.exe and go to `HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
- -OR-
- For all users on the device: Open a registry editor, like regedit.exe and go to This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. |
-|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list. This topic applies to both versions of the Enterprise Mode Site List Manager. |
-| [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the latest version of the Enterprise Mode Site List Manager.
-
-## Related topics
-
-
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
deleted file mode 100644
index b7669cf1ca..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: User interface problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# User interface problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Some of the features in both Internet Explorer 11 and IEAK 11 have moved around. Here are some of the more common changes.
-
-## Where did features go in the Internet Explorer Customization Wizard 11?
-Various installation or set up choices can prevent you from seeing certain pages in the Internet Explorer Customization Wizard 11. If, after going through the entire Wizard you still haven't found the screen you were looking for, try:
-
-- Making sure you picked the right version of IEAK 11 during installation. Most administrators should pick the **Internal** version, which has more screens and options available.
-
-- Making sure you picked all of the features you wanted from the **Feature Selection** page of the IE Customization Wizard 11. If you don't pick a feature, the associated page won't appear.
-
-## Where are the security zone settings?
-You can see your security zone settings by opening Internet Explorer for the desktop, clicking **Internet Options** from the **Tools** menu, and then clicking **Security**.
-
-## Where did the Favorites, Command, and Status bars go?
-For IE11, the UI has been changed to provide just the controls needed to support essential functionality, hiding anything considered non-essential, such as the **Favorites Bar**, **Command Bar**, **Menu Bar**, and **Status Bar**. This is intended to help focus users on the content of the page, rather than the browser itself. However, if you want these bars to appear, you can turn them back on using Group Policy settings.
-
- **To turn the toolbars back on**
-
-- Right click in the IE toolbar heading and choose to turn on the **Command bar**, **Favorites bar**, and **Status bar** from the menu.
- -OR-
- In IE, press ALT+V to show the View menu, press T to enter the Toolbars menu, and then press:
-
- - **C** to turn on the **Command Bar**
-
- - **F** to turn on the **Favorites Bar**
-
- - **S** to turn on the **Status Bar**
-
-## Where did the search box go?
-IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
-
-> [!NOTE]
-> Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
deleted file mode 100644
index 677f1c974a..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using IE7 Enterprise Mode or IE8 Enterprise Mode
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode gives you a way for your legacy websites and apps to run using emulated versions of Windows Internet Explorer 7 or Windows Internet Explorer 8, while your new sites and apps run using Internet Explorer 11, including modern standards and features.
-
-Although it’s called IE7 Enterprise Mode, it actually turns on Enterprise Mode along with Internet Explorer 7 or Microsoft Internet Explorer 5 Compatibility View. Compatibility View chooses which document mode to use based on whether there’s a `DOCTYPE` tag in your code:
-
-- **DOCTYPE tag found.** Webpages render using the Internet Explorer 7 document mode.
-- **No DOCTYPE tag found.** Webpages render using the Internet Explorer 5 document mode.
-
-**Important** Note
-For more information about virtualization options, see [Microsoft Desktop Virtualization](https://go.microsoft.com/fwlink/p/?LinkId=271662).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
deleted file mode 100644
index fd8cca1014..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ /dev/null
@@ -1,173 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Info about the features included in Enterprise Mode with Internet Explorer 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/25/2018
----
-
-
-# Enterprise Mode and the Enterprise Mode Site List
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
-
-## Available dual-browser experiences
-If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
-
-Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
-
-> [!TIP]
-> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
-
-For Windows 10, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List.
-
-
-## What is Enterprise Mode?
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
-
-### Enterprise Mode features
-Enterprise Mode includes the following features:
-
-- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that aren’t currently supported by existing document modes.
-
-- **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode.
-Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
-
-- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
-
- > [!Important]
- > All centrally-made decisions override any locally-made choices.
-
-- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
-
-- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
-
-## Enterprise Mode and the Enterprise Mode Site List
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
- XML file
-The Enterprise Mode Site List is an XML document that specifies a list of sites, their compatibility mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In IE11, the webpage can also be launched in a specific compatibility mode, so it always renders correctly. Your employees can easily view this site list by typing `about:compat` in either Microsoft Edge or IE11.
-
-Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
-
-### Site list xml file
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compatibility mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
-
-```xml
-
-Wait for the message, **Blocking deployment of IE11 on the local machine. The operation completed successfully.**
-
-6. Close the Command Prompt.
-
-For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](../ie11-faq/faq-ie11-blocker-toolkit.yml).
-
-## Automatic updates
-Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates.
-
-### Automatic delivery process
-Internet Explorer 11 only downloads and installs if it’s available for delivery through Automatic Updates; and Automatic Updates only offer Internet Explorer 11 to users with local administrator accounts. User’s without local administrator accounts won’t be prompted to install the update and will continue using their current version of Internet Explorer.
-
-Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10. If you decide you don’t want Internet Explorer 11, and you’re running Windows 7 SP1 or Windows Server 2008 R2 with SP1, you can uninstall it from the **View installed updates** section of the **Uninstall an update** page of the Control Panel.
-
-### Internet Explorer 11 automatic upgrades
-
-Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11.
-
-Users who were automatically upgraded to Internet Explorer 11 can decide to uninstall Internet Explorer 11. However, Internet Explorer 11 will still appear as an optional update through Windows Update.
-
-### Options for blocking automatic delivery
-
-If you use Automatic Updates in your company, but want to stop your users from automatically getting Internet Explorer 11, do one of the following:
-
-- **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
-
- > [!NOTE]
- >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-for-it-pros-ie11.yml).
-
-- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
-
-> [!NOTE]
-> If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
-
-
-### Prevent automatic installation of Internet Explorer 11 with WSUS
-
-Internet Explorer 11 will be released to WSUS as an Update Rollup package. Therefore, if you’ve configured WSUS to “auto-approve” Update Rollup packages, it’ll be automatically approved and installed. To stop Internet Explorer 11 from being automatically approved for installation, you need to:
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves an update that is classified as Update Rollup, and then click **Edit.**
-
- > [!NOTE]
- > If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
- > [!NOTE]
- > The properties for this rule will resemble the following:
- Supported web standards include:
-
- - Web Graphics Library (WebGL)
-
- - Canvas 2D L2 extensions, including image smoothing using the nearest neighbor, dashed lines, and fill rules
-
- - Fullscreen API
-
- - Encrypted media extensions
-
- - Media source extensions
-
- - CSS flexible box layout module
-
- - And mutation observers like DOM4 and 5.3
-
- For more information about specific changes and additions, see the [IE11 guide for developers](/previous-versions/windows/internet-explorer/ie-developer/dev-guides/bg182636(v=vs.85)).
-
- - question: |
- What test tools exist to test for potential application compatibility issues?
- answer: |
- The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://testdrive-archive.azurewebsites.net/html5/compatinspector/help/post.htm). In addition, you can use the new [F12 Developer Tools](/previous-versions/windows/internet-explorer/ie-developer/dev-guides/bg182632(v=vs.85)) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
-
- - question: |
- Why am I having problems launching my legacy apps with Internet Explorer 11?
- answer: |
- It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
-
- - **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
- - **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-
- For more information, see the [Web Applications](/dotnet/framework/migration-guide/application-compatibility) section of the Application Compatibility in the .NET Framework 4.5 page.
-
- - question: |
- Is there a compatibility list for IE?
- answer: |
- Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
-
- - question: |
- What is Enterprise Mode?
- answer: |
- Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
- For more information, see [Turn on Enterprise Mode and use a site list](../ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md).
-
- - question: |
- What is the Enterprise Mode Site List Manager tool?
- answer: |
- Enterprise Mode Site List Manager tool gives you a way to add websites to your Enterprise Mode site list, without having to manually code XML.
- For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
-
- - question: |
- Are browser plug-ins supported in IE11?
- answer: |
- The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
-
- - question: |
- Is Adobe Flash supported on IE11?
- answer: |
- Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
- **Important**
-
- |Setting |Result |
- |--------|-------|
- |Let IE decide |Links open in the same type of experience from where they're launched. For example, clicking a link from a Microsoft Store app, opens IE. However, clicking a link from a desktop app, opens Internet Explorer for the desktop. |
- |Always in IE11 |Links always open in IE. |
- |Always in Internet Explorer for the desktop |Links always open in Internet Explorer for the desktop. |
-
-
- - question: |
- Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?
- answer: |
- Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
-
- IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
-
- | | | |
- |---------|---------|---------|
- |[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) |
- |[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) |
- |[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) |
- |[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) |
- |[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) |
- |[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) |
- |[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) |
- |[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) |
-
-
-
-
- - question: |
- What are the different modes available for the Internet Explorer Customization Wizard?
- answer: |
- The IEAK Customization Wizard displays pages based on your licensing mode selection, either **Internal** or **External**. For more information on IEAK Customization Wizard modes, see [Determine the licensing version and features to use in IEAK 11](../ie11-ieak/licensing-version-and-features-ieak11.md).
-
- The following table displays which pages are available in IEAK 11, based on the licensing mode:
-
- | **Wizard Pages** | **External** | **Internal** |
- |-------------------------------------------|--------------|--------------|
- | Welcome to the IEAK | Yes | Yes |
- | File Locations | Yes | Yes |
- | Platform Selection | Yes | Yes |
- | Language Selection | Yes | Yes |
- | Package Type Selection | Yes | Yes |
- | Feature Selection | Yes | Yes |
- | Automatic Version Synchronization | Yes | Yes |
- | Custom Components | Yes | Yes |
- | Corporate Install | No | Yes |
- | User Experience | No | Yes |
- | Browser User Interface | Yes | Yes |
- | Search Providers | Yes | Yes |
- | Important URLs - Home page and Support | Yes | Yes |
- | Accelerators | Yes | Yes |
- | Favorites, Favorites Bar, and Feeds | Yes | Yes |
- | Browsing Options | No | Yes |
- | First Run Wizard and Welcome Page Options | Yes | Yes |
- | Compatibility View | Yes | Yes |
- | Connection Manager | Yes | Yes |
- | Connection Settings | Yes | Yes |
- | Automatic Configuration | No | Yes |
- | Proxy Settings | Yes | Yes |
- | Security and Privacy Settings | No | Yes |
- | Add a Root Certificate | Yes | No |
- | Programs | Yes | Yes |
- | Additional Settings | No | Yes |
- | Wizard Complete | Yes | Yes |
-
-
-additionalContent: |
-
- ## Related topics
-
- - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
- - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
- - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
deleted file mode 100644
index 618ec339b5..0000000000
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
+++ /dev/null
@@ -1,161 +0,0 @@
-### YamlMime:FAQ
-metadata:
- ms.localizationpriority: medium
- ms.mktglfcycl: explore
- description: Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
- author: dansimp
- ms.author: dansimp
- ms.prod: ie11
- ms.assetid:
- ms.reviewer:
- audience: itpro
- manager: dansimp
- title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
- ms.sitesec: library
- ms.date: 05/10/2018
- ms.topic: faq
-title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
-summary: |
- [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
- Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
-
- > [!Important]
- > If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
-
- - [Automatic updates delivery process](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#automatic-updates-delivery-process)
-
- - [How the Internet Explorer 11 Blocker Toolkit works](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#how-the-internet-explorer-11-blocker-toolkit-works)
-
- - [Internet Explorer 11 Blocker Toolkit and other update services](/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit#internet-explorer-11-blocker-toolkit-and-other-update-services)
-
-
-sections:
- - name: Automatic Updates delivery process
- questions:
- - question: |
- Which users will receive Internet Explorer 11 important update?
- answer: |
- Users running either Windows 7 with Service Pack 1 (SP1) or the 64-bit version of Windows Server 2008 R2 with Service Pack 1 (SP1) will receive Internet Explorer 11 important update, if Automatic Updates are turned on. Windows Update is manually run. Automatic Updates will automatically downloand install the Internet Explorer 11 files if it’s turned on. For more information about how Internet Explorer works with Automatic Updates and information about other deployment blocking options, see [Internet Explorer 11 Delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md).
-
- - question: |
- When is the Blocker Toolkit available?
- answer: |
- The Blocker Toolkit is currently available from the [Microsoft DownloCenter](https://www.microsoft.com/download/details.aspx?id=40722).
-
- - question: |
- Whtools cI use to manage Windows Updates and Microsoft Updates in my company?
- answer: |
- We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You calso use the more advanced configuration management tool, [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682041(v=technet.10)).
-
- - question: |
- How long does the blocker mechanism work?
- answer: |
- The Internet Explorer 11 Blocker Toolkit uses a registry key value to permanently turn off the automatic delivery of Internet Explorer 11. This behavior lasts long the registry key value isn’t removed or changed.
-
- - question: |
- Why should I use the Internet Explorer 11 Blocker Toolkit to stop delivery of Internet Explorer 11? Why can’t I just disable all of Automatic Updates?
- answer: |
- Automatic Updates provide you with ongoing criticsecurity and reliability updates. Turning this feature off cleave your computers more vulnerable. Instead, we suggest thyou use update management solution, such WSUS, to fully control your environment while leaving this feature running, managing how and when the updates get to your user’s computers.
-
- The Internet Explorer 11 Blocker Toolkit safely allows Internet Explorer 11 to downloand install in companies thcan’t use WSUS, Configuration Manager, or
- other update management solution.
-
- - question: |
- Why don’t we just block URL access to Windows Update or Microsoft Update?
- answer: |
- Blocking the Windows Update or Microsoft Update URLs also stops delivery of criticsecurity and reliability updates for all of the supported versions of the Windows operating system; leaving your computers more vulnerable.
-
- - name: How the Internet Explorer 11 Blocker Toolkit works
- questions:
- - question: |
- How should I test the Internet Explorer 11 Blocker Toolkit in my company?
- answer: |
- Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additionimpact or side effects to your environment. No additiontesting should be necessary.
-
- - question: |
- What’s the registry key used to block delivery of Internet Explorer 11?
- answer: |
- HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\11.0
-
- - question: |
- What’s the registry key name and values?
- answer: |
- The registry key name is **DoNotAllowIE11**, where:
-
- - A value of **1** turns off the automatic delivery of Internet Explorer 11 using Automatic Updates and turns off the Express install option.
-
- - Not providing a registry key, or using a value of anything other th**1**, lets the user install Internet Explorer 11 through Automatic Updates or a
- manuupdate.
-
- - question: |
- Does the Internet Explorer 11 Blocker Toolkit stop users from manually installing Internet Explorer 11?
- answer: |
- No. The Internet Explorer 11 Blocker Toolkit only stops computers from automatically installing Internet Explorer 11 through Automatic Updates. Users cstill downloand install Internet Explorer 11 from the Microsoft DownloCenter or from externmedia.
-
- - question: |
- Does the Internet Explorer 11 Blocker Toolkit stop users from automatically upgrading to Internet Explorer 11?
- answer: |
- Yes. The Internet Explorer 11 Blocker Toolkit also prevents Automatic Updates from automatically upgrading a computer from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11.
-
- - question: |
- How does the provided script work?
- answer: |
- The script accepts one of two command line options:
-
- - **Block:** Creates the registry key thstops Internet Explorer 11 from installing through Automatic Updates.
-
- - **Unblock:** Removes the registry key thstops Internet Explorer 11 from installing through Automatic Updates.
-
- - question: |
- What’s the ADM template file used for?
- answer: |
- The Administrative Template (.adm file) lets you import the new Group Policy environment and use Group Policy Objects to centrally manage all of the computers in your company.
-
- - question: |
- Is the tool localized?
- answer: |
- No. The tool isn’t localized, it’s only available in English (en-us). However, it does work, without any modifications, on any language edition of the supported operating systems.
-
- - name: Internet Explorer 11 Blocker Toolkit and other update services
- questions:
- - question: |
- Is there a version of the Internet Explorer Blocker Toolkit thwill prevent automatic installation of IE11?
- answer: |
- Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft DownloCenter.
-
- - question: |
- Does the Internet Explorer 11 blocking mechanism also block delivery of Internet Explorer 11 through update management solutions, like WSUS?
- answer: |
- No. You cstill deploy Internet Explorer 11 using one of the upgrade management solutions, even if the blocking mechanism is activated. The Internet Explorer 11 Blocker Toolkit is only intended for companies thdon’t use upgrade management solutions.
-
- - question: |
- If WSUS is set to 'auto-approve' Update Rollup packages (this is not the default configuration), how do I stop Internet Explorer 11 from automatically installing throughout my company?
- answer: |
- You only need to change your settings if:
-
- - You use WSUS to manage updates and allow auto-approvals for Update Rollup installation.
-
- -and-
-
- - You have computers running either Windows 7 SP1 or Windows Server 2008 R2 (SP1) with Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 installed.
-
- -and-
-
- - You don’t want to upgrade your older versions of Internet Explorer to Internet Explorer 11 right now.
-
- If these scenarios apply to your company, see [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md) for more information on how to prevent automatic installation.
-
-
-additionalContent: |
-
- ## Additionresources
-
- - [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-
- - [Internet Explorer 11 Ffor IT pros](./faq-for-it-pros-ie11.yml)
-
- - [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
-
- - [Internet Explorer 11 deployment guide](../ie11-deploy-guide/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.yml b/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
deleted file mode 100644
index 20e3889f45..0000000000
--- a/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
+++ /dev/null
@@ -1,140 +0,0 @@
-### YamlMime:FAQ
-metadata:
- ms.localizationpriority: medium
- ms.mktglfcycl: support
- ms.pagetype: security
- description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
- author: dansimp
- ms.author: dansimp
- ms.manager: elizapo
- ms.prod: ie11
- ms.assetid:
- ms.reviewer:
- audience: itpro
- manager: dansimp
- title: IEAK 11 - Frequently Asked Questions
- ms.sitesec: library
- ms.date: 05/10/2018
- ms.topic: faq
-title: IEAK 11 - Frequently Asked Questions
-summary: |
- [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
- Get answers to commonly asked questions about the Internet Explorer Administration Kit 11 (IEAK 11), and find links to additional material you might find helpful.
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What is IEAK 11?
- answer: |
- IEAK 11 enables you to customize, brand, and distribute customized Internet Explorer 11 browser packages across an organization. Download the kit from the [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
-
- - question: |
- What are the supported operating systems?
- answer: |
- You can customize and install IEAK 11 on the following supported operating systems:
-
- - Windows 8
-
- - Windows Server 2012
-
- - Windows 7 Service Pack 1 (SP1)
-
- - Windows Server 2008 R2 Service Pack 1 (SP1)
-
- > [!NOTE]
- > IEAK 11 does not support building custom packages for Windows RT.
-
-
- - question: |
- What can I customize with IEAK 11?
- answer: |
- The IEAK 11 enables you to customize branding and settings for Internet Explorer 11. For PCs running Windows 7, the custom package also includes the Internet Explorer executable.
-
- > [!NOTE]
- > Internet Explorer 11 is preinstalled on PCs running Windows 8. Therefore, the executable is not included in the customized package.
-
- - question: |
- Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?
- answer: |
- Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
-
- > [!NOTE]
- > IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
-
- - question: |
- Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?
- answer: |
- Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
-
- - [Internet Explorer Administration Kit Information and Downloads](../ie11-ieak/ieak-information-and-downloads.md) on the Internet Explorer TechCenter.
-
- - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-
- - question: |
- What are the different modes available for the Internet Explorer Customization Wizard?
- answer: |
- The IEAK Customization Wizard displays pages based on your licensing mode selection, either **Internal** or **External**. For more information on IEAK Customization Wizard modes, see [What IEAK can do for you](../ie11-ieak/what-ieak-can-do-for-you.md).
-
- The following table displays which pages are available in IEAK 11, based on the licensing mode:
-
- | **Wizard Pages** | **External** | **Internal** |
- |-------------------------------------------|--------------|--------------|
- | Welcome to the IEAK | Yes | Yes |
- | File Locations | Yes | Yes |
- | Platform Selection | Yes | Yes |
- | Language Selection | Yes | Yes |
- | Package Type Selection | Yes | Yes |
- | Feature Selection | Yes | Yes |
- | Automatic Version Synchronization | Yes | Yes |
- | Custom Components | Yes | Yes |
- | Corporate Install | No | Yes |
- | User Experience | No | Yes |
- | Browser User Interface | Yes | Yes |
- | Search Providers | Yes | Yes |
- | Important URLs - Home page and Support | Yes | Yes |
- | Accelerators | Yes | Yes |
- | Favorites, Favorites Bar, and Feeds | Yes | Yes |
- | Browsing Options | No | Yes |
- | First Run Wizard and Welcome Page Options | Yes | Yes |
- | Compatibility View | Yes | Yes |
- | Connection Manager | Yes | Yes |
- | Connection Settings | Yes | Yes |
- | Automatic Configuration | No | Yes |
- | Proxy Settings | Yes | Yes |
- | Security and Privacy Settings | No | Yes |
- | Add a Root Certificate | Yes | No |
- | Programs | Yes | Yes |
- | Additional Settings | No | Yes |
- | Wizard Complete | Yes | Yes |
-
-
- - question: |
- Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?
- answer: |
- Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
-
- IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
-
- | | | |
- |---------|---------|---------|
- |[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) |
- |[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) |
- |[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) |
- |[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) |
- |[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) |
- |[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) |
- |[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) |
- |[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) |
-
-additionalContent: |
-
- ## Additional resources
-
- -[Download IEAK 11](../ie11-ieak/ieak-information-and-downloads.md)
- -[IEAK 11 overview](../ie11-ieak/index.md)
- -[IEAK 11 product documentation](../ie11-ieak/index.md)
- -[IEAK 11 licensing guidelines](../ie11-ieak/licensing-version-and-features-ieak11.md)
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
deleted file mode 100644
index 40a7886b0a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Accelerators page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Accelerators page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Accelerators** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add accelerators to your employee computers. Accelerators are contextual menu options that can quickly get to a web service from any webpage. For example, an accelerator can look up a highlighted word in the dictionary or a selected location on a map.
-
-**Note**
-The **Add Accelerator** box appears.
-
-3. Use the **Browse** button to go to your custom accelerator XML file.
-
-4. Check the **Set this Accelerator as the default for the category** box if you want this accelerator to be the default value that shows up for the category.
-
-5. Click **Edit** to change your accelerator information, click **Set Default** to make an accelerator the default value for a category, or **Remove** to delete an accelerator.
-
-6. Click **Next** to go to the [Favorites, Favorites Bar, and Feeds](favorites-favoritesbar-and-feeds-ieak11-wizard.md) page or **Back** to go to the [Important URLs - Home Page and Support](important-urls-home-page-and-support-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
deleted file mode 100644
index b4d0459c78..0000000000
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use IEAK 11 to add and approve ActiveX controls for your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add and approve ActiveX controls using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add and approve ActiveX controls using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-There are two main approaches to how you can control the use of ActiveX controls in your company. For more info about ActiveX controls, including how to manage the controls using Group Policy, see [Group Policy and ActiveX installation](../ie11-deploy-guide/activex-installation-using-group-policy.md) in the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
-
-**Note** Note Note
- For more detailed info about how to set up your DHCP server, see your server documentation.
-
-**To set up automatic detection for DNS servers**
-
-1. In your DNS database file, the file that’s used to associate your host (computer) names to static IP addresses in a zone, you need to create a host record named, **WPAD**. This record contains entries for all of the hosts that require static mappings, such as workstations, name servers, and mail servers. It also has the IP address to the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file. The syntax is: -OR-
- Create a canonical name (CNAME) alias record, named WPAD. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
- Note
-You might receive a security warning before downloading your Setup file, asking if you want to continue. Click **Run** to continue.
-
-2. Click **Next** to go to the [Custom Components](custom-components-ieak11-wizard.md) page or **Back** to go to the [Feature Selection](feature-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
deleted file mode 100644
index 7271837b2e..0000000000
--- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: A list of steps to follow before you start to create your custom browser installation packages.
-author: dansimp
-ms.author: dansimp
-ms.manager: elizapo
-ms.prod: ie11
-ms.assetid: 6ed182b0-46cb-4865-9563-70825be9a5e4
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Before you start using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 04/24/2018
----
-
-
-# Before you start using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Before you run IEAK 11 and the Customization Wizard, make sure you have met the following requirements:
-
-- Have you determined which licensing version of the Internet Explorer Administration Kit 11 to install? For info, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
-
-- Do you meet the necessary hardware and software requirements? See [Hardware and software requirements for IEAK 11](hardware-and-software-reqs-ieak11.md).
-
-- Have you gotten all of the URLs needed to customize your **Home**, **Search**, and **Support** pages? See [Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](important-urls-home-page-and-support-ieak11-wizard.md).
-
-- Have you reviewed the security features to determine how to set up and manage them? See [Security features and IEAK 11](security-and-ieak11.md).
-
-- Have you created a test lab, where you can run the test version of your browser package to make sure it runs properly?
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
deleted file mode 100644
index 351b1bbb76..0000000000
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Branding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Branding .INS file to create custom branding and setup info
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about the custom branding and setup information in your browser package.
-
-|Name |Value | Description |
-|-----------|--------------------------------|--------------------------------------------------------------|
-|Add on URL | ` **Note** **Note**
-The text shows up in the title bar as **IE provided by** <*your_custom_text*>.
-
-2. Check the **Delete existing toolbar buttons, if present** box so you can delete all of the toolbar buttons in your employee’s browser, except for the standard buttons installed with IE (which can’t be removed).
-
-**Note**
- The **Browser Toolbar Button Information** box appears.
-
-4. In the **Toolbar caption** box, type the text that shows up when an employee hovers over your custom button. We recommend no more than 10 characters.
-
-5. In the **Toolbar action** box, browse to your script or executable file that runs when an employee clicks your custom button.
-
-6. In the **Toolbar icon** box, browse to the icon file that represents your button while active. This icon must be 20x20 pixels.
-
-7. Check the **This button should be shown on the toolbar by default** box so your custom button shows by default.
- This box should be cleared if you want to offer a custom set of buttons, but want your employees to choose whether or not to use them. In this situation, your buttons will show up in the **Customize Toolbars** dialog box, under **Available toolbar buttons**. Your employees can get to this dialog box in IE by clicking **Tools** from the **Command Bar**, clicking **Toolbars**, and then clicking **Customize**.
-
-8. Click **OK.**
-
-9. Click **Edit** to change your custom toolbar button or **Remove** to delete the button. The removed button will disappear from your employee’s computer after you apply the updated customization. Only custom toolbar buttons can be removed.
-
-10. Click **Next** to go to the [Search Providers](search-providers-ieak11-wizard.md) page or **Back** to go to the [User Experience](user-experience-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
deleted file mode 100644
index 05fb2324f7..0000000000
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about how to customize the Internet Explorer toolbar.
-
-|Name |Value |Description |
-|-----------|---------------------------|-------------|
-|Action0 |` **Note** **Note**
-**Important**
-Where *description* is the string that’s shown in the **Uninstall or change a program** box.
-
-2. Add another new key and value to:
-Where *command-line* is the command that’s run when the component is picked from the **Uninstall or change a program** box.
-
-Your uninstall script must also remove your key from under the **Uninstall** registry key, so that your component no longer appears in the **Uninstall or change a program** after uninstallation. You can also run just a section of an .inf file by using the Setupx.dll InstallHinfSection entry point. To make this work, your installation script must copy the .inf file to the Windows\Inf folder for your custom component.
-
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
deleted file mode 100644
index 1a981a5a16..0000000000
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Custom Components page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Custom Components page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](https://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
-
-**Important**
-The **Add a Custom Component** box appears.
-
-2. Type in the name of your component and then browse to the location of your file (either .cab or .exe).
-
-3. Pick when to install the component. This can be before IE, after IE, or after the computer restarts.
-**Important**
-The boxes clear and you can add another component. Click **Cancel** to go back to the **Custom Components** page.
-
-12. Click **Edit** to change your custom component information, **Verify** to make sure the component is digitally signed, or **Remove** to delete the component from your custom installation package.
-
-13. Click **Next** to go to the [Internal Install](internal-install-ieak11-wizard.md) page or **Back** to go to the [Automatic Version Synchronization](auto-version-sync-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
deleted file mode 100644
index 7a5556235d..0000000000
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the CustomBranding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the CustomBranding .INS file to create custom branding and setup info
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Provide the URL to your branding cabinet (.cab) file.
-
-
-| Name | Value | Description |
-|----------|------------------|------------------------------------------------------------------------------------------------------------------------|
-| Branding | `
- For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
- **Important**
-The links are imported and added to the **Favorites, Favorites Bar, and Feeds** page, beneath the **Favorites** folder.
-
-3. To add a new favorite link, pick **Favorites**, and then click **Add URL**.
-The **Details** box appears.
-
-4. Type the new link name in the **Name** box.
-
-5. Type the new URL in the **URL** box.
-
-6. Optionally, you can add a 16x16 pixel icon to your link by adding the location in the **Icon** box.
-
-7. Click **OK**.
-
-8. To add a new **Favorites** folder, pick **Favorites**, and then click **Add Folder**.
-The **Details** box appears.
-
-9. Type the folder name into the **Name** box, and then click **OK**.
-
-10. Click **Edit** to change any of your new information, **Test URL** to test each of your links to make sure they go to the right place, or **Remove** to delete a **Favorites** item.
-
-11. If you have multiple **Favorites** links, you can update their order in the list. Check the **Add to the top of the list** box, click the link you want to move, and then click **Move Up** or **Move Down**.
-
-12. Check the **Disable IE Suggested Sites** box to disable the Suggested Sites feature. By turning this on, your employees won’t receive suggested sites based on the sites that they visit.
-
-13. Continue with the next procedures in this topic to add additional **Favorites Bar** or **RSS Feeds** links, or you can click **Next** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page or **Back** to go to the [Accelerators](accelerators-ieak11-wizard.md) page.
-
-**To work with the Favorites Bar**
-
-1. To import your existing folder of links, pick **Favorites Bar**, and then click **Import**.
-
-2. Go to your existing link folder, most likely in the `
-The links are imported and added to the **Favorites, Favorites Bar, and Feeds** page, beneath the **Favorites Bar** folder.
-
-3. To add a new link to the **Favorites Bar**, pick **Favorites Bar**, and then click **Add URL**.
-The **Details** box appears.
-
-4. Type the new quick link name in the **Name** box.
-
-5. Type the new URL in the **URL** box.
-
-6. Optionally, you can add a 16x16 pixel icon to your link by adding the location in the **Icon** box.
-
-7. Pick whether your link is a simple **Link**, a **Feed**, or a **Web Slice**, and then click **OK**.
-
-8. Click **Edit** to change any of your new information, **Test URL** to test each of your links to make sure they go to the right place, or **Remove** to delete a **Favorites Bar** item.
-
-9. If you have multiple **Favorites Bar** links, you can update their order in the list. Check the **Add to the top of the list** box, click the link you want to move, and then click **Move Up** or **Move Down**.
-
-10. Check the **Disable IE Suggested Sites** box to disable the Suggested Sites feature. By turning this on, your employees won’t receive suggested sites based on the sites that they visit.
-
-11. Continue with the next procedures in this topic to add additional **Favorites** or **RSS Feeds** links, or you can click **Next** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page or **Back** to go to the [Accelerators](accelerators-ieak11-wizard.md) page.
-
-**To work with RSS Feeds**
-
-1. To add a new link to the **RSS Feeds**, pick **Favorites Bar**, and then click **Add URL**.
-The **Details** box appears.
-
-2. Type the new link name in the **Name** box.
-
-3. Type the new URL in the **URL** box, and then click **OK**.
-
-4. Click **Edit** to change any of your new information, **Test URL** to test each of your links to make sure they go to the right place, or **Remove** to delete a **RSS Feeds** item.
-
-5. If you have multiple **RSS Feeds** links, you can update their order in the list. Check the **Add to the top of the list** box, click the link you want to move, and then click **Move Up** or **Move Down**.
-
-6. Check the **Disable IE Suggested Sites** box to disable the Suggested Sites feature. By turning this on, your employees won’t receive suggested sites based on the sites that they visit.
-
-7. Continue with the next procedures in this topic to add additional **Favorites** or **Favorites Bar** links, or you can click **Next** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page or **Back** to go to the [Accelerators](accelerators-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
deleted file mode 100644
index ac736e20df..0000000000
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 55de376a-d442-478e-8978-3b064407b631
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the FavoritesEx .INS file for your Favorites icon and URLs (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the FavoritesEx .INS file for your Favorites icon and URLs
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about where you store your **Favorites** icon file, whether your **Favorites** are available offline, and the URLs for each **Favorites** site.
-
-|Name |Value |Description |
-|----------------|-----------------------|--------------------------------------------------------------------------|
-|IconFile1 |`
-You can also click **Select All** to add, or **Clear All** to remove, all of the features.
-
-2. Click **Next** to go to the [Automatic Version Synchronization](auto-version-sync-ieak11-wizard.md) page or **Back** to go to the [Package Type Selection](pkg-type-selection-ieak11-wizard.md) page.
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
deleted file mode 100644
index 0aee908cd4..0000000000
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders.
-author: dansimp
-ms.prod: ie11
-ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the File Locations page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the File Locations page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **File Locations** page of the Internet Explorer Customization Wizard 11 lets you change the location of your folders, including:
-
-- Where you’ll create and store your custom installation package.
-
-- Where you’ll download and store Internet Explorer 11.
-
-**Important**
-**Note**
-The **Advanced Options** box opens and lets you change how the wizard downloads and gets files, and how it imports settings from your .ins file.
-
-3. Check the box letting IE Customization Wizard 11 look for the latest components, using Automatic Version Synchronization.
-This option lets the wizard connect to the IE **Downloads** page to look for updated versions of IE since you last ran the wizard.
-**Important**
-By importing settings from an .ins file, you can re-use existing configurations. This saves you time if your packages have the same or similar settings.
-
-5. Browse to your component download folder.
-Automatic Version Synchronization automatically checks the component download folder to see if you have the latest version of IE. To keep this folder up-to-date, you shouldn’t change its location. However, if you want to keep both a previous version of IE and the latest version, we recommend you download the components to a different location.
-
-6. Click **OK** to close the **Advanced Options** box, and then click **Next** to go to the [Platform Selection](platform-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
deleted file mode 100644
index 616e3b9938..0000000000
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11).
-author: dansimp
-ms.prod: ie11
-ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: File types used or created by IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# File types used or created by IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-A list of the file types used or created by tools in IEAK 11:
-
-|File type |Description |
-|----------|-------------------------|
-|.adm | An admin file (located at ` **Important**
-Clearing this box lets you use the IE11 **Welcome** page or your custom **Welcome** page.
-
-2. If you cleared the First Run wizard box, you can decide which **Welcome** page to use:
-
- - **Use IE11 Welcome Page.** Check this box if you want to use the default IE11 **Welcome** page.
-
- - **Use a custom Welcome Page.** Check this box if you want to use a custom **Welcome** page. If you choose this option, you need to add the URL to your custom page.
-
-3. Click **Next** to go to the [Compatibility View](compat-view-ieak11-wizard.md) page or **Back** to go to the [Browsing Options](browsing-options-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
deleted file mode 100644
index e3d95badec..0000000000
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons.
-author: dansimp
-ms.prod: ie11
-ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Customize the toolbar button and Favorites List icons using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Customize the Toolbar button and Favorites List icons using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use these customization guidelines to change the browser toolbar button and the **Favorites List** icons, using your own branding and graphics.
-
-**Important** However, you must use the Windows 8.1 target platform and only the "Configuration-only package" is available.
-
-- Windows 8.1
-
-- Windows Server 2012 R2
-
-- Windows® 7 Service Pack 1 (SP1)
-
-- Windows Server 2008 R2 (SP1)
-
-**Important**
-
-|Parameter (Setup options) |Description |
-|--------------------------|-------------------------------------------------------------------------------------------------|
-|`/update-no` |Doesn't look for Internet Explorer updates. |
-|`/no-default` |Doesn't make Internet Explorer the default browser. |
-|`/no-backup` |Doesn't back up the files necessary to uninstall IE. |
-|`/ieak-full` |Reserved for use by the IEAK 11. |
-|`/ieak-branding` |Reserved for use by the IEAK 11. |
-
-
-|Parameter (Restart options) |Description |
-|----------------------------|--------------------------------------------|
-|`/norestart` |Doesn't restart after installation. |
-|`/forcerestart` |Restarts after installation. |
-
-
-|Parameter (miscellaneous options) |Description |
-|----------------------------------|--------------------------------------------|
-|`/help` |Provides help info. Can't be used with any other option. |
-|`/log **Important** **Note** This only applies to IE11 on Windows 7 SP1 |
-|[Browser user interface](browser-ui-ieak11-wizard.md) |Internet Explorer for the desktop |Customize your title bars and toolbar buttons. |
-|[Search Providers](search-providers-ieak11-wizard.md) |Both |Import and add Search providers. |
-|[Important URLs – Home page and Support](important-urls-home-page-and-support-ieak11-wizard.md) |The **Support** page is supported by both experiences. The **Home** page is only supported on Internet Explorer for the desktop. |Add URLs for your **Home** and **Support** pages. |
-|[Accelerators](accelerators-ieak11-wizard.md) |Internet Explorer for the desktop |Import and add default accelerators. |
-|[Favorites, Favorites Bar and Feeds](favorites-favoritesbar-and-feeds-ieak11-wizard.md) |Internet Explorer for the desktop |Import and add items to the **Favorites** folder, the **Favorites Bar**, and the **Feeds** folder. **Note** **Note** -OR- -AND- -OR-
-If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you don’t add a custom **Home** page, IE uses https://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**.
-
-2. Check the **Retain previous Home Page (Upgrade)** box if you have employees with previous versions of IE, who need to keep their **Home** page settings when the browser is updated.
-
-3. Check the **Online support page URL** box to type in the URL to your own support page. Customizing the support page is only supported in Internet Explorer for the desktop.
-
-4. Click **Next** to go to the [Accelerators](accelerators-ieak11-wizard.md) page or **Back** to go to the [Search Providers](search-providers-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
deleted file mode 100644
index d4dde73e8c..0000000000
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.mktglfcycl: plan
-description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
-title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.localizationpriority: medium
-manager: dansimp
-ms.date: 03/15/2016
----
-
-
-# Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
-
-Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
-
-> [!IMPORTANT]
-> Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary.
-
-
-## Included technology
-IEAK 11 includes the following technology:
-- **Internet Explorer Customization Wizard.** This wizard guides you through the process of creating custom browser packages. After these packages are installed on your user's desktop, the user receives customized versions of Internet Explorer 11, with the settings and options you selected through the wizard.
-- **Windows Installer (MSI).** IEAK 11 supports creating an MSI wrapper for your custom Internet Explorer 11 packages, enabling you to use Active Directory to deploy the package to your user's PC.
-- **IEAK Help.** IEAK 11 Help includes many conceptual and procedural topics, which you can view from the **Index**, **Contents**, or **Search** tabs. You also have the option to print any topic, or the entire Help library.
-
-
-## Naming conventions
-IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1 Update and newer versions of the Windows operating system:
-
-|Name |Description |
-|-----|-----------------------------------------------------------|
-|IE |The immersive browser, or IE, without a specific version. |
-|Internet Explorer for the desktop |The desktop browser. This is the only experience available when running IE11 on Windows 7 SP1. |
-|IE11 |The whole browser, which includes both IE and Internet Explorer for the desktop. |
-|Internet Explorer Customization Wizard 11 |Step-by-step wizard screens that help you create custom IE11 installation packages. |
-
-## Related topics
-- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.yml)
-- [Download IEAK 11](ieak-information-and-downloads.md)
-- [IEAK 11 administrators guide]()
-- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
deleted file mode 100644
index 6936f198d0..0000000000
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Internal Install page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Internal Install page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Internal Install** page of the Internet Explorer Customization Wizard 11 lets you customize Setup for the default browser and the latest browser updates, based on your company’s guidelines.
-
-**Note** -OR-
-
- - **Do not set IE as the default browser.** Won’t set IE as the default browser. However, your employees can still make IE the default.
-
-2. Click **Next** to go to the [User Experience](user-experience-ieak11-wizard.md) page or **Back** to go to the [Custom Components](custom-components-ieak11-wizard.md).
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
deleted file mode 100644
index 666c5f8b17..0000000000
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the ISP_Security .INS file to add your root certificate (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the ISP_Security .INS file to add your root certificate
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about where you store the root certificate you’re adding to your custom package.
-
-|Name |Value |Description |
-|---------------|-----------------------|------------------------------------------------------------------------------------------|
-|RootCertPath |`
-You can support as many languages as you want, but each localized version must be in its own install package.
-**Note** -OR-
-
-2. Check the **Configuration-only package** box if you want to update an existing installation of IE11. This media package is named **IE11- Setup-Branding.exe**, in the `
-You can distribute this file on any media format or server. It customizes the IE11 features without re-installing IE.
-**Important**
-You must create individual packages for each supported operating system.
-**Note** -OR-
-
- - **Import the current Program Settings.** Pick this option to import the program associations from your device and use them as the preset for your employee’s program settings. **Note**
-Proxy locations that don’t begin with a protocol (like, https:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `https://proxy`.
-
-3. Type the port for each service. The default value is *80*.
-
-4. Check the **Use the same proxy server for all addresses** box to use the same proxy server settings for all of your services.
-
-5. Type any services that shouldn’t use a proxy server into the **Do not use proxy server for addresses beginning with** box.
-When filling out your exceptions, keep in mind:
-
- - Proxy bypass entries can begin with a protocol type, such as https://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol.
-
- - Protocol values are not case sensitive and you can use a wildcard character (*) in place of zero or more characters.
-
- - You must use a semicolon between your entries.
-
- - This list is limited to **2064** characters.
-
-6. Check the **Do not use proxy server for local (intranet) addresses** to bypass your proxy servers for all addresses on your intranet.
-
-7. Click **Next** to go to the [Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) page or **Back** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
deleted file mode 100644
index f3b4414183..0000000000
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Learn how to register an uninstall app for your custom components, using IEAK 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Register an uninstall app for custom components using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.date: 07/27/2017
----
-
-
-# Register an uninstall app for custom components using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Register the uninstall apps for any custom components you’ve included in your Internet Explorer 11 package. Registering these apps lets your employees remove the components later, using **Uninstall or change a program** in the Control Panel.
-
-## Register your uninstallation program
-While you’re running your custom component setup process, your app can add information to the subkeys in the `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ApplicationName` registry key, registering your uninstallation program.
-
-**Note**
-The Microsoft Management Console opens.
-
-2. Click **File**, and then click **Add/Remove Snap-in**.
-
-3. In the **Available snap-ins** window, go down to the **Resultant Set of Policy** snap-in option, click **Add**, and then click **OK**.
-You’re now ready to use the RSoP snap-in from the console.
-
-**To use the RSoP snap-in**
-
-1. Right-click **Resultant Set of Policy** and then click **Generate RSoP Data**.
-You’ll only need to go through the resulting RSoP Wizard first time you run the snap-in.
-
-2. Click **Next** on the **Welcome** screen.
-
-3. Under **Computer Configuration**, click **Administrative Templates**, click **Windows Components**, click **IE**, and then click the feature you want to review the policy settings for.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
deleted file mode 100644
index c092a2101b..0000000000
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Search Providers page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Search Providers page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Search Providers** page of the Internet Explorer Customization Wizard 11 lets you add a default search provider (typically, Bing®) and additional providers to your custom version of IE.
-
-**Note**
-The **Search Provider** box appears.
-
-3. In the **Display Name** box, type the text that appears in the **Search Options** menu for the search provider.
-
-4. In the **URL** box, type the full URL to the search provider, including the https:// prefix.
-
-5. In the **Favicon URL** box, type the full URL to any icon to associate with your provider.
-
-6. In the **Suggestions URL (XML)** box, type the associated search suggestions in XML format.
-
-7. In the **Suggestions URL (JSON)** box, type the associated search suggestions in JavaScript Object Notation format.
-
-8. In the **Accelerator Preview URL** box, type the associated Accelerator preview URL for each provider, if it’s necessary.
-
-9. Check the **Display Search Suggestions for this provider** box to turn on search suggestions for the provider, and then click **OK**.
-
-10. Check the **Search Guide URL Customization** box if you’re going to add your search providers to a custom webpage for your employees. Then, type the URL to the custom webpage in the text box.
-
-11. Click **Edit** to change your search provider information, click **Set Default** to make a search provider the default for your employees, or **Remove** to delete a search provider.
-
-12. Click **Next** to go to the [Important URLs - Home Page and Support](important-urls-home-page-and-support-ieak11-wizard.md) page or **Back** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
deleted file mode 100644
index 6c1c936553..0000000000
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Learn about the security features available in Internet Explorer 11 and IEAK 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Security features and IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Security features and IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use Internet Explorer in conjunction with your new and existing security measures, to make sure the computers in your company aren’t compromised while on the Internet.
-
-## Enhanced Protection Mode
-Extends Protected Mode to further restrict the ability of an attacker to access sensitive or personal information in personal and corporate environments, including:
-
-- Restricting access to higher-level processes in the AppContainer.
-
-- Improving security against memory safety exploits in 64-bit tab processes.
-
-This feature is turned off by default. For more info, see [Enhanced Protected Mode problems with Internet Explorer](../ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md).
-
-## Certificates and Digital Signatures
-Web browsers have security features that help protect users from downloading harmful programs. Depending on the security level and the platform that you are using, the user may be prevented from, or warned against, downloading programs that are not digitally signed. Digital signatures show users where programs come from, verify that the programs have not been altered, and ensure that users do not receive unnecessary warnings when installing the custom browser.
-
-Because of this, the custom .cab files created by the Internet Explorer Customization Wizard should be signed, unless you pre-configure the Local intranet zone with a Low security setting. Any custom components you distribute with your browser package for these platforms should also be signed.
-
-### Understanding digital certificates
-To sign your package and custom programs digitally, you must first obtain a digital certificate. You can obtain a certificate from a certification authority or a privately-controlled certificate server. For more info about obtaining certificates or setting up a certificate server, see the following:
-
-- Microsoft-trusted certification authorities ([Windows root certificate program requirements](/previous-versions//cc751157(v=technet.10))).
-
-- Certificates overview documentation ([Certificates](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732331(v=ws.11))).
-
-- Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732625(v=ws.11))).
-
-- Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771400(v=ws.11))).
-
-After you get a certificate, you should note the public and private keys, which are a matched set of keys that are created by the software publisher for encryption and decryption. They are generated on your device at the time the certificate is requested, and your private key is never sent to the certification authority or any other party.
-
-### Understanding code signing
-Code signing varies, depening on how you plan to distribute your custom install package.
-
-- **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](/dotnet/framework/tools/signtool-exe)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](/previous-versions/9sh96ycy(v=vs.100))). You should read the documentation included with these tools for more info about all of the signing options.
-In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](/previous-versions/windows/hardware/design/dn653556(v=vs.85))).
-
-- **If you plan to distribute your custom packages over an intranet**, sign the custom files or preconfigure the Local intranet zone with a Low security setting, because the default security setting does not allow users to download unsigned programs or code.
-
-### Understanding your private key
-Your device creates two keys during the enrollment process of your digital certificate. One is a public key, which is sent to anyone you want to communicate with, and one is a private key, which is stored on your local device and must be kept secret. You use the private key to encrypt your data and the corresponding public key to decrypt it.
-
-You must keep your private key, private. To do this, we recommend:
-
-- **Separate test and release signing.** Set up a parallel code signing infrastructure, using test certificates created by an internal test root certificate authority. This helps to ensure that your certificates aren’t stored on an insecure build system, reducing the likelihood that they will be compromised.
-
-- **Tamper-proof storage.** Save your private keys on secure, tamper-proof hardware devices.
-
-- **Security.** Protect your private keys using physical security measures, such as cameras and card readers.
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
deleted file mode 100644
index c78a131719..0000000000
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings.
-author: dansimp
-ms.prod: ie11
-ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Security and Privacy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Security and Privacy Settings page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Security and Privacy Settings** page of the Internet Explorer Customization Wizard 11 lets you manage your security zones, privacy settings, and content ratings. These settings help restrict the types of content your employees can access from the Internet, including any content that might be considered offensive or otherwise inappropriate in a corporate setting.
-
-**To use the Security and Privacy Settings page**
-
-1. Decide if you want to customize your security zones and privacy settings. You can pick:
-
- - **Do not customize security zones and privacy.** Pick this option if you don’t want to customize your security zones and privacy settings.
-
- - **Import the current security zones and privacy.** Pick this option to import your security zone and privacy settings from your computer and use them as the preset for your employee’s settings. **Note** **Note** The customizations you make on this page only apply to Internet Explorer for the desktop on Windows 7.
-
-**To use the User Experience page**
-
-1. Choose how your employee should interact with Setup, including:
-
- - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
-
- - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
-
- - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
- Both the hands-free and completely silent installation options will:
-
- - Answer prompts so Setup can continue.
-
- - Accept the license agreement.
-
- - Determine that Internet Explorer 11 is installed and not just downloaded.
-
- - Perform your specific installation type.
-
- - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
-
-2. Choose if your employee’s device will restart at the end of Setup.
-
- - **Default**. Prompts your employees to restart after installing IE.
-
- - **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
-
- - **Force restart**. Automatically restarts the computer after installing IE.
-
-3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
deleted file mode 100644
index c9bb888bed..0000000000
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Internet Settings (.INS) files with IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
-
-Here's a list of the available .INS file settings:
-
-|Setting |Description |
-|-----------------------------------------|------------------------------------------------------------------------------|
-|[Branding](branding-ins-file-setting.md) |Customize the branding and setup information in your browser package. |
-|[BrowserToolbars](browsertoolbars-ins-file-setting.md) |Customize the appearance of the IE toolbar. |
-|[CabSigning](cabsigning-ins-file-setting.md) |Digital signature information for your programs. |
-|[ConnectionSettings](connectionsettings-ins-file-setting.md) |Info about the networking connection settings used to install your custom package. |
-|[CustomBranding](custombranding-ins-file-setting.md) |URL location to your branding cabinet (.cab) file. |
-|[ExtRegInf](extreginf-ins-file-setting.md) |Names of your Setup information (.inf) files and the installation mode for components. |
-|[FavoritesEx](favoritesex-ins-file-setting.md) |Add a path to your icon file for **Favorites**, decide whether **Favorites** are available offline, and add URLs to each**Favorites** site. |
-|[HideCustom](hidecustom-ins-file-setting.md) |Whether to hide the globally unique identifier (GUID) for each custom component. |
-|[ISP_Security](isp-security-ins-file-setting.md) |The root certificate you’re adding to your custom package. |
-|[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
-|[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
-|[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
-|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
deleted file mode 100644
index b6c2cc7087..0000000000
--- a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: dansimp
-ms.author: dansimp
-ms.manager: elizapo
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: What IEAK can do for you
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# What IEAK can do for you
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-
-- Internal
-
-- External
-
-## IEAK 11 users
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-- Internal
-- External
-
-> [!NOTE]
-> IEAK 11 works in network environments, with or without Microsoft Active Directory service.
-
-
-### Corporations
-IEAK helps corporate administrators establish version control, centrally distribute and manage browser installation, configure automatic connection profiles, and customize large portions of Internet Explorer, including features, security, communications settings, and other important functionality.
-
-Corporate administrators install IEAK using Internal mode (for Internet Explorer 10 or newer) or Corporate mode (for Internet Explorer 9 or older).
-
-### Internet service providers
-IEAK helps ISPs customize, deploy and distribute, add third-party add-ons, search providers, and custom components, as well as include web slices and accelerators all as part of a custom Internet Explorer installation package.
-
-ISPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Service Provider (ISP) mode (for Internet Explorer 9 or older).
-
-### Internet content providers
-IEAK helps ICPs customize the appearance of Internet Explorer and its Setup program, including letting you add your company name or specific wording to the Title bar, set up a customer support webpage, set up the user home page and search providers, add links to the Favorites and the Explorer bars, add optional components, web slices and accelerators, and determine which compatibility mode Internet Explorer should use.
-
-ICPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older)
-
-### Independent software vendors
-IEAK helps ISVs distribute (and redistribute) a custom version of Internet Explorer that can include custom components, programs, and controls (like the web browser control) that you create for your users. ISVs can also determine home pages, search providers, and add websites to the Favorites bar.
-
-ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older).
-
-## Additional resources
-
-- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.yml)
-- [Download IEAK 11](ieak-information-and-downloads.md)
-- [IEAK 11 overview](index.md)
-- [IEAK 11 administrators guide](./index.md)
-- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
deleted file mode 100644
index 03de7ed423..0000000000
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
-
-In most cases, your next steps will be to prepare your files for installation from your network or from another distribution method. If you haven’t already done it, you’ll need to digitally sign any program or .cab files that are going to be distributed over the Internet or over an intranet that isn’t configured to allow downloads.
-
-After that, the steps you’ll use to distribute your customized browser will vary, depending on your version of IEAK (Internal or External) and the media you’re using to distribute the package. For more information, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/images/deploy1.png b/browsers/internet-explorer/images/deploy1.png
deleted file mode 100644
index 1e16c46e03..0000000000
Binary files a/browsers/internet-explorer/images/deploy1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/deploy2.png b/browsers/internet-explorer/images/deploy2.png
deleted file mode 100644
index 44b4aad41c..0000000000
Binary files a/browsers/internet-explorer/images/deploy2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/explore1.png b/browsers/internet-explorer/images/explore1.png
deleted file mode 100644
index 3a956dc394..0000000000
Binary files a/browsers/internet-explorer/images/explore1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/explore2.png b/browsers/internet-explorer/images/explore2.png
deleted file mode 100644
index c07bbd197b..0000000000
Binary files a/browsers/internet-explorer/images/explore2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/explore3.png b/browsers/internet-explorer/images/explore3.png
deleted file mode 100644
index 4ea3adee19..0000000000
Binary files a/browsers/internet-explorer/images/explore3.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-deploy.png b/browsers/internet-explorer/images/ie-deploy.png
deleted file mode 100644
index 622d9e250b..0000000000
Binary files a/browsers/internet-explorer/images/ie-deploy.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-explore.png b/browsers/internet-explorer/images/ie-explore.png
deleted file mode 100644
index 184cfdf381..0000000000
Binary files a/browsers/internet-explorer/images/ie-explore.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-manage.png b/browsers/internet-explorer/images/ie-manage.png
deleted file mode 100644
index 51c9cc4aa9..0000000000
Binary files a/browsers/internet-explorer/images/ie-manage.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-plan.png b/browsers/internet-explorer/images/ie-plan.png
deleted file mode 100644
index 9b158a815f..0000000000
Binary files a/browsers/internet-explorer/images/ie-plan.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/ie-support.png b/browsers/internet-explorer/images/ie-support.png
deleted file mode 100644
index 4152163abc..0000000000
Binary files a/browsers/internet-explorer/images/ie-support.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/informed1.png b/browsers/internet-explorer/images/informed1.png
deleted file mode 100644
index a1f1f0b0fe..0000000000
Binary files a/browsers/internet-explorer/images/informed1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/informed2.png b/browsers/internet-explorer/images/informed2.png
deleted file mode 100644
index 544ad83db6..0000000000
Binary files a/browsers/internet-explorer/images/informed2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage1.png b/browsers/internet-explorer/images/manage1.png
deleted file mode 100644
index df84f05983..0000000000
Binary files a/browsers/internet-explorer/images/manage1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage2.png b/browsers/internet-explorer/images/manage2.png
deleted file mode 100644
index 94d111e32c..0000000000
Binary files a/browsers/internet-explorer/images/manage2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage3.png b/browsers/internet-explorer/images/manage3.png
deleted file mode 100644
index c0043c5a8e..0000000000
Binary files a/browsers/internet-explorer/images/manage3.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/manage4.png b/browsers/internet-explorer/images/manage4.png
deleted file mode 100644
index 20af91d5a5..0000000000
Binary files a/browsers/internet-explorer/images/manage4.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/plan1.png b/browsers/internet-explorer/images/plan1.png
deleted file mode 100644
index 1bf8e4264e..0000000000
Binary files a/browsers/internet-explorer/images/plan1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/plan2.png b/browsers/internet-explorer/images/plan2.png
deleted file mode 100644
index 95103ecc5b..0000000000
Binary files a/browsers/internet-explorer/images/plan2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/support1.png b/browsers/internet-explorer/images/support1.png
deleted file mode 100644
index e771ed999a..0000000000
Binary files a/browsers/internet-explorer/images/support1.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/support2.png b/browsers/internet-explorer/images/support2.png
deleted file mode 100644
index 9841cf1962..0000000000
Binary files a/browsers/internet-explorer/images/support2.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/support3.png b/browsers/internet-explorer/images/support3.png
deleted file mode 100644
index a3a0425c73..0000000000
Binary files a/browsers/internet-explorer/images/support3.png and /dev/null differ
diff --git a/browsers/internet-explorer/images/twitter.png b/browsers/internet-explorer/images/twitter.png
deleted file mode 100644
index 3b30a9a1cc..0000000000
Binary files a/browsers/internet-explorer/images/twitter.png and /dev/null differ
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
deleted file mode 100644
index 2ba0956295..0000000000
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ /dev/null
@@ -1,12 +0,0 @@
----
-author: aczechowski
-ms.author: aaroncz
-ms.date: 02/14/2023
-ms.reviewer: cathask
-manager: aaroncz
-ms.prod: ie11
-ms.topic: include
----
-
-> [!CAUTION]
-> **Update:** The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
deleted file mode 100644
index 7aeb739bc8..0000000000
--- a/browsers/internet-explorer/index.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-ms.mktglfcycl: deploy
-description: The landing page for IE11 that lets you access the documentation.
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-ms.prod: ie11
-title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-
-# Internet Explorer 11 (IE11)
-Find info about Internet Explorer 11 that's important to IT Pros.
-
-- [Internet Explorer 11 - FAQ for IT Pros](ie11-faq/faq-for-it-pros-ie11.yml)
-
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](ie11-deploy-guide/index.md)
-
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](ie11-ieak/index.md)
-
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
deleted file mode 100644
index 17eee2393b..0000000000
--- a/browsers/internet-explorer/internet-explorer.yml
+++ /dev/null
@@ -1,151 +0,0 @@
-### YamlMime:Landing
-
-title: Internet Explorer 11 documentation
-summary: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
-metadata:
- title: Internet Explorer 11 documentation
- description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
- ms.topic: landing-page
- author: aczechowski
- ms.author: aaroncz
- ms.date: 07/29/2022
- ms.prod: ie11
-
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
-
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
- # Card
- - title: Explore
- linkLists:
- - linkListType: get-started
- links:
- - text: IE11 features and tools
- url: ./ie11-deploy-guide/updated-features-and-tools-with-ie11.md
- - text: System requirements and language support
- url: ./ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
- - text: Frequently asked questions
- url: ./ie11-faq/faq-for-it-pros-ie11.yml
- - text: Internet Explorer 11 deployment guide
- url: ./ie11-deploy-guide/index.md
- - text: Use Enterprise Mode to improve compatibility
- url: /microsoft-edge/deploy/emie-to-improve-compatibility
- - text: Lifecycle FAQ - Internet Explorer
- url: /lifecycle/faq/internet-explorer-microsoft-edge
- - linkListType: download
- links:
- - text: Enterprise Mode Site List Manager (schema, v.2)
- url: https://www.microsoft.com/download/details.aspx?id=49974
- - text: Cumulative security updates for Internet Explorer 11
- url: https://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011
-
- # Card
- - title: Plan
- linkLists:
- - linkListType: get-started
- links:
- - text: What is Enterprise Mode?
- url: ./ie11-deploy-guide/what-is-enterprise-mode.md
- - text: Tips and tricks to manage Internet Explorer compatibility
- url: ./ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
- - text: Download the Enterprise Site Discovery Toolkit
- url: https://www.microsoft.com/download/details.aspx?id=44570
- - text: Collect data using Enterprise Site Discovery
- url: ./ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
- - text: Manage Windows upgrades with Upgrade Readiness
- url: /windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness
- - linkListType: how-to-guide
- links:
- - text: Turn on Enterprise Mode and use a site list
- url: ./ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
- - text: Add sites to the Enterprise Mode site list
- url: ./ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
- - text: Edit the Enterprise Mode site list
- url: ./ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
- - text: Turn on local control and logging for Enterprise Mode
- url: ./ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
-
- # Card
- - title: Deploy
- linkLists:
- - linkListType: get-started
- links:
- - text: IEAK 11 user's guide
- url: ./ie11-ieak/index.md
- - text: Download IEAK 11
- url: ./ie11-ieak/ieak-information-and-downloads.md
- - text: Frequently asked questions about IEAK 11
- url: ./ie11-faq/faq-ieak11.yml
- - text: Customization and distribution guidelines
- url: ./ie11-ieak/licensing-version-and-features-ieak11.md#customization-guidelines
- - linkListType: deploy
- links:
- - text: Install Internet Explorer 11 through automatic updates (recommended)
- url: ./ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
- - text: Install Internet Explorer 11 as part of an operating system deployment
- url: ./ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
- - text: Install Internet Explorer 11 over the network
- url: ./ie11-deploy-guide/install-ie11-using-the-network.md
- - text: Install Internet Explorer 11 with System Center 2012 R2 Configuration Manager
- url: ./ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
- - text: Install Internet Explorer 11 with Windows Server Update Services (WSUS)
- url: ./ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
- - text: Install Internet Explorer 11 with Microsoft Intune
- url: ./ie11-deploy-guide/install-ie11-using-microsoft-intune.md
- - text: Install Internet Explorer 11 with third-party tools
- url: ./ie11-deploy-guide/install-ie11-using-third-party-tools.md
-
- # Card
- - title: Manage
- linkLists:
- - linkListType: tutorial
- links:
- - text: Group Policy for beginners
- url: /previous-versions/windows/it-pro/windows-7/hh147307(v=ws.10)
- - text: New Group Policy settings for IE11
- url: ./ie11-deploy-guide/new-group-policy-settings-for-ie11.md
- - text: Administrative templates for IE11
- url: https://www.microsoft.com/download/details.aspx?id=40905
- - text: Group Policy preferences for IE11
- url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
- - text: Configure Group Policy preferences
- url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
- - text: Blocked out-of-date ActiveX controls
- url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
- - text: Out-of-date ActiveX control blocking
- url: ./ie11-deploy-guide/out-of-date-activex-control-blocking.md
- - text: Update to block out-of-date ActiveX controls in Internet Explorer
- url: https://support.microsoft.com/topic/update-to-block-out-of-date-activex-controls-in-internet-explorer-39ced8f8-5d98-3c7b-4792-b62fad4e2277
-
- # Card
- - title: Support
- linkLists:
- - linkListType: get-started
- links:
- - text: Change or reset Internet Explorer settings
- url: https://support.microsoft.com/windows/change-or-reset-internet-explorer-settings-2d4bac50-5762-91c5-a057-a922533f77d5
- - text: Troubleshoot problems with setup, installation, auto configuration, and more
- url: ./ie11-deploy-guide/troubleshoot-ie11.md
- - text: Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
- url: https://support.microsoft.com/topic/option-to-disable-vbscript-execution-in-internet-explorer-for-internet-zone-and-restricted-sites-zone-3a2104c0-5af0-9aae-6c57-8207d3cb3e65
- - text: Frequently asked questions about IEAK 11
- url: ./ie11-faq/faq-ieak11.yml
- - text: Internet Explorer 8, 9, 10, 11 forum
- url: https://social.technet.microsoft.com/forums/ie/home?forum=ieitprocurrentver
- - text: Contact a Microsoft support professional
- url: https://support.microsoft.com/contactus
- - text: General support
- url: https://support.microsoft.com/windows/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2
-
- # Card
- - title: Stay informed
- linkLists:
- - linkListType: get-started
- links:
- - text: Sign up for the Windows IT Pro Insider
- url: https://aka.ms/windows-it-pro-insider
- - text: Microsoft Edge Dev blog
- url: https://blogs.windows.com/msedgedev
- - text: Microsoft Edge Dev on Twitter
- url: https://twitter.com/MSEdgeDev
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
deleted file mode 100644
index 996e07597a..0000000000
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ /dev/null
@@ -1,241 +0,0 @@
-### YamlMime:FAQ
-metadata:
- title: IE and Microsoft Edge FAQ for IT Pros
- description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
- manager: msmets
- author: ramakoni1
- ms.author: ramakoni
- ms.reviewer: ramakoni, DEV_Triage
- ms.prod: internet-explorer
- ms.technology:
- ms.topic: faq
- ms.localizationpriority: medium
- ms.date: 01/23/2020
-title: Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
-summary: |
-
-sections:
- - name: Cookie-related questions
- questions:
- - question: |
- What is a cookie?
- answer: |
- An HTTP cookie (the web cookie or browser cookie) is a small piece of data that a server sends to the user's web browser. The web browser may store the cookie and return it to the server together with the next request. For example, a cookie might be used to indicate whether two requests come from the same browser in order to allow the user to remain logged-in. The cookie records stateful information for the stateless HTTP protocol.
-
- - question: |
- How does Internet Explorer handle cookies?
- answer: |
- For more information about how Internet Explorer handles cookies, see the following articles:
-
- - [Beware Cookie Sharing in Cross-Zone Scenarios](/archive/blogs/ieinternals/beware-cookie-sharing-in-cross-zone-scenarios)
- - [A Quick Look at P3P](/archive/blogs/ieinternals/a-quick-look-at-p3p)
- - [Internet Explorer Cookie Internals FAQ](/archive/blogs/ieinternals/internet-explorer-cookie-internals-faq)
- - [Privacy Beyond Blocking Cookies](/archive/blogs/ie/privacy-beyond-blocking-cookies-bringing-awareness-to-third-party-content)
- - [Description of Cookies](https://support.microsoft.com/help/260971/description-of-cookies)
-
- - question: |
- Where does Internet Explorer store cookies?
- answer: |
- To see where Internet Explorer stores its cookies, follow these steps:
-
- 1. Start File Explorer.
- 2. Select **Views** \> **Change folder and search options**.
- 3. In the **Folder Options** dialog box, select **View**.
- 4. In **Advanced settings**, select **Do not show hidden files, folders, or drivers**.
- 5. Clear **Hide protected operation system files (Recommended)**.
- 6. Select **Apply**.
- 7. Select **OK**.
-
- The following are the folder locations where the cookies are stored:
-
- **In Windows 10**
- C:\Users\username\AppData\Local\Microsoft\Windows\INetCache
-
- **In Windows 8 and Windows 8.1**
- C:\Users\username\AppData\Local\Microsoft\Windows\INetCookies
-
- **In Windows 7**
- C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies
- C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies\Low
-
- - question: |
- What is the per-domain cookie limit?
- answer: |
- Since the June 2018 cumulative updates for Internet Explorer and Microsoft Edge, the per-domain cookie limit is increased from 50 to 180 for both browsers. The cookies vary by path. So, if the same cookie is set for the same domain but for different paths, it's essentially a new cookie.
-
- There's still a 5 Kilobytes (KB) limit on the size of the cookie header that is sent out. This limit can cause some cookies to be lost after they exceed that value.
-
- The JavaScript limitation was updated to 10 KB from 4 KB.
-
- For more information, see [Internet Explorer Cookie Internals (FAQ)](/archive/blogs/ieinternals/internet-explorer-cookie-internals-faq).
-
- - name: Additional information about cookie limits
- questions:
- - question: |
- What does the Cookie RFC allow?
- answer: |
- RFC 2109 defines how cookies should be implemented, and it defines minimum values that browsers support. According to the RFC, browsers would ideally have no limits on the size and number of cookies that a browser can handle. To meet the specifications, the user agent should support the following:
-
- - At least 300 cookies total
- - At least 20 cookies per unique host or domain name
-
- For practicality, individual browser makers set a limit on the total number of cookies that any one domain or unique host can set. They also limit the total number of cookies that can be stored on a computer.
-
- - question: |
- Cookie size limit per domain
- answer: |
- Some browsers also limit the amount of space that any one domain can use for cookies. This means that if your browser sets a limit of 4,096 bytes per domain for cookies, 4,096 bytes is the maximum available space in that domain even though you can set up to 180 cookies.
-
- - name: Proxy Auto Configuration (PAC)-related questions
- questions:
- - question: |
- Is an example Proxy Auto Configuration (PAC) file available?
- answer: |
- Here's a simple PAC file:
-
- ```vb
- function FindProxyForURL(url, host)
- {
- return "PROXY proxyserver:portnumber";
- }
- ```
-
- > [!NOTE]
- > The previous PAC always returns the `proxyserver:portnumber` proxy.
-
- For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
-
- **Third-party information disclaimer**
- The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
-
- - question: |
- How to improve performance by using PAC scripts
- answer: |
- For more information, see [Optimizing performance with automatic Proxy configuration scripts (PAC)](/troubleshoot/developer/browsers/connectivity-navigation/optimize-pac-performance).
-
- - name: Other questions
- questions:
- - question: |
- How to set home and start pages in Microsoft Edge and allow user editing
- answer: |
- For more information, see the following blog article:
-
- [How do I set the home page in Microsoft Edge?](https://support.microsoft.com/microsoft-edge/change-your-browser-home-page-a531e1b8-ed54-d057-0262-cc5983a065c6)
-
- - question: |
- How to add sites to the Enterprise Mode (EMIE) site list
- answer: |
- For more information about how to add sites to an EMIE list, see [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](../ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md).
-
- - question: |
- What is Content Security Policy (CSP)?
- answer: |
- By using [Content Security Policy](/microsoft-edge/dev-guide/security/content-security-policy), you create an allowlist of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
-
- Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
-
- CSP2 makes these scenarios easier to manage by adding support for nonces and hashes for script and style resources. A nonce is a cryptographically strong random value that is generated on each page load that appears in both the CSP policy and in the script tags on the page. Using nonces can help minimize the need to maintain a list of allowed source URL values while also allowing trusted scripts that are declared in script elements to run.
-
- For more information, see the following articles:
-
- - [Introducing support for Content Security Policy Level 2](https://blogs.windows.com/msedgedev/2017/01/10/edge-csp-2/)
- - [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
-
- - question: |
- Where to find Internet Explorer security zones registry entries
- answer: |
- Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries).
-
- This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
-
- The default Zone Keys are stored in the following locations:
-
- - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
- - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
-
- - question: |
- Why don't HTML5 videos play in Internet Explorer 11?
- answer: |
- To play HTML5 videos in the Internet Zone, use the default settings or make sure that the registry key value of **2701** under **Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3** is set to **0**.
-
- - 0 (the default value): Allow
- - 3: Disallow
-
- This key is read by the **URLACTION\_ALLOW\_AUDIO\_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone.
-
- For more information, see [Unable to play HTML5 Videos in IE](/archive/blogs/askie/unable-to-play-html5-videos-in-ie).
-
- For Windows 10 N and Windows KN editions, you must also download the feature pack that is discussed in [Media feature pack for Windows 10 N and Windows 10 KN editions](https://support.microsoft.com/help/3010081/media-feature-pack-for-windows-10-n-and-windows-10-kn-editions).
-
- For more information about how to check Windows versions, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-version-am-i-running)
-
- - question: |
- What is the Enterprise Mode Site List Portal?
- answer: |
- This is a new feature to add sites to your enterprise mode site list XML. For more information, see [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
-
- - question: |
- What is Enterprise Mode Feature?
- answer: |
- For more information, see [Enterprise Mode and the Enterprise Mode Site List](../ie11-deploy-guide/what-is-enterprise-mode.md).
-
- - question: |
- Where can I obtain a list of HTTP Status codes?
- answer: |
- For information about this list, see [HTTP Status Codes](/windows/win32/winhttp/http-status-codes).
-
- - question: |
- What is end of support for Internet Explorer 11?
- answer: |
- Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it's installed.
-
- For more information, see [Lifecycle FAQ - Internet Explorer and Microsoft Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
-
- - question: |
- How to configure TLS (SSL) for Internet Explorer
- answer: |
- For more information about how to configure TLS/SSL for Internet Explorer, see [Group Policy Setting to configure TLS/SSL](https://gpsearch.azurewebsites.net/#380).
-
- - question: |
- What is Site to Zone?
- answer: |
- Site to Zone usually refers to one of the following:
-
- **Site to Zone Assignment List**
- This is a Group Policy policy setting that can be used to add sites to the various security zones.
-
- The Site to Zone Assignment List policy setting associates sites to zones by using the following values for the Internet security zones:
-
- - Intranet zone
- - Trusted Sites zone
- - Internet zone
- - Restricted Sites zone
-
- If you set this policy setting to **Enabled**, you can enter a list of sites and their related zone numbers. By associating a site to a zone, you can make sure that the security settings for the specified zone are applied to the site.
-
- **Site to Zone Mapping**
- Site to Zone Mapping is stored as the name of the key. The protocol is a registry value that has a number that assigns it to the corresponding zone. Internet Explorer will read from the following registry subkeys for the sites that are deployed through the Site to Zone assignment list:
-
- - HKEY\_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
- - HKEY\_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
-
- **Site to Zone Assignment List policy**
- This policy setting is available for both Computer Configuration and User Configuration:
-
- - Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
- - User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
-
- **References**
- [How to configure Internet Explorer security zone sites using group policies](/archive/blogs/askie/how-to-configure-internet-explorer-security-zone-sites-using-group-polices)
-
- - question: |
- What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
- answer: |
- For more information about these settings and limits, see [Connectivity Enhancements in Windows Internet Explorer 8](/previous-versions/cc304129(v=vs.85)).
-
- - question: |
- What is the MaxConnectionsPerProxy setting, and what are the maximum allowed values for this setting?
- answer: |
- The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server.
-
- For more information, see [Understanding Connection Limits and New Proxy Connection Limits in WinInet and Internet Explorer](/archive/blogs/jpsanders/understanding-connection-limits-and-new-proxy-connection-limits-in-wininet-and-internet-explorer).
diff --git a/education/breadcrumb/toc.yml b/education/breadcrumb/toc.yml
index 211570e4b0..3ccb28392f 100644
--- a/education/breadcrumb/toc.yml
+++ b/education/breadcrumb/toc.yml
@@ -1,3 +1,4 @@
+items:
- name: Windows
tocHref: /windows/
topicHref: /windows/index
diff --git a/education/docfx.json b/education/docfx.json
index 8b2f9b3edf..f066cfa6c2 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -34,17 +34,16 @@
"education",
"tier2"
],
- "ms.prod": "windows-client",
- "ms.technology": "itpro-edu",
+ "ms.subservice": "itpro-edu",
+ "ms.service": "windows-client",
"author": "paolomatarazzo",
"ms.author": "paoloma",
"manager": "aaroncz",
"ms.localizationpriority": "medium",
"breadcrumb_path": "/education/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-Windows",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
+ "feedback_system": "Standard",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.education",
@@ -52,10 +51,10 @@
}
},
"titleSuffix": "Windows Education",
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
"claydetels19",
"Kellylorenebaker",
"jborsecnik",
@@ -66,7 +65,8 @@
"garycentric",
"v-stsavell",
"beccarobins",
- "Stacyrch140"
+ "Stacyrch140",
+ "American-Dipper"
]
},
"fileMetadata": {
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index bae8eba426..e367821ba4 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,20 +2,27 @@
-## Week of September 11, 2023
+## Week of January 29, 2024
| Published On |Topic title | Change |
|------|------------|--------|
-| 9/11/2023 | [Configure education themes for Windows 11](/education/windows/edu-themes) | modified |
-| 9/11/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
+| 1/30/2024 | [Microsoft 365 Education Documentation](/education/index) | modified |
-## Week of September 04, 2023
+## Week of January 15, 2024
| Published On |Topic title | Change |
|------|------------|--------|
-| 9/5/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
-| 9/5/2023 | [Windows for Education documentation](/education/windows/index) | modified |
-| 9/5/2023 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
+| 1/16/2024 | Deployment recommendations for school IT administrators | removed |
+| 1/16/2024 | Microsoft Entra join with Set up School PCs app | removed |
+| 1/16/2024 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
+| 1/16/2024 | Set up student PCs to join domain | removed |
+| 1/16/2024 | Provision student PCs with apps | removed |
+| 1/16/2024 | Set up Windows devices for education | removed |
+| 1/16/2024 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | modified |
+| 1/16/2024 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | modified |
+| 1/16/2024 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | modified |
+| 1/16/2024 | [Set up Microsoft Entra ID](/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id) | modified |
+| 1/16/2024 | Windows 10 editions for education customers | removed |
diff --git a/education/index.yml b/education/index.yml
index a41a668122..adc8d30041 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -8,13 +8,13 @@ metadata:
title: Microsoft 365 Education Documentation
description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
ms.topic: hub-page
- ms.date: 08/10/2022
+ ms.date: 11/06/2023
productDirectory:
title: For IT admins
summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
items:
- # Card
+ # Card
- title: Phase 1 - Cloud deployment
imageSrc: ./images/EDU-Deploy.svg
summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your Active Directory and SIS, and license users.
@@ -24,12 +24,12 @@ productDirectory:
imageSrc: ./images/EDU-Device-Mgmt.svg
summary: Get started with Windows for Education, set up and enroll devices in Intune.
url: /microsoft-365/education/deploy/set-up-windows-10-education-devices
- # Card
+ # Card
- title: Phase 3 - Apps management
imageSrc: ./images/EDU-Apps-Mgmt.svg
summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft.
url: /microsoft-365/education/deploy/configure-admin-settings
- # Card
+ # Card
- title: Phase 4 - Complete your deployment
# imageSrc should be square in ratio with no whitespace
imageSrc: ./images/EDU-Tasks.svg
@@ -51,7 +51,7 @@ productDirectory:
text: Microsoft Purview compliance
- url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
text: Deploying Lockbox
- # Card
+ # Card
- title: Analytics & insights
imageSrc: ./images/EDU-Education.svg
links:
@@ -59,7 +59,7 @@ productDirectory:
text: Power BI for IT admins
- url: /dynamics365/
text: Dynamics 365
- # Card
+ # Card
- title: Find deployment help and other support resources
imageSrc: ./images/EDU-Teachers.svg
links:
@@ -69,14 +69,6 @@ productDirectory:
text: Education help center
- url: /training/educator-center/
text: Teacher training packs
- # Card
- - title: Check out our education journey
- imageSrc: ./images/EDU-ITJourney.svg
- links:
- - url: https://edujourney.microsoft.com/k-12/
- text: K-12
- - url: https://edujourney.microsoft.com/hed/
- text: Higher education
additionalContent:
sections:
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
deleted file mode 100644
index 0c9591c71b..0000000000
--- a/education/windows/autopilot-reset.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-title: Reset devices with Autopilot Reset
-description: Learn about Autopilot Reset and how to enable and use it.
-ms.date: 08/10/2022
-ms.topic: how-to
-appliesto:
- - ✅ Windows 10
-ms.collection:
- - highpri
- - tier2
- - education
----
-
-# Reset devices with Autopilot Reset
-
-IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Microsoft Entra ID and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
-
-To enable Autopilot Reset you must:
-
-1. [Enable the policy for the feature](#enable-autopilot-reset)
-2. [Trigger a reset for each device](#trigger-autopilot-reset)
-
-## Enable Autopilot Reset
-
-To use Autopilot Reset, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre).
-
-**DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It's a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This setting ensures that Autopilot Reset isn't triggered by accident.
-
-You can set the policy using one of these methods:
-
-- MDM provider
-
- Check your MDM provider documentation on how to set this policy. If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
-
- For example, in Intune, create a new configuration policy and add an OMA-URI.
- - OMA-URI: ./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials
- - Data type: Integer
- - Value: 0
-
-- Windows Configuration Designer
-
- You can [use Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting and create a provisioning package.
-
-- Set up School PCs app
-
- Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Make sure you're running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways:
-
- - Reach out to your device manufacturer.
-
- - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If you're using another MDM provider, check the documentation for the MDM provider to confirm the OS version.
-
- - Log into the PCs, go to the **Settings > System > About** page, look in the **Windows specifications** section and confirm **Version** is set to 1709.
-
- To use the Autopilot Reset setting in the Set up School PCs app:
-
- - When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
-
- 
-
-## Trigger Autopilot Reset
-Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use.
-
-**To trigger Autopilot Reset**
-
-1. From the Windows device lock screen, enter the keystroke: **CTRL + Windows key + R**.
-
- 
-
- This keystroke will open up a custom sign-in screen for Autopilot Reset. The screen serves two purposes:
-
- 1. Confirm/verify that the end user has the right to trigger Autopilot Reset
-
- 2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
-
- 
-
-2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
-
- > [!IMPORTANT]
- > To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection.
-
- Once Autopilot Reset is triggered, the reset process starts.
-
- After reset, the device:
-
- - Sets the region, language, and keyboard.
-
- - Connects to Wi-Fi.
-
- - If you provided a provisioning package when Autopilot Reset is triggered, the system will apply this new provisioning package. Otherwise, the system will reapply the original provisioning package on the device.
-
- - Is returned to a known good managed state, connected to Microsoft Entra ID and MDM.
-
- 
-
- Once provisioning is complete, the device is again ready for use.
-
-
-
-## Troubleshoot Autopilot Reset
-
-Autopilot Reset will fail when the [Windows Recovery Environment (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) isn't enabled on the device. You'll see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`.
-
-To make sure WinRE is enabled, use the [REAgentC.exe tool](/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
-
-```console
-reagentc /enable
-```
-
-If Autopilot Reset fails after enabling WinRE, or if you're unable to enable WinRE, kindly contact [Microsoft Support](https://support.microsoft.com) for assistance.
-
-## Related articles
-
-[Set up Windows devices for education](set-up-windows-10.md)
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
deleted file mode 100644
index 1453e64ad3..0000000000
--- a/education/windows/chromebook-migration-guide.md
+++ /dev/null
@@ -1,595 +0,0 @@
----
-title: Chromebook migration guide
-description: Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
-ms.topic: how-to
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Chromebook migration guide
-
-In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You'll learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You'll then learn the best method to perform the migration by using automated deployment and migration tools.
-
-## Plan Chromebook migration
-
-
-Before you begin to migrate Chromebook devices, plan your migration. As with most projects, there can be an urge to immediately start doing before planning. When you plan your Chromebook migration before you perform the migration, you can save countless hours of frustration and mistakes during the migration process.
-
-In the planning portion of this guide, you'll identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you'll have a list of information you need to collect and what you need to do with the information. You'll be ready to perform your Chromebook migration.
-
-## Plan for app migration or replacement
-
-
-App migration or replacement is an essential part of your Chromebook migration. In this section, you'll plan how you'll migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you'll have a list of the active Chrome OS apps and the Windows app counterparts.
-
-**Identify the apps currently in use on Chromebook devices**
-
-Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You'll create a list of apps that are currently in use (also called an app portfolio).
-
-> [!NOTE]
-> The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
-
-
-
-You can divide the apps into the following categories:
-
-- **Apps installed and managed by the institution.** These apps are typically managed in the Apps section in the Google Admin Console. You can record the list of these apps in your app portfolio.
-
-- **Apps installed by faculty or students.** Faculty or students might have installed these apps as a part of a classroom curriculum. Obtain the list of these apps from faculty or students. Ensure you only record apps that are legitimately used as a part of classroom curriculum (and not for personal entertainment or use).
-
-Record the following information about each app in your app portfolio:
-
-- App name
-
-- App type (such as offline app, online app, web app, and so on)
-
-- App publisher or developer
-
-- App version currently in use
-
-- App priority (how necessary is the app to the day-to-day process of the institution or a classroom? Rank as high, medium, or low)
-
-Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you've determined what you'll do with the higher priority apps.
-
-###
-
-**Select Google Apps replacements**
-
-Table 1 lists the Windows device app replacements for the common Google Apps on Chromebook devices. If your users rely on any of these Google Apps, use the corresponding app on the Windows device. Use the information in Table 1 to select the Google App replacement on a Windows device.
-
-Table 1. Google App replacements
-
-| If you use this Google app on a Chromebook | Use this app on a Windows device |
-|--------------------------------------------|--------------------------------------|
-| Google Docs | Word 2016 or Word for the web |
-| Google Sheets | Excel 2016 or Excel for the web |
-| Google Slides | PowerPoint 2016 or PowerPoint for the web |
-| Google Apps Gmail | Outlook 2016 or Outlook Web App |
-| Google Hangouts | Microsoft Skype for Business |
-| Chrome | Microsoft Edge |
-| Google Drive | Microsoft OneDrive for Business |
-
-
-
-It may be that you'll decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
-
-**Find the same or similar apps in the Microsoft Store**
-
-In many instances, software vendors will create a version of their app for multiple platforms. You can search the Microsoft Store to find the same or similar apps to any apps not identified in the [Select Google Apps replacements](#select-googleapps) section.
-
-In other instances, the offline app doesn't have a version written for the Microsoft Store or isn't a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher doesn't have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS.
-
-Record the Windows app that replaces the Chromebook app in your app portfolio.
-
-###
-
-**Perform app compatibility testing for web apps**
-
-Most of the Chromebook apps are web apps. Because you can't run native offline Chromebook apps on a Windows device, there's no reason to perform app compatibility testing for offline Chromebook apps. However, you may have many web apps that will run on both platforms.
-
-Ensure that you test these web apps in Microsoft Edge. Record the level of compatibility for each web app in Microsoft Edge in your app portfolio.
-
-## Plan for migration of user and device settings
-
-
-Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You've also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console.
-
-However, in addition to your centralized configuration in the Google Admin Console, Chromebook users have probably customized their device. In some instances, users may have changed the web content that is displayed when the Chrome browser starts. Or they may have bookmarked websites for future reference. Or users may have installed apps for use in the classroom.
-
-In this section, you'll identify the user and device configuration settings for your Chromebook users and devices. Then you'll prioritize these settings to focus on the configuration settings that are essential to your educational institution.
-
-At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, and a level of priority for each setting. You may discover at the end of this section that you've few or no higher priority settings to be migrated. If so, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide.
-
-**Identify Google Admin Console settings to migrate**
-
-You use the Google Admin Console (as shown in Figure 1) to manage user and device settings. These settings are applied to all the Chromebook devices in your institution that are enrolled in the Google Admin Console. Review the user and device settings in the Google Admin Console and determine which settings are appropriate for your Windows devices.
-
-
-
-Figure 1. Google Admin Console
-
-Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you'll migrate to Windows.
-
-Table 2. Settings in the Device Management node in the Google Admin Console
-
-|Section |Settings |
-|---------|---------|
-|Network | These settings configure the network connections for Chromebook devices and include the following settings categories: Windows 8.1 deployment planning Windows 8.1 deployment to PCs BYOD Deploying Windows RT 8.1 Virtual Desktop Infrastructure Microsoft Store apps Windows To Go The root node.
+The root node.
- Supported operation is Get.
+Supported operation is Get.
**ApprovedUpdates**
- Node for update approvals and EULA acceptance on behalf of the end-user.
+Node for update approvals and EULA acceptance on behalf of the end-user.
> [!NOTE]
> When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
- The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.
+The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.
- The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
+The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
> [!NOTE]
> For the Windows 10 build, the client may need to reboot after additional updates are added.
- Supported operations are Get and Add.
+Supported operations are Get and Add.
**ApprovedUpdates/_Approved Update Guid_**
- Specifies the update GUID.
+Specifies the update GUID.
- To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These GUIDs are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
+To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These GUIDs are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
- Supported operations are Get and Add.
+Supported operations are Get and Add.
- Sample syncml:
+Sample syncml:
```
Specifies the time the update gets approved.
+Specifies the time the update gets approved.
- Supported operations are Get and Add.
+Supported operations are Get and Add.
**FailedUpdates**
- Specifies the approved updates that failed to install on a device.
+Specifies the approved updates that failed to install on a device.
- Supported operation is Get.
+Supported operation is Get.
**FailedUpdates/_Failed Update Guid_**
- Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.
+Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.
- Supported operation is Get.
+Supported operation is Get.
**FailedUpdates/*Failed Update Guid*/HResult**
- The update failure error code.
+The update failure error code.
- Supported operation is Get.
+Supported operation is Get.
-**FailedUpdates/*Failed Update Guid*/Status**
- Specifies the failed update status (for example, download, install).
+**FailedUpdates/*Failed Update Guid*/State**
+Specifies the failed update state.
- Supported operation is Get.
+| Update Status | Integer Value |
+| -------------------------- | ------------- |
+| UpdateStatusNewUpdate | 1 |
+| UpdateStatusReadyToDownload| 2 |
+| UpdateStatusDownloading | 4 |
+| UpdateStatusDownloadBlocked| 8 |
+| UpdateStatusDownloadFailed | 16 |
+| UpdateStatusReadyToInstall | 32 |
+| UpdateStatusInstalling | 64 |
+| UpdateStatusInstallBlocked | 128 |
+| UpdateStatusInstallFailed | 256 |
+| UpdateStatusRebootRequired | 512 |
+| UpdateStatusUpdateCompleted| 1024 |
+| UpdateStatusCommitFailed | 2048 |
+| UpdateStatusPostReboot | 4096 |
+
+Supported operation is Get.
**FailedUpdates/*Failed Update Guid*/RevisionNumber**
- Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
- Supported operation is Get.
+Supported operation is Get.
**InstalledUpdates**
- The updates that are installed on the device.
+The updates that are installed on the device.
- Supported operation is Get.
+Supported operation is Get.
**InstalledUpdates/_Installed Update Guid_**
- UpdateIDs that represent the updates installed on a device.
+UpdateIDs that represent the updates installed on a device.
- Supported operation is Get.
+Supported operation is Get.
**InstalledUpdates/*Installed Update Guid*/RevisionNumber**
- Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
- Supported operation is Get.
+Supported operation is Get.
**InstallableUpdates**
- The updates that are applicable and not yet installed on the device. These updates include updates that aren't yet approved.
+The updates that are applicable and not yet installed on the device. These updates include updates that aren't yet approved.
- Supported operation is Get.
+Supported operation is Get.
**InstallableUpdates/_Installable Update Guid_**
- Update identifiers that represent the updates applicable and not installed on a device.
+Update identifiers that represent the updates applicable and not installed on a device.
- Supported operation is Get.
+Supported operation is Get.
**InstallableUpdates/*Installable Update Guid*/Type**
- The UpdateClassification value of the update. Valid values are:
+The UpdateClassification value of the update. Valid values are:
- 0 - None
- 1 - Security
- 2 - Critical
- Supported operation is Get.
+Supported operation is Get.
**InstallableUpdates/*Installable Update Guid*/RevisionNumber**
- The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+The revision number for the update that must be passed in server to server sync to get the metadata for the update.
- Supported operation is Get.
+Supported operation is Get.
**PendingRebootUpdates**
- The updates that require a reboot to complete the update session.
+The updates that require a reboot to complete the update session.
- Supported operation is Get.
+Supported operation is Get.
**PendingRebootUpdates/_Pending Reboot Update Guid_**
- Update identifiers for the pending reboot state.
+Update identifiers for the pending reboot state.
- Supported operation is Get.
+Supported operation is Get.
**PendingRebootUpdates/*Pending Reboot Update Guid*/InstalledTime**
- The time the update is installed.
+The time the update is installed.
- Supported operation is Get.
+Supported operation is Get.
**PendingRebootUpdates/*Pending Reboot Update Guid*/RevisionNumber**
- Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
- Supported operation is Get.
+Supported operation is Get.
**LastSuccessfulScanTime**
- The last successful scan time.
+The last successful scan time.
- Supported operation is Get.
+Supported operation is Get.
**DeferUpgrade**
- Upgrades deferred until the next period.
+Upgrades deferred until the next period.
- Supported operation is Get.
+Supported operation is Get.
**Rollback**
Added in Windows 10, version 1803. Node for the rollback operations.
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index a1ba78b157..186bfc4f22 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,13 +1,6 @@
---
title: Update DDF file
description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 02/23/2018
---
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 4f43fb1e32..da946f07ea 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,13 +1,6 @@
---
title: VPN CSP
description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 04/02/2017
---
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index f3df5126a9..81e88ca2b9 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,13 +1,6 @@
---
title: VPN DDF file
description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 3e5e3a5468..58d6463c97 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1,14 +1,7 @@
---
title: VPNv2 CSP
description: Learn more about the VPNv2 CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 2bb3347699..badf9f29e6 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -1,14 +1,7 @@
---
title: VPNv2 DDF file
description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the V
+1. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
Optionally, you can select **Browse** to change the default output location.
-8. Select **Next**.
+1. Select **Next**.
-9. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
+1. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+1. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
-
- - If you are done, select **Finish** to close the wizard and go back to the **Customizations Page**.
+ - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
-11. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
- - Shared network folder
+ - If you are done, select **Finish** to close the wizard and go back to the **Customizations Page**.
- - SharePoint site
+1. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
- - Removable media (USB/SD)
+ - Shared network folder
- - Email
+ - SharePoint site
+
+ - Removable media (USB/SD)
+
+ - Email
**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 400e2a7863..d4e5be28f7 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,25 +1,12 @@
---
-title: Apply a provisioning package (Windows 10/11)
+title: Apply a provisioning package
description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Apply a provisioning package
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime").
> [!NOTE]
@@ -36,50 +23,50 @@ To apply a provisioning package from a USB drive during initial setup:
1. Start with a device on the initial setup screen. If the device has gone past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
- :::image type="content" source="../images/oobe.png" alt-text="The first screen when setting up a new PC.":::
+ :::image type="content" source="images/oobe.png" alt-text="The first screen when setting up a new PC.":::
-2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
+1. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
- - If there is only one provisioning package on the USB drive, the provisioning package is applied. See step 5.
- - If there is more than one provisioning package on the USB drive, Windows setup will recognize the drive and ask how you want to provision the device. Select **Install provisioning package** and select **Next**.
+ - If there's only one provisioning package on the USB drive, the provisioning package is applied. See step 5.
+ - If there's more than one provisioning package on the USB drive, Windows setup recognizes the drive and ask how you want to provision the device. Select **Install provisioning package** and select **Next**.
- :::image type="content" source="../images/provisioning-oobe-choice.png" alt-text="What would you like to do?":::
+ :::image type="content" source="images/provisioning-oobe-choice.png" alt-text="What would you like to do?":::
-3. Select the provisioning package (`.ppkg`) that you want to apply, and select **Yes**.
+1. Select the provisioning package (`.ppkg`) that you want to apply, and select **Yes**.
- :::image type="content" source="../images/provisioning-oobe-choose-package.png" alt-text="Choose a package.":::
+ :::image type="content" source="images/provisioning-oobe-choose-package.png" alt-text="Choose a package.":::
-4. The selected provisioning package will install and apply to the device.
+1. The selected provisioning package will install and apply to the device.
- :::image type="content" source="../images/provisioning-oobe-installing.png" alt-text="Setting up your PC.":::
+ :::image type="content" source="images/provisioning-oobe-installing.png" alt-text="Setting up your PC.":::
-5. Wait for the device to load and begin applying the provisioning package. Once you see "You can remove your removable media now!" you can remove your USB drive. Windows will continue provisioning the device.
+1. Wait for the device to load and begin applying the provisioning package. Once you see "You can remove your removable media now!" you can remove your USB drive. Windows will continue provisioning the device.
## After initial setup
-Provisioning packages can be applied after initial setup through Windows settings or by simply double-clicking a provisioning package.
+Provisioning packages can be applied after initial setup through Windows settings or by double-clicking a provisioning package.
### Windows Settings
1. Insert the USB drive, then navigate to **Settings** > **Accounts** > [**Access work or school**](ms-settings:workplace) > **Add or remove a provisioning package** > **Add a package**.
- :::image type="content" source="../images/provisioning-runtime-manage-packages.png" alt-text="Add or remove a provisioning package.":::
+ :::image type="content" source="images/provisioning-runtime-manage-packages.png" alt-text="Add or remove a provisioning package.":::
-2. Choose the method you want to use, such as **Removable Media**.
+1. Choose the method you want to use, such as **Removable Media**.
- :::image type="content" source="../images/provisioning-runtime-choose-package.png" alt-text="Choose a method.":::
+ :::image type="content" source="images/provisioning-runtime-choose-package.png" alt-text="Choose a method.":::
-3. Select the provisioning package (`.ppkg`) that you want to apply, and select **Add**.
+1. Select the provisioning package (`.ppkg`) that you want to apply, and select **Add**.
- :::image type="content" source="../images/provisioning-runtime-add-package.png" alt-text="Select and add a package.":::
+ :::image type="content" source="images/provisioning-runtime-add-package.png" alt-text="Select and add a package.":::
-4. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you are installing before accepting the UAC prompt. Select **Yes**.
+1. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you're installing before accepting the UAC prompt. Select **Yes**.
- :::image type="content" source="../images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
+ :::image type="content" source="images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
-5. The provisioning runtime will ask if the package is from a source you trust. Verify that you are applying the correct package and that it is trusted. Select **Yes, add it**.
+1. The provisioning runtime asks if the package is from a source you trust. Verify that you're applying the correct package and that it's trusted. Select **Yes, add it**.
- :::image type="content" source="../images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
+ :::image type="content" source="images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
### Apply Directly
@@ -87,15 +74,15 @@ To apply a provisioning package directly, such as from a USB drive, folder, netw
1. Navigate to the provisioning package and double-click it to begin the installation.
- :::image type="content" source="../images/provisioning-runtime-click-to-install.png" alt-text="Double-click package to being installation.":::
+ :::image type="content" source="images/provisioning-runtime-click-to-install.png" alt-text="Double-click package to being installation.":::
-2. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you are installing before accepting the UAC prompt. Select **Yes**.
+1. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you're installing before accepting the UAC prompt. Select **Yes**.
- :::image type="content" source="../images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
+ :::image type="content" source="images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
-3. The provisioning runtime will ask if the package is from a source you trust. Verify that you are applying the correct package and that it is trusted. Select **Yes, add it**.
+1. The provisioning runtime asks if the package is from a source you trust. Verify that you're applying the correct package and that it's trusted. Select **Yes, add it**.
- :::image type="content" source="../images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
+ :::image type="content" source="images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 05e6a1da83..9ebacde2fb 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,37 +1,25 @@
---
-title: Windows Configuration Designer command-line interface (Windows 10/11)
+title: Windows Configuration Designer command-line interface
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Windows Configuration Designer command-line interface (reference)
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages.
+You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages.
- IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
-- You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
+- You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
## Syntax
``` cmd
-icd.exe /Build-ProvisioningPackage /CustomizationXML: [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)|
-|Ralink|Wireless-G PCI Adapter|pci\ven_1814&dev_0301&subsys_00551737&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)|
-|Ralink|Turbo Wireless LAN Card|pci\ven_1814&dev_0301&subsys_25611814&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)|
-|Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)|
-|Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099) [64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)|
-
-IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that isn't supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
-
-### Application installation and domain join
-
-Unless you're using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications
-
-### Management of Windows To Go using Group Policy
-
-In general, management of Windows To Go workspaces is same as that for desktop and laptop computers. There are Windows To Go specific Group Policy settings that should be considered as part of Windows To Go deployment. Windows To Go Group Policy settings are located at `\\Computer Configuration\Administrative Templates\Windows Components\Portable Operating System\` in the Local Group Policy Editor.
-
-The use of the Store on Windows To Go workspaces that are running Windows 8 can also be controlled by Group Policy. This policy setting is located at `\\Computer Configuration\Administrative Templates\Windows Components\Store\` in the Local Group Policy Editor. The policy settings have specific implications for Windows To Go that you should be aware of when planning your deployment:
-
-**Settings for workspaces**
-
-- **Allow hibernate (S4) when started from a Windows To Go workspace**
-
- This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it's important that the hardware attached to the system, and the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace isn't being used to roam between host PCs.
-
- > [!IMPORTANT]
- > For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port.
-
-- **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace**
-
- This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it's shut down. It could be easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace can't use the standby states to cause the PC to enter sleep mode. If you disable or don't configure this policy setting, the Windows To Go workspace can place the PC in sleep mode.
-
-**Settings for host PCs**
-
-- **Windows To Go Default Startup Options**
-
- This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users won't be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog.
-
- > [!IMPORTANT]
- > Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started.
-
-## Supporting booting from USB
-
-The biggest hurdle for a user wanting to use Windows To Go is configuring their computer to boot from USB. This is traditionally done by entering the firmware and configuring the appropriate boot order options. To ease the process of making the firmware modifications required for Windows To Go, Windows includes a feature named **Windows To Go Startup Options** that allows a user to configure their computer to boot from USB from within Windows—without ever entering their firmware, as long as their firmware supports booting from USB.
-
-> [!NOTE]
-> Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options.
-
-If you're going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
-
-### Roaming between different firmware types
-
-Windows supports two types of PC firmware: Unified Extensible Firmware Interface (UEFI), which is the new standard, and legacy BIOS firmware, which was used in most PCs shipping with Windows 7 or earlier version of Windows. Each firmware type has completely different Windows boot components that are incompatible with each other. Beyond the different boot components, Windows supports different partition styles and layout requirements for each type of firmware as shown in the following diagrams.
-
-
-
-This presented a unique challenge for Windows To Go because the firmware type isn't easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware.
-
-To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually, you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
-
-
-
-This is the only supported disk configuration for Windows To Go. With this disk configuration, a single Windows To Go drive can be booted on computers with UEFI and legacy BIOS firmware.
-
-### Configure Windows To Go startup options
-
-Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options, you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
-
-**To configure Windows To Go startup options**
-
-1. On the Start screen, type, type **Windows To Go Startup Options**, click **Settings** and, then press Enter.
-
- 
-
-2. Select **Yes** to enable the startup options.
-
- > [!TIP]
- > If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
-
-3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
-
-### Change firmware settings
-
-If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer, you'll need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7, you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you don't suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
-
-## Related topics
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the MOF Editor with a .MOF import file
-You can collect your hardware inventory using the MOF Editor and a .MOF import file.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
-2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
-
-3. Pick the inventory items to install, and then click **Import**.
-
-4. Click **OK** to close the default windows.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
-
-**To collect your inventory**
-
-1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-## Turn off data collection on your client devices
-After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
-
-**To stop collecting data, using PowerShell**
-
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
-
- >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
-
-
-**To stop collecting data, using Group Policy**
-
-1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
-
-2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
-
-### Delete already stored data from client computers
-You can completely remove the data stored on your employee’s computers.
-
-**To delete all existing data**
-
-- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo`
-
- - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
-
-## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
-
-
-
-
diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
deleted file mode 100644
index 807cc8d2c8..0000000000
--- a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: dansimp
-ms.prod: ie11
-title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes.
-
-## Use the Environment settings area
-This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications.
-
-**To add location info**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**.
-
-3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**.
-
-## Use the Group and role settings area
-After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group.
-
-**To add a new group and determine the required change request Approvers**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Group and role settings** area of the page, click **Group details**.
-
- The **Add or edit group names** box appears.
-
-3. Click the **Add group** tab, and then add the following info:
-
- - **New group name.** Type name of your new group.
-
- - **Group head email.** Type the email address for the primary contact for the group.
-
- - **Group head name.** This box automatically fills, based on the email address.
-
- - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-
-**To set a group's required Approvers**
-1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box.
-
-2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles.
-
- - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role.
-
-## Use the Freeze production changes area
-This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date.
-
-**To add the start and end dates**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time.
-
-3. Click **Save**.
-
-## Related topics
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
deleted file mode 100644
index 867bb143b8..0000000000
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Create a change request using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
-
-> [!Important]
-> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-**To create a new change request**
-1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
-
- The **Create new request** page appears.
-
-2. Fill out the required fields, based on the group and the app, including:
-
- - **Group name.** Select the name of your group from the dropdown box.
-
- - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
-
- - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
-
- - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list.
-
- - **Requested by.** Automatically filled in with your name.
-
- - **Description.** Add descriptive info about the app.
-
- - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**.
-
- - **Reason for request.** Select the best reason for why you want to update, delete, or add the app.
-
- - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
-
- - **App location (URL).** The full URL location to the app, starting with https:// or https://.
-
- - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
-
- - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx).
-
-4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
-
- A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
-
-5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
-
- - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
-
- - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
-
-## Next steps
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).
diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index ad225f2556..0000000000
--- a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: low
-description: Delete a single site from your global Enterprise Mode site list.
-ms.pagetype: appcompat
-ms.mktglfcycl: deploy
-author: dansimp
-ms.prod: ie11
-ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-
- **To delete a single site from your global Enterprise Mode site list**
-
-- From the Enterprise Mode Site List Manager, pick the site you want to delete, and then click **Delete**.
-The site is permanently removed from your list.
-
-If you delete a site by mistake, you’ll need to manually add it back using the instructions in the following topics, based on operating system.
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 403690d64f..0000000000
--- a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-
-If you need to edit a lot of websites, you probably don’t want to do it one at a time. Instead, you can edit your saved XML or TXT file and add the sites back again. For information about how to do this, depending on your operating system and schema version, see [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
- **To change how your page renders**
-
-1. In the Enterprise Mode Site List Manager, double-click the site you want to change.
-
-2. Change the comment or the compatibility mode option.
-
-3. Click **Save** to validate your changes and to add the updated information to your site list.
-If your change passes validation, it’s added to the global site list. If the update doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the update or ignore the validation problem and add it to your list anyway. For more information about fixing validation issues, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-4. On the **File** menu, click **Save to XML**, and save the updated file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
deleted file mode 100644
index a8f90c3697..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
+++ /dev/null
@@ -1,50 +0,0 @@
-## Enterprise Mode and the Enterprise Mode Site List XML file
-The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11.
-
-Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
-
-### Site list xml file
-
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
-
-```xml
-
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules> |Internet Explorer 11 and Microsoft Edge |
-|<emie> |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules>
For IPv6 ranges:
<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules>
**or**
For IPv4 ranges:<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules> | Internet Explorer 11 and Microsoft Edge |
-|<docMode> |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.
**Example**
<rules version="205">
<docmode>
<domain docMode="7">contoso.com</domain>
</docmode>
</rules> |Internet Explorer 11 |
-|<domain> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
**Example**
<emie>
<domain>contoso.com:8080</domain>
</emie> |Internet Explorer 11 and Microsoft Edge |
-|<path> |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
**Example**
<emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does. |Internet Explorer 11 and Microsoft Edge |
-
-### Schema attributes
-This table includes the attributes used by the Enterprise Mode schema.
-|Attribute|Description|Supported browser|
-|--- |--- |--- |
-|<version>|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
-|<exclude>|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the
**Example** <emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
**Example**<docMode>
<domain exclude="false">fabrikam.com
<path docMode="7">/products</path>
</domain>
</docMode>|Internet Explorer 11|
-
-### Using Enterprise Mode and document mode together
-If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain.
-
-For example, say you want all of the sites in the contoso.com domain to open using IE8 Enterprise Mode, except test.contoso.com, which needs to open in document mode 11. Because Enterprise Mode takes precedence over document mode, if you want test.contoso.com to open using document mode, you'll need to explicitly add it as an exclusion to the <emie> parent node.
-
-```xml
-<docMode> |
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode>
|
-|You can specify exact URLs by listing the full path. |<emie>|
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>
|
-|You can nest paths underneath domains. |<emie> |
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie>
|
-|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie> |
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie>
|
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
deleted file mode 100644
index fcdaa18eee..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Enterprise Mode schema v.2 guidance
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-
-**Important**
-If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-## Enterprise Mode schema v.2 updates
-Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
-
-- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema.
-
-- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema.
-
-You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema.
-
-### Enterprise Mode v.2 schema example
-The following is an example of the v.2 version of the Enterprise Mode schema.
-
-**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example**
<site-list version="205">
| Internet Explorer 11 and Microsoft Edge |
-|<site> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
**Example** <site url="contoso.com">
<compat-mode>default</compat-mode>
<open-in>none</open-in>
</site>
**or** For IPv4 ranges:
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
You can also use the self-closing version, <url="contoso.com" />, which also sets:
**Example**
**or**
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
</site>
For IPv4 ranges:<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site><site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
**Examples**<site url="contoso.com">
<open-in>none</open-in>
</site>
Where
**Example**<site url="contoso.com/travel">
In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.| Internet Explorer 11 and Microsoft Edge|
-|version |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | Internet Explorer 11 and Microsoft Edge|
-|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<open-in allow-redirect="true">IE11 </open-in>
</site>
**Note**
Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both [https://contoso.com](https://contoso.com) and [https://contoso.com](https://contoso.com).
**Example**<site url="contoso.com:8080">
In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
-
-### Deprecated attributes
-These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
-
-|Deprecated attribute|New attribute|Replacement example|
-|--- |--- |--- |
-|<forceCompatView>|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
-|<docMode>|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
-|<doNotTransition>|<open-in>|Replace:
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
<doNotTransition="true"> with <open-in>none</open-in>|
-|<domain> and <path>|<site>|Replace:<emie>
With:
<domain exclude="false">contoso.com</domain>
</emie><site url="contoso.com"/>
**-AND-**
<compat-mode>IE8Enterprise</compat-mode>
</site>
Replace:<emie>
<domain exclude="true">contoso.com
<path exclude="false" forceCompatView="true">/about</path>
</domain>
</emie>
With:<site url="contoso.com/about">
<compat-mode>IE7Enterprise</compat-mode>
</site>|
-
-While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
-
-**Important**
-Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
-
-### What not to include in your schema
-We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-
-- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing.
-- Don’t use wildcards.
-- Don’t use query strings, ampersands break parsing.
-
-## Related topics
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md
deleted file mode 100644
index f1c67006ba..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md
+++ /dev/null
@@ -1,36 +0,0 @@
-## Enterprise Mode Site List Manager and the Enterprise Mode Site List Portal tools
-You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple tools that can make that process even easier.
-
-### Enterprise Mode Site List Manager
-This tool helps you create error-free XML documents with simple n+1 versioning and URL verification. We recommend using this tool if your site list is relatively small. For more info about this tool, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
-
-There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10:
-
-- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
-
- We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema.
-
- If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal.
-
-### Enterprise Mode Site List Portal
-The [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management.
-
-In addition to all the functionality of the Enterprise Mode Site List Manager tool, the Enterprise Mode Site List Portal helps you:
-
-- Manage site lists from any device supporting Windows 7 or greater.
-
-- Submit change requests.
-
-- Operate offline through an on-premise solution.
-
-- Provide role-based governance.
-
-- Test configuration settings before releasing to a live environment.
-
-Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-Because the tool is open-source, the source code is readily available for examination and experimentation. We encourage you to [fork the code, submit pull requests, and send us your feedback](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)! For more info about the Enterprise Mode Site List Portal, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md
deleted file mode 100644
index 4ead83795d..0000000000
--- a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md
+++ /dev/null
@@ -1,7 +0,0 @@
-## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
-
-|Schema version |Operating system |Enterprise Site List Manager version |
-|-----------------|---------------|------------------------------------|
-|Enterprise Mode schema, version 2 (v.2) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), the XML is saved into the v.2 version of the schema.
For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).|
-|Enterprise Mode schema, version 1 (v.1) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema.
For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
deleted file mode 100644
index 2c433182a9..0000000000
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use this section to learn about how to turn on Enterprise Mode.
-author: dansimp
-ms.author: dansimp
-ms.prod: edge
-ms.assetid:
-ms.reviewer:
-manager: dansimp
-title: Enterprise Mode for Microsoft Edge
-ms.sitesec: library
-ms.date: 07/17/2018
----
-
-# Enterprise Mode for Microsoft Edge
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers the confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
-
-## Available dual-browser experiences
-
-
-## Enterprise Mode features
-
-
-
-
-## Enterprise Mode Site List management tools
-...description of what you can do with these tools; also specify if you must use both or if each tool works independently and no dependencies on the other tool... I think these tools are for two different scenarios...
-
-You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple of tools that can make that process even easier.
-
-| | |
-|---------|---------|
-|Enterprise Mode Site List Manager |Use if your site list is relatively small. |
-|Enterprise Mode Site List Portal |Use if your site list is too large to add individual sites, or if you have more than one person managing the sites. |
-
-### Enterprise Mode Site List Manager
-
-
-### Enterprise Mode Site List Portal
-
-
-
-## Enterprise Mode Site List XML file
-[!INCLUDE [enterprise-mode-and-enterprise-site-list-include](enterprise-mode-and-enterprise-site-list-include.md)]
-
-
-## Turn on Enterprise Mode
-
-
-### Add a single site to the site list
-
-
-### Add multiple sites to the site list
diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 4f4cbb32bb..0000000000
--- a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. This file includes all of your URLs, including your compatibility mode selections and should be stored somewhere safe. If your list gets deleted by mistake you can easily import this file and return everything back to when this file was last saved.
-
-**Important**
-This file is not intended for distribution to your managed devices. Instead, it is only for transferring data and comments from one manager to another. For example, if one administrator leaves and passes the existing data to another administrator. Internet Explorer doesn’t read this file.
-
- **To export your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Export**.
-
-2. Export the file to your selected location. For example, `C:\Users\
The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
-
- **To remove single sites from a local Enterprise Mode site list**
-
-1. Open Internet Explorer 11 and go to the site you want to remove.
-
-2. Click **Tools**, and then click **Enterprise Mode**.
If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
-
- **To remove all sites from a local Enterprise Mode site list**
-
-1. Open IE11, click **Tools**, and then click **Internet options**.
-
-2. Click the **Delete** button from the **Browsing history** area.
-
-3. Click the box next to **Cookies and website data**, and then click **Delete**.
-
-**Note**
This removes all of the sites from a local Enterprise Mode site list.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 2cb578171f..0000000000
--- a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Save your site list to XML in the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-
- **To save your list as XML**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Save to XML**.
-
-2. Save the file to the location you specified in your Enterprise Mode registry key, set up when you turned on Enterprise Mode for use in your company. For information about the Enterprise Mode registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
-
-### Setting up, collecting, and viewing reports
-For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report.
-
- **To set up the sample**
-
-1. Set up a server to collect your Enterprise Mode information from your users.
-
-2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
-
-3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
-
-4. On the **Build** menu, tap or click **Build Solution**.
- Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
-
- 
-
- After you finish the publishing process, you need to test to make sure the app deployed successfully.
-
- **To test, deploy, and use the app**
-
-1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
-
- ``` "Enable"="https://
-Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
-
- **To turn off the site list using Group Policy**
-
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.
-The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
-- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
-- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
-
-For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
-
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
deleted file mode 100644
index 010448c58d..0000000000
--- a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
-ms.prod: ie11
-title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-author: dansimp
----
-
-# Use the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
-
-You can use IE11 and the Enterprise Mode Site List Portal to manage your Enterprise Mode Site List, hosted by the app, with multiple users.
-
-## Minimum system requirements for portal and test machines
-Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
-
-|Item |Description |
-|-----|------------|
-|Operating system |Windows 7 or later |
-|Memory |16 GB RAM |
-|Hard drive space |At least 8 GB of free space, formatted using the NTFS file system for better security |
-|Active Directory (AD) |Devices must be domain-joined |
-|SQL Server |Microsoft SQL Server Enterprise Edition 2012 or later |
-|Visual Studio |Visual Studio 2015 or later |
-|Node.js® package manager |npm Developer version or higher |
-|Additional server infrastructure |Internet Information Service (IIS) 6.0 or later |
-
-## Role assignments and available actions
-Admins can assign roles to employees for the Enterprise Mode Site List Portal, allowing the employees to perform specific actions, as described in this table.
-
-|Role assignment |Available actions |
-|----------------|------------------|
-|Requester |
|
-|Approver
(includes the App Manager and Group Head roles) |
|
-|Administrator |
|
-
-## Enterprise Mode Site List Portal workflow by employee role
-The following workflow describes how to use the Enterprise Mode Site List Portal.
-
-1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md)
-
-2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md)
-
-3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md)
-
-4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md)
-
-5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md)
-
-
-## Related topics
-- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
-
-- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md)
-
-- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
-
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index f68c42ca3c..0000000000
--- a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Use the Enterprise Mode Site List Manager
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
-
-[!INCLUDE [enterprise-mode-site-list-mgr-versions-include](../../enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md)]
-
-## Using the Enterprise Mode Site List Manager
-The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager.
-
-|Topic |Description |
-|------|------------|
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.2). |
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.1). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the Enterprise Mode Site List Manager (schema v.2). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
-|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.
-Because we’ve added the IE7 Enterprise Mode option, we’ve had to rename the original functionality of Enterprise Mode to be IE8 Enterprise Mode. We’ve also replaced Edge Mode with IE11 Document Mode, so you can explicitly use IE11 on Windows 10.
-
-## Turning on and using IE7 Enterprise Mode or IE8 Enterprise Mode
-For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to your webpages and apps, see:
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-
-For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
deleted file mode 100644
index 3e06b8b806..0000000000
--- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify your changes using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-> [!Important]
-> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
-
-- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
-
-- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
-
-- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry.
-
-## Verify and send the change request to Approvers
-The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful.
-
-**To verify changes and send to the Approver(s)**
-1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**.
-
- The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval.
-
-
-**To rollback your pre-production changes**
-1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**.
-
- The change request and issue info are sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment.
-
- After the Requester rolls back the changes, the request can be updated and re-submitted.
-
-
-## View rolled back change requests
-The original Requester and the Administrator(s) group can view the rolled back change requests.
-
-**To view the rolled back change request**
-
-- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane.
-
- All rolled back change requests appear, with role assignment determining which ones are visible.
-
-## Next steps
-If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
deleted file mode 100644
index 8387697841..0000000000
--- a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-## Verify and sign off on the update in the production environment
-The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful.
-
-**To verify the changes and sign off**
-- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**.
-
- The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off.
-
-
-**To rollback production changes**
-1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results.
-
-2. Add a description about the issue into the **Change description** box, and then click **Send failure details**.
-
- The info is sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the production environment.
-
- After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists.
-
diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
deleted file mode 100644
index 6ae2c865ea..0000000000
--- a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-ms.localizationpriority: low
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
----
-
-# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List.
-
-**To view the active Enterprise Mode Site List**
-1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page.
-
- The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
-
-2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser.
-
-
-**To export the active Enterprise Mode Site List**
-1. On the **Production sites list** page, click **Export**.
-
-2. Save the ProductionSiteList.xlsx file.
-
- The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser.
diff --git a/browsers/enterprise-mode/what-is-enterprise-mode-include.md b/browsers/enterprise-mode/what-is-enterprise-mode-include.md
deleted file mode 100644
index b10897a3d3..0000000000
--- a/browsers/enterprise-mode/what-is-enterprise-mode-include.md
+++ /dev/null
@@ -1,7 +0,0 @@
----
-ms.date: 07/17/2018
----
-## What is Enterprise Mode?
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md
deleted file mode 100644
index e506d779b2..0000000000
--- a/browsers/includes/available-duel-browser-experiences-include.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-## Available dual-browser experiences
-Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
-
-- Use Microsoft Edge as your primary browser.
-
-- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies.
-
-- Use Microsoft Edge as your primary browser and open all intranet sites in IE11.
-
-- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies.
-
-For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
deleted file mode 100644
index 21e15f6d8d..0000000000
--- a/browsers/includes/helpful-topics-include.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-
-## Helpful information and additional resources
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie)
-
-- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501)
-
-- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974)
-
-- [Use the Enterprise Mode Site List Manager](../enterprise-mode/use-the-enterprise-mode-site-list-manager.md)
-
-- [Collect data using Enterprise Site Discovery](../enterprise-mode/collect-data-using-enterprise-site-discovery.md)
-
-- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
-
-- [Microsoft Services Support](https://www.microsoft.com/microsoftservices/support.aspx)
-
-- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
-
-
-
-
-
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
-- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
-- [Fix web compatibility issues using document modes and the Enterprise Mode site list](/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
deleted file mode 100644
index 31961c97a1..0000000000
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-
-> [!IMPORTANT]
-> Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
-
-1. In the Enterprise Mode Site List Manager, click **File \> Import**.
-
-2. Go to the exported .EMIE file.
ActiveX control installation requires administrator-level permissions.
-
-## Group Policy for the ActiveX Installer Service
-
-You use the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. The AXIS-related settings can be changed using either the Group Policy Management Console (GPMC) or the Local Group Policy Editor, and include:
-
-- **Approved Installation Sites for ActiveX Controls.** A list of approved installation sites used by AXIS to determine whether it can install a particular ActiveX control.
-
-- **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
-
-For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](/previous-versions/windows/it-pro/windows-7/dd631688(v=ws.10)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
deleted file mode 100644
index 455bae28bd..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to add employees to the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Add employees to the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
-
-The available roles are:
-
-- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
-
-- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
-
-**To add an employee to the Enterprise Mode Site List Portal**
-1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
-
- The **Employee management** page appears.
-
-2. Click **Add a new employee**.
-
- The **Add a new employee** page appears.
-
-3. Fill out the fields for each employee, including:
-
- - **Email.** Add the employee's email address.
-
- - **Name.** This box autofills based on the email address.
-
- - **Role.** Pick a single role for the employee, based on the list above.
-
- - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
-
- - **Comments.** Add optional comments about the employee.
-
- - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-**To export all employees to an Excel spreadsheet**
-1. On the **Employee management** page, click **Export to Excel**.
-
-2. Save the EnterpriseModeUsersList.xlsx file.
-
- The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
deleted file mode 100644
index 57c8991c7d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
-
-If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
-You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-Each XML file must include:
-
-- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
-
-- <docMode> tag.This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-### Enterprise Mode v.1 XML schema example
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-```
-
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
-
-You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
-Each XML file must include:
-
-- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains.
-
-- **<open-in> tag.** This tag specifies what browser opens for each sites or domain.
-
-### Enterprise Mode v.2 XML schema example
-
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-```xml
-
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
You can only add specific URLs, not Internet or Intranet Zones.
-
-
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
You can only add specific URLs, not Internet or Intranet Zones.
-
-
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) or the Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) topic, based on your operating system.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see Scenario 1: Editing the Local GPO Using ADMX Files.
-
-## Administrative Templates-related Group Policy settings
-When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
-
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the PolicyDefinitions folder on this computer.
-
-IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
-
-- Computer Configuration\\Administrative Templates\\Windows Components\\
-
-- User Configuration\\Administrative Templates\\Windows Components\\
-
-
-|Catalog |Description |
-| ------------------------------------------------ | --------------------------------------------|
-|IE |Turns standard IE configuration on and off. |
-|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
-|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
-|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
-|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
-|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
-|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
-|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
-|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
-|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
-|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
-|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
-|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
-|RSS Feeds |Sets up and manages RSS feeds in the browser. |
-
-
-## Editing Group Policy settings
-Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771479(v=ws.11)) for step-by-step instructions about editing your Administrative Templates.
-
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](/microsoft-desktop-optimization-pack/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
-
-## Related topics
-- [Administrative templates (.admx) for Windows 10 April 2018 Update](https://www.microsoft.com/download/details.aspx?id=56880)
-- [Administrative templates (.admx) for Windows 10 October 2018 Update](https://www.microsoft.com/download/details.aspx?id=57576)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
deleted file mode 100644
index 07687792a3..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Approve a change request using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
-
-## Approve or reject a change request
-The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
-
-**To approve or reject a change request**
-1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
-
- The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
-
-2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
-
-3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
-
- An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
-
-
-## Send a reminder to the Approver(s) group
-If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
-
-- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
-
- An email is sent to the selected Approver(s).
-
-
-## View rejected change requests
-The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
-
-**To view the rejected change request**
-
-- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
-
- All rejected change requests appear, with role assignment determining which ones are visible.
-
-
-## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
deleted file mode 100644
index f87e4e9cc9..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration and auto proxy problems with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration and auto proxy problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
-
-## Branding changes aren't distributed using automatic configuration
-If you've turned on the **Disable external branding of Internet Explorer** Group Policy Object, you won't be able to use automatic configuration to distribute your branding changes to your users' computers. When this object is turned on, it prevents the branding of IE by a non-Microsoft company or entity, such as an Internet service provider or Internet content provider. For more information about automatic configuration, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) and [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). For more information about Group Policy settings, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
-
-## Proxy server setup issues
-If you experience issues while setting up your proxy server, you can try these troubleshooting steps:
-
-- Check to make sure the proxy server address is right.
-
-- Check that both **Automatically detect settings** and **Automatic configuration** are turned on in the browser.
-
-- Check that the browser is pointing to the right automatic configuration script location.
-
- **To check your proxy server address**
-
-1. On the **Tools** menu, click **Internet Options**, and then **Connections**.
-
-2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
-
-3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](/troubleshoot/browsers/internet-explorer-uses-proxy-server-local-ip-address).
-
- **To check that you've turned on the correct settings**
-
-4. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-5. Click **Settings** or **LAN Settings**.
-
-6. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.
If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again.
-
- **To check that you're pointing to the correct automatic configuration script location**
-
-7. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-8. Click **Settings** or **LAN Settings**.
-
-9. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
deleted file mode 100644
index 10ff22508d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration settings for Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration settings for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).
You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-## Adding the automatic configuration registry key
-For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry key to your IE installation package.
Follow these directions carefully because serious problems can occur if you update your registry incorrectly. For added protection, back up your registry so you can restore it if a problem occurs.
-
- **To add the registry key**
-
-1. On the **Start** screen, type **regedit**, and then click **Regedit.exe**.
-
-2. Right-click the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl` subkey, point to **New**, and then click **Key**.
-
-3. Enter the new key name, `FEATURE\AUTOCONFIG\BRANDING`, and then press Enter.
-
-4. Right-click `FEATURE\AUTOCONFIG\BRANDING`, point to **New**, and then click **DWORD (32-bit) Value**.
-
-5. Enter the new DWORD value name, **iexplore.exe**, and then press Enter.
-
-6. Right-click **iexplore.exe**, and then click **Modify**.
-
-7. In the **Value data** box, enter **1**, and then click **OK**.
-
-8. Exit the registry editor.
-
-## Updating your automatic configuration settings
-After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-
Your branding changes won't be added or updated if you've previously chosen the Disable external branding of IE setting in the User Configuration\Administrative Templates\Windows Components\Internet Explorer Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the Group Policy TechCenter.
-
- **To update your settings**
-
-1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** check box to allow automatic detection of browser settings.
-
-3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
-
- - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that automatic configuration only happens when the computer restarts.
-
- - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
-
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
-
-## Locking your automatic configuration settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing Automatic Configuration settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
deleted file mode 100644
index bf9f448755..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto detect settings Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto detect settings Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
-
-Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
-
-## Updating your automatic detection settings
-To use automatic detection, you have to set up your DHCP and DNS servers.
Your DHCP servers must support the `DHCPINFORM` message, to obtain the DHCP options.
-
- **To turn on automatic detection for DHCP servers**
-
-1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-3. Open the [DHCP Administrative Tool](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd145324(v=ws.10)), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](/previous-versions/tn-archive/bb794881(v=technet.10)).
-
- **To turn on automatic detection for DNS servers**
-
-4. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-5. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
-
-6. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](/previous-versions/tn-archive/cc995062(v=technet.10)).
-
-7. After the database file propagates to the server, the DNS name, `wpad.
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad.
IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-## Locking your auto-proxy settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](/windows/deployment/deploy-whats-new).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
deleted file mode 100644
index 17f6488e0a..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Blocked out-of-date ActiveX controls
-description: This page is periodically updated with new ActiveX controls blocked by this feature.
-author: dansimp
-ms.author: dansimp
-audience: itpro
-manager: dansimp
-ms.date: 05/10/2018
-ms.topic: article
-ms.prod: ie11
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-ms.assetid: ''
-ms.reviewer:
-ms.sitesec: library
----
-
-# Blocked out-of-date ActiveX controls
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_.
-
-We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list.
-
-You will receive a notification if a webpage tries to load one of the following of ActiveX control versions:
-
-**Java**
-
-| Java 2 Platform, Standard Edition (J2SE) 1.4, everything below (but not including) update 43 |
-|----------------------------------------------------------------------------------------------|
-| J2SE 5.0, everything below (but not including) update 99 |
-| Java SE 6, everything below (but not including) update 181 |
-| Java SE 7, everything below (but not including) update 171 |
-| Java SE 8, everything below (but not including) update 161 |
-| Java SE 9, everything below (but not including) update 4 |
-
-**Silverlight**
-
-
-| Everything below (but not including) Silverlight 5.1.50907.0 |
-|--------------------------------------------------------------|
-| |
-
-For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
deleted file mode 100644
index 3fc8a84465..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: performance
-description: Browser cache changes and roaming profiles
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/16/2017
----
-
-
-# Browser cache changes and roaming profiles
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
-
-You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649079(v=ws.11)). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Microsoft Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
-
-To get the best results while using roaming profiles, we strongly recommend the following:
-
-- Create a separate roaming repository for each domain account that uses roaming.
-
-- Restrict roaming user profiles so they work on only one computer at a time. Using a single roaming profile on multiple computers isn’t supported (via console or Remote Desktop) and can cause unpredictable results, including cookie loss.
-
-- Allow all computers that let users sign-on with a roaming profile have identical IE cookie policies and settings.
-
-- Make sure to delete the user’s local roaming profile at sign off for any computer using user profile roaming. You can do this by turning on the **Delete cached copies of roaming profiles** Group Policy Object.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
deleted file mode 100644
index 1617af18d5..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-ms.localizationpriority: medium
-title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
-description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10.
-ms.mktglfcycl: deploy
-ms.prod: windows-client
-ms.sitesec: library
-author: dansimp
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-
-# Change history for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-This topic lists new and updated topics in the Internet Explorer 11 documentation for Windows 10.
-
-## April 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
-
-## March 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to add the Allow VBScript to run in Internet Explorer and the Hide the button (next to the New Tab button) that opens Microsoft Edge settings. |
-
-## November 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Updated the DocMode reason section to correct Code 8 and to add Code 9.|
-
-## August 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
-
-## July 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
-
-## June 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
-
-
-## May 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using <emie> and <docMode> together. |
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
deleted file mode 100644
index 9b4b3e6f1f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
-description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.date: 08/14/2017
-ms.localizationpriority: medium
----
-
-
-# Check for a new Enterprise Mode site list xml file
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
-
-**How Internet Explorer 11 looks for an updated site list**
-
-1. Internet Explorer starts up and looks for an updated site list in the following places:
-
- 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
-
- 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
-
- 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
-
-2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
deleted file mode 100644
index 810264c501..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to deploy Internet Explorer 11 (IE11)
-author: dansimp
-ms.prod: ie11
-ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to deploy Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
-
-## In this section
-
-| Topic | Description |
-|------------------------------------------------------------- | ------------------------------------------------------ |
-|[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). |
-|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). |
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
deleted file mode 100644
index 0175cb7bbe..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to install Internet Explorer 11 (IE11)
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to install Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Before you install Internet Explorer 11, you should:
-
-- **Migrate Group Policy Objects.** Decide if your Group Policy Objects should migrate to the new version.
-
-- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
-
-- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
-
-- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
-
- - **Existing computers running Windows.** Use Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
-
- - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825251(v=win.10)). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/), [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
deleted file mode 100644
index 961f15218c..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ /dev/null
@@ -1,446 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Collect data using Enterprise Site Discovery
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Collect data using Enterprise Site Discovery
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7 with Service Pack 1 (SP1)
-
-Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
-
->**Upgrade Readiness and Windows upgrades**
->You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
-
-
-## Before you begin
-Before you start, you need to make sure you have the following:
-
-- Latest cumulative security update (for all supported versions of Internet Explorer):
-
- 1. Go to the [Microsoft Security Bulletin](/security-updates/) page, and change the filter to **Windows Internet Explorer 11**.
-
- 
-
- 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
-
- 
-
- 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
-
-- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
-
- - Configuration-related PowerShell scripts
-
- - IETelemetry.mof file
-
- - Sample System Center 2012 report templates
-
- You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
-
-Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
-
-## What data is collected?
-Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
-
-|Data point |IE11 |IE10 |IE9 |IE8 |Description |
-|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
-|URL | ✔️ | ✔️ | ✔️ | ✔️ |URL of the browsed site, including any parameters included in the URL. |
-|Domain | ✔️ | ✔️ | ✔️ | ✔️ |Top-level domain of the browsed site. |
-|ActiveX GUID | ✔️ | ✔️ | ✔️ | ✔️ |GUID of the ActiveX controls loaded by the site. |
-|Document mode | ✔️ | ✔️ | ✔️ | ✔️ |Document mode used by IE for a site, based on page characteristics. |
-|Document mode reason | ✔️ | ✔️ | | |The reason why a document mode was set by IE. |
-|Browser state reason | ✔️ | ✔️ | | |Additional information about why the browser is in its current state. Also called, browser mode. |
-|Hang count | ✔️ | ✔️ | ✔️ | ✔️ |Number of visits to the URL when the browser hung. |
-|Crash count | ✔️ | ✔️ | ✔️ | ✔️ |Number of visits to the URL when the browser crashed. |
-|Most recent navigation failure (and count) | ✔️ | ✔️ | ✔️ | ✔️ |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. |
-|Number of visits | ✔️ | ✔️ | ✔️ | ✔️ |Number of times a site has been visited. |
-|Zone | ✔️ | ✔️ | ✔️ | ✔️ |Zone used by IE to browse sites, based on browser settings. |
-
-
->**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-### Understanding the returned reason codes
-The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
-
-#### DocMode reason
-The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
-|4 |Page is using an X-UA-compatible meta tag. |
-|5 |Page is using an X-UA-compatible HTTP header. |
-|6 |Page appears on an active **Compatibility View** list. |
-|7 |Page is using native XML parsing. |
-|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
-|9 |Page state is set by the browser mode and the page's DOCTYPE.|
-
-#### Browser state reason
-The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
-|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
-|3 |Site appears on an active **Compatibility View** list, created by the user. |
-|4 |Page is using an X-UA-compatible tag. |
-|5 |Page state is set by the **Developer** toolbar. |
-|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
-|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
-|8 |Site appears on the **Quirks** list, created in Group Policy. |
-|11 |Site is using the default browser. |
-
-#### Zone
-The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
-
-|Code |Description |
-|-----|------------|
-|-1 |Internet Explorer is using an invalid zone. |
-|0 |Internet Explorer is using the Local machine zone. |
-|1 |Internet Explorer is using the Local intranet zone. |
-|2 |Internet Explorer is using the Trusted sites zone. |
-|3 |Internet Explorer is using the Internet zone. |
-|4 |Internet Explorer is using the Restricted sites zone. |
-
-## Where is the data stored and how do I collect it?
-The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
-
-- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
-
-- **XML file**. Any agent that works with XML can be used.
-
-## WMI Site Discovery suggestions
-We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
-
-On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
-
-## Getting ready to use Enterprise Site Discovery
-Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
-
-**To set up Enterprise Site Discovery**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies).
-
-### WMI only: Set up your firewall for WMI data
-If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
-
-**To set up your firewall**
-
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-
-3. Restart your computer to start collecting your WMI data.
-
-## Use PowerShell to finish setting up Enterprise Site Discovery
-You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
-
->**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-
-- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
-
-- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
-
-**To set up data collection using a domain allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-
- >**Important**
Wildcards, like \*.microsoft.com, aren’t supported.
-
-**To set up data collection using a zone allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
-
- >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-
-## Use Group Policy to finish setting up Enterprise Site Discovery
-You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
-
->**Note**
All of the Group Policy settings can be used individually or as a group.
-
- **To set up Enterprise Site Discovery using Group Policy**
-
-- Open your Group Policy editor, and go to these new settings:
-
- |Setting name and location |Description |Options |
- |---------------------------|-------------|---------|
- |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |
|
- |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |
|
- |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone |
- |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com |
-
-### Combining WMI and XML Group Policy settings
-You can use both the WMI and XML settings individually or together:
-
-**To turn off Enterprise Site Discovery**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|Off|
-|Turn on Site Discovery XML output|Blank|
-
-**Turn on WMI recording only**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|On|
-|Turn on Site Discovery XML output|Blank|
-
-**To turn on XML recording only**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|Off|
-|Turn on Site Discovery XML output|XML file path|
-
-**To turn on both WMI and XML recording**
-
-|Setting name|Option|
-|--- |--- |
-|Turn on Site Discovery WMI output|On|
-|Turn on Site Discovery XML output|XML file path|
-
-## Use Configuration Manager to collect your data
-After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
-
-- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the MOF Editor with a .MOF import file
-You can collect your hardware inventory using the MOF Editor and a .MOF import file.
-
- **To collect your inventory**
-
-1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
-
-2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
-
-3. Pick the inventory items to install, and then click **Import**.
-
-4. Click **OK** to close the default windows.
-Your environment is now ready to collect your hardware inventory and review the sample reports.
-
-### Collect your hardware inventory using the SMS\DEF.MOF file (Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
-
-**To collect your inventory**
-
-1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-## Turn off data collection on your client devices
-After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
-
-**To stop collecting data, using PowerShell**
-
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
-
- >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
-
-
-**To stop collecting data, using Group Policy**
-
-1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
-
-2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
-
-### Delete already stored data from client computers
-You can completely remove the data stored on your employee’s computers.
-
-**To delete all existing data**
-
-- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo`
-
- - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo`
-
- - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
-
-## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
deleted file mode 100644
index db62af6aab..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: dansimp
-ms.prod: ie11
-title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes.
-
-## Use the Environment settings area
-This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications.
-
-**To add location info**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**.
-
-3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**.
-
-## Use the Group and role settings area
-After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group.
-
-**To add a new group and determine the required change request Approvers**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Group and role settings** area of the page, click **Group details**.
-
- The **Add or edit group names** box appears.
-
-3. Click the **Add group** tab, and then add the following info:
-
- - **New group name.** Type name of your new group.
-
- - **Group head email.** Type the email address for the primary contact for the group.
-
- - **Group head name.** This box automatically fills, based on the email address.
-
- - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-
-**To set a group's required Approvers**
-1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box.
-
-2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles.
-
- - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role.
-
- You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
-
- - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role.
-
-## Use the Freeze production changes area
-This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date.
-
-**To add the start and end dates**
-1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
-
- The **Settings** page appears.
-
-2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time.
-
-3. Click **Save**.
-
-## Related topics
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
deleted file mode 100644
index cffb48a00d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Create a change request using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
-
-> [!Important]
-> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-**To create a new change request**
-1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
-
- The **Create new request** page appears.
-
-2. Fill out the required fields, based on the group and the app, including:
-
- - **Group name.** Select the name of your group from the dropdown box.
-
- - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
-
- - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
-
- - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list.
-
- - **Requested by.** Automatically filled in with your name.
-
- - **Description.** Add descriptive info about the app.
-
- - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**.
-
- - **Reason for request.** Select the best reason for why you want to update, delete, or add the app.
-
- - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
-
- - **App location (URL).** The full URL location to the app, starting with https:// or https://.
-
- - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
-
- - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](/previous-versions/windows/internet-explorer/ie-developer/compatibility/cc288325(v=vs.85)).
-
-4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
-
- A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
-
-5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
-
- - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
-
- - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
-
-## Next steps
-
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
deleted file mode 100644
index 395703b43d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Create packages for multiple operating systems or languages
-author: dansimp
-ms.prod: ie11
-ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Create packages for multiple operating systems or languages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Create packages for multiple operating systems or languages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You'll create multiple versions of your custom browser package if:
-
-- You support more than 1 version of Windows®.
-
-- You support more than 1 language.
-
-- You have custom installation packages with only minor differences. Like, having a different phone number.
-
- **To create a new package**
-
-1. Create an installation package using the Internet Explorer Customization Wizard 11, as described in the [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](../ie11-ieak/ieak11-wizard-custom-options.md) topic.
-
-2. Go to your **CIE/Custom** folder and rename the `Install.ins`file. For example, if you need a version for employees in Texas, rename the file to Texas.ins.
-
-3. Run the wizard again, using the Custom folder as the destination directory.
-Except for the **Title bar** text, **Favorites**, **Links bar**, **Home page**, and **Search bar**, keep all of your wizard settings the same for all of your build computers.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
deleted file mode 100644
index ddaef22325..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Customize Internet Explorer 11 installation packages
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Customize Internet Explorer 11 installation packages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Customize Internet Explorer 11 installation packages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can customize Internet Explorer 11 to support various browser behaviors, multiple operating system versions and languages, and Setup information (.inf) files.
-
-|Topic |Description |
-|------------------------------------------------------------------------|----------------------------------------------------|
-|[Using IEAK 11 to create packages](using-ieak11-to-create-install-packages.md) |How to use the Internet Explorer Administration Kit 11 (IEAK 11) and the IE Customization Wizard 11 to set up, configure, deploy, and maintain IE11. |
-|[Create packages for multiple operating systems or languages](create-install-packages-for-multiple-operating-systems-or-languages.md) |How to create multiple versions of your custom installation package, to support multiple operating systems or languages. |
-|[Using .INF files to create packages](using-inf-files-to-create-install-packages.md) |How to use the Microsoft® Windows Setup Engine to automate setup tasks and customize your component installations. |
-
-
-
-In addition, you can configure IE before, during, or after deployment, using these tools:
-
-- **IE Administration Kit 11 (IEAK 11)**. Creates customized installation packages that can be deployed through your software distribution system. For more information about the IEAK 11, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
-
-- **Group Policy**. Configures and enforces IE11 settings. For more information about settings and configuration options, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
-
-- **Unattend.xml**. Customizes some of the IE settings during your Windows installation. This option only applies if you're updating a Windows image with IE11.
-You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/ff699026(v=win.10)). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824929(v=win.10)).
-
-
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 843d917596..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: medium
-description: Delete a single site from your global Enterprise Mode site list.
-ms.pagetype: appcompat
-ms.mktglfcycl: deploy
-author: dansimp
-ms.prod: ie11
-ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-
- **To delete a single site from your global Enterprise Mode site list**
-
-- From the Enterprise Mode Site List Manager, pick the site you want to delete, and then click **Delete**.
-The site is permanently removed from your list.
-
-If you delete a site by mistake, you’ll need to manually add it back using the instructions in the following topics, based on operating system.
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
deleted file mode 100644
index 0f0c56de35..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-author: dansimp
-ms.prod: ie11
-ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-
-## What is Automatic Version Synchronization?
-Automatic Version Synchronization (AVS) lets you use the Internet Explorer Administration Kit 11 (IEAK 11) to synchronize the IE11 setup files on a local computer with the latest setup files on the web.
-
-You must synchronize the setup files at least once on the local computer, for each language and operating system combination, before proceeding through the rest of the wizard. If your packages have more than one version of IE, you need to keep the versions in separate component download folders, which can be pointed to from the **File Locations** page of the IEAK 11. For more information about using the AVS feature, see [Use the Automatic Version Synchronization page in the IEAK 11 Wizard](../ie11-ieak/auto-version-sync-ieak11-wizard.md)
-.
-
-## Related topics
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-- [Customize Internet Explorer 11 installation packages](customize-ie11-install-packages.md)
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
deleted file mode 100644
index 7eaac18e22..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Deploy Internet Explorer 11 using software distribution tools
-author: dansimp
-ms.prod: ie11
-ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deploy Internet Explorer 11 using software distribution tools (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Deploy Internet Explorer 11 using software distribution tools
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
-
-- **Configuration Manager** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)).
-
-- **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
-
-- **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](/previous-versions/windows/it-pro/windows-server-2003/cc738858(v=ws.10)).
-
-- **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
deleted file mode 100644
index 513e6e6b22..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ /dev/null
@@ -1,122 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.
-
-The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](/mem/configmgr/mdt/).
-
-## Deploying pinned websites in MDT 2013
-This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](./install-ie11-using-operating-system-deployment-systems.md) in the TechNet library.
-
-Deploying pinned websites in MDT 2013 is a 4-step process:
-
-1. Create a .website file for each website that you want to deploy. When you pin a website to the taskbar, Windows 8.1 creates a .website file that describes how the icon should look and feel.
-
-2. Copy the .website files to your deployment share.
-
-3. Copy the .website files to your target computers.
-
-4. Edit the task sequence of your Unattend.xml answer files to pin the websites to the taskbar. In particular, you want to add each .website file to the **TaskbarLinks** item in Unattend.xml during oobeSystem phase. You can add up to six .website files to the **TaskbarLinks** item.
-
-Pinned websites are immediately available to every user who logs on to the computer although the user must click each icon to populate its Jump List.
-
-**Important**
-To follow the examples in this topic, you’ll need to pin the Bing (https://www.bing.com/) and MSN (https://www.msn.com/) websites to the taskbar.
-
-### Step 1: Creating .website files
-The first step is to create a .website file for each website that you want to pin to the Windows 8.1 taskbar during deployment. A .website file is like a shortcut, except it’s a plain text file that describes not only the website’s URL but also how the icon looks.
-
- **To create each .website file**
-
-1. Open the website in IE11.
-
-2. Drag the website’s tab and drop it on the Windows 8.1 taskbar.
-
-3. Go to `%USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar` in Windows Explorer, and copy the bing.website and msn.website files to your desktop.
-
-### Step 2: Copying the .website files to the deployment share
-Next, you must enable your deployment share to copy the bing.website and msn.website files to the **Start** menu on each target computer.
-
- **To copy .website files to the deployment share**
-
-1. Open your MDT 2013 deployment share in Windows Explorer.
-
-2. In the `$OEM$` folder, create the path `$1\Users\Public\Public Links`. If the `$OEM$` folder doesn’t exist, create it at the root of your deployment share.
-
-3. Copy the bing.website and msn.website files from your desktop to `$OEM$\$1\Users\Public\Public Links` in your deployment share.
-
-### Step 3: Copying .website files to target computers
-After your operating system is installed on the target computer, you need to copy the .website files over so they can be pinned to the taskbar.
-
- **To copy .website files to target computers**
-
-1. In the **Deployment Workbench** of MDT 2013, open the deployment share containing the task sequence during which you want to deploy pinned websites, and then click **Task Sequences**.
-
-2. In the right pane of the **Deployment Workbench**, right-click your task sequence (create a new one if you don’t have one yet), and click **Properties**.
-
-3. In the **Task Sequence** tab, click the **Postinstall** folder, click **General** from the **Add** button, and then click **Run Command Line**.
-
-4. Rename the newly created item to *Copy Files* and move it up to the top of the **Postinstall** folder.
-
-5. In the **Command Line** box enter the following text, `xcopy "%DEPLOYROOT%\$OEM$\$1" "%OSDisk%\" /yqe`.
-
-6. Click the **Apply** button to save your changes.
-
-### Step 4: Pinning .website files to the Taskbar
-With the .website files ready to copy to the **Public Links** folder on target computers for all users, the last step is to edit the Unattend.xml answer files to pin those .website files to the taskbar. You will need to complete the following steps for each task sequence during which you want to pin these websites to the taskbar.
-
- **To pin .website files to the Taskbar**
-
-1. Open the Windows System Image Manager (Windows SIM).
-
-2. On the **OS Info** tab, click **Edit Unattend.xml** to open the Unattend.xml file.
-
-2. In the **Windows Image** pane, under **Components** and then **Microsoft-Windows-Shell-Setup**, right-click **TaskbarLinks**, and then click **Add Setting to Pass 7 oobeSystem**.
-
-3. In the **TaskbarLinks Properties** pane, add the relative path to the target computer’s (not the deployment share’s) .website files that you created earlier. You can add up to six links to the **TaskbarLinks** item. For example, `%PUBLIC%\Users\Public\Public Links\Bing.website` and `%PUBLIC%\Users\Public\Public Links\MSN.website`
-
-4. On the **File** menu, click **Save Answer File**, and then close Windows SIM.
-
-5. To close the task sequence, click **OK**.
-
-## Updating intranet websites for pinning
-The MDT 2013 deployment share and task sequences are now ready to pin websites to the taskbar during deployment. This pinning feature can include intranet sites important in your organization.
-
-You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](/previous-versions/windows/internet-explorer/ie-developer/samples/gg491731(v=vs.85)) on MSDN. For more ideas about what to pin, see [Add-ons](https://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
-
-## Related topics
-- [Unattended Windows Setup Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/ff699026(v=win.10))
-- [Windows System Image Manager Technical Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824929(v=win.10))
-- [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/)
-- [Windows ADK Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825486(v=win.10))
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
deleted file mode 100644
index 5cfa201d18..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Deprecated document modes and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Deprecated document modes and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
-
-This means that while Internet Explorer 11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.
-
->**Note**
->For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953).
-
-## What is document mode?
-Each release after Internet Explorer 8 has helped with the transition by introducing additional document modes that emulated previously supported versions, while also introducing support for features defined by industry standards. During this time, numerous websites and apps were updated to the latest and greatest industry standards, while many other sites and apps continued to simply rely on document modes to work properly.
-
-Because our goal with Microsoft Edge is to give users the best site and app viewing experience possible, we’ve decided to stop support for document modes. All websites and apps using legacy features and code will need to be updated to rely on the new modern standards and practices.
-
-If you have legacy sites and apps that can’t be updated to modern standards, you can continue to use IE11 and document modes. We recommend that you use the **IE11 Standards document mode** because it represents the highest support available for modern standards. You should also use the HTML5 document type declaration to turn on the latest supported standards while using IE11:``.
-
-## Document modes and IE11
-The compatibility improvements made in IE11 lets older websites just work in the latest standards mode, by default, without requiring emulation of the previous browser behavior. Because older websites are now just working, we’ve decided that Internet Explorer 10 document mode will be the last new document mode. Instead, developers will need to move to using the IE11 document mode going forward.
-
-## Document mode selection flowchart
-This flowchart shows how IE11 works when document modes are used.
-
-
-[Click this link to enlarge image](img-ie11-docmode-lg.md)
-
-## Known Issues with Internet Explorer 8 document mode in Enterprise Mode
-The default document mode for Enterprise Mode is Internet Explorer 8. While this mode provides a strong emulation of that browser, it isn’t an exact match. For example, Windows Internet Explorer 9 fundamentally changed how document modes work with iframes and document modes can’t undo architectural changes. It’s also a known issue that Windows 10 supports GDI font rendering while using Enterprise Mode, but uses natural metrics once outside of Enterprise Mode.
-
-## Related topics
-- [Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 29574ab860..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-
-If you need to edit a lot of websites, you probably don’t want to do it one at a time. Instead, you can edit your saved XML or TXT file and add the sites back again. For information about how to do this, depending on your operating system and schema version, see [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
- **To change how your page renders**
-
-1. In the Enterprise Mode Site List Manager, double-click the site you want to change.
-
-2. Change the comment or the compatibility mode option.
-
-3. Click **Save** to validate your changes and to add the updated information to your site list.
-If your change passes validation, it’s added to the global site list. If the update doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the update or ignore the validation problem and add it to your list anyway. For more information about fixing validation issues, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-4. On the **File** menu, click **Save to XML**, and save the updated file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
deleted file mode 100644
index e21f3e41ed..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ /dev/null
@@ -1,114 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Enable and disable add-ons using administrative templates and group policy
-ms.author: dansimp
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 4/12/2018
----
-
-
-# Enable and disable add-ons using administrative templates and group policy
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
-
-There are four types of add-ons:
-
-- **Search Providers.** Type a term and see suggestions provided by your search provider.
-
-- **Accelerators.** Highlight text on a web page and then click the blue **Accelerator** icon to email, map, search, translate, or do many other tasks.
-
-- **Web Slices.** Subscribe to parts of a website to get real-time information on the Favorites bar.
-
-- **Toolbars.** Add features (like stock tickers) to your browser.
-
-## Using the Local Group Policy Editor to manage group policy objects
-You can use the Local Group Policy Editor to change how add-ons work in your organization.
-
- **To manage add-ons**
-
-1. In the Local Group Policy Editor, go to `Computer Configuration\Administrative Templates\Windows Components\Internet Explorer`.
-
-2. Change any or all of these settings to match your company’s policy and requirements.
-
- - Turn off add-on performance notifications
-
- - Automatically activate newly installed add-ons
-
- - Do not allow users to enable or disable add-ons
-
-3. Go into the **Internet Control Panel\\Advance Page** folder, where you can change:
-
- - Do not allow resetting IE settings
-
- - Allow third-party browser extensions
-
-4. Go into the **Security Features\\Add-on Management** folder, where you can change:
-
- - Add-on List
-
- - Deny all add-ons unless specifically allowed in the Add-on List
-
- - Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects
-
-5. Close the Local Group Policy Editor when you’re done.
-
-## Using the CLSID and Administrative Templates to manage group policy objects
-Every add-on has a Class ID (CLSID) that you use to enable and disable specific add-ons, using Group Policy and Administrative Templates.
-
- **To manage add-ons**
-
-1. Get the CLSID for the add-on you want to enable or disable:
-
- 1. Open IE, click **Tools**, and then click **Manage Add-ons**.
-
- 2. Double-click the add-on you want to change.
-
- 3. In the More Information dialog, click **Copy** and then click **Close**.
-
- 4. Open Notepad and paste the information for the add-on.
-
- 5. On the Manage Add-ons windows, click **Close**.
-
- 6. On the Internet Options dialog, click **Close** and then close IE.
-
-2. From the copied information, select and copy just the **Class ID** value.
-
- > [!NOTE]
- > You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
-
-3. Open the Group Policy Management Editor and go to: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
-
**-OR-**
-Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
-
-4. Open the **Add-on List** Group Policy Object, select **Enabled**, and then click **Show**.
The Show Contents dialog appears.
-
-6. In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
-
-6. In **Value**, enter one of the following:
-
- - **0**. The add-on is disabled and your employees can’t change it.
-
- - **1**. The add-on is enabled and your employees can’t change it.
-
- - **2**. The add-on is enabled and your employees can change it.
-
-7. Close the Show Contents dialog.
-
-7. In the Group Policy editor, go to: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.
-
-8. Double-click **Automatically activate/enable newly installed add-ons** and select **Enabled**.
Enabling turns off the message prompting you to Enable or Don't enable the add-on.
-
-7. Click **OK** twice to close the Group Policy editor.
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
deleted file mode 100644
index e284e24e3f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Enhanced Protected Mode problems with Internet Explorer
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enhanced Protected Mode problems with Internet Explorer (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Enhanced Protected Mode problems with Internet Explorer
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Enhanced Protected Mode further restricts Protected Mode to deny potential attackers access to sensitive or personal information. If this feature is turned on, users might start to see errors asking them to turn it off, like **This webpage wants to run "npctrl.dll. If you trust this site, you can disable Enhanced Protected Mode for this site to run the control**. If your users click the **Disable** box, Enhanced Protected Mode is turned off for only the single visit to that specific site. After the user leaves the site, Enhanced Protected Mode is automatically turned back on.
-
-You can use your company’s Group Policy to turn Enhanced Protected Mode on or off for all users. For more information, see the [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md) information in this guide.
-
-For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](/archive/blogs/ieinternals/understanding-enhanced-protected-mode) and the [Enhanced Protected Mode and Local Files](https://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
deleted file mode 100644
index e5e3c31095..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
-author: dansimp
-ms.prod: ie11
-ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Enterprise Mode for Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
-
-## In this section
-
-|Topic |Description |
-|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
-|[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode. |
-|[Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) |Guidance about how to turn on local control of Enterprise Mode and how to use ASP or the GitHub sample to collect data from your local computers. |
-|[Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) |Guidance about how to turn on Enterprise Mode and set up a site list, using Group Policy or the registry. |
-|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
-|[Check for a new Enterprise Mode site list xml file](check-for-new-enterprise-mode-site-list-xml-file.md) |Guidance about how the Enterprise Mode functionality looks for your updated site list. |
-|[Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md) |Guidance about how to turn on local control of Enterprise Mode, using Group Policy or the registry.|
-|[Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) |Guidance about how to use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
-|[Use the Enterprise Mode Site List Portal](use-the-enterprise-mode-portal.md) |Guidance about how to set up and use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
-|[Using Enterprise Mode](using-enterprise-mode.md) |Guidance about how to turn on either IE7 Enterprise Mode or IE8 Enterprise Mode. |
-|[Fix web compatibility issues using document modes and the Enterprise Mode Site List](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md) |Guidance about how to decide and test whether to use document modes or Enterprise Mode to help fix compatibility issues. |
-|[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. |
-|[Remove sites from a local compatibility view list](remove-sites-from-a-local-compatibililty-view-list.md) |Guidance about how to remove websites from a device's local compatibility view list. |
-|[Turn off Enterprise Mode](turn-off-enterprise-mode.md) |Guidance about how to stop using your site list and how to turn off local control, using Group Policy or the registry. |
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
deleted file mode 100644
index e486ed248d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ /dev/null
@@ -1,133 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Enterprise Mode schema v.1 guidance
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-
-## Enterprise Mode schema v.1 example
-The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
-
-> [!IMPORTANT]
-> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules> |Internet Explorer 11 and Microsoft Edge |
-|<emie> |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
**Example** <rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules>
For IPv6 ranges:
<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules>
**or**
For IPv4 ranges:<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules> | Internet Explorer 11 and Microsoft Edge |
-|<docMode> |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.
**Example**
<rules version="205">
<docmode>
<domain docMode="7">contoso.com</domain>
</docmode>
</rules> |Internet Explorer 11 |
-|<domain> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
**Example**
<emie>
<domain>contoso.com:8080</domain>
</emie> |Internet Explorer 11 and Microsoft Edge |
-|<path> |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
**Example**
<emie>
<domain exclude="true">fabrikam.com
<path exclude="false">/products</path>
</domain>
</emie>
Where `https://fabrikam.com` doesn't use IE8 Enterprise Mode, but `https://fabrikam.com/products` does. |Internet Explorer 11 and Microsoft Edge |
-
-### Schema attributes
-This table includes the attributes used by the Enterprise Mode schema.
-
-|Attribute|Description|Supported browser|
-|--- |--- |--- |
-|version|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
-|exclude|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
**Example** <emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
**Example**<docMode>
<domain exclude="false">fabrikam.com
<path docMode="9">/products</path>
</domain>
</docMode>|Internet Explorer 11|
-|doNotTransition| Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
**Example**<emie>
<domain doNotTransition="false">fabrikam.com
<path doNotTransition="true">/products</path>
</domain>
</emie>
**Example**<emie>
<domain exclude="true">fabrikam.com
<path forcecompatview="true">/products</path>
</domain>
</emie><docMode> |
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode>
|
-|You can specify exact URLs by listing the full path. |<emie>|
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>
|
-|You can nest paths underneath domains. |<emie> |
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie>
|
-|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie> |
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie>
|
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
deleted file mode 100644
index 5af6fab521..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Enterprise Mode schema v.2 guidance
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-
-> [!IMPORTANT]
-> If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-## Enterprise Mode schema v.2 updates
-Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
-
-- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema.
-
-- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema.
-
-You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema.
-
-### Enterprise Mode v.2 schema example
-The following is an example of the v.2 version of the Enterprise Mode schema.
-
-> [!IMPORTANT]
-> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `
**Example**
<site-list version="205">
| Internet Explorer 11 and Microsoft Edge |
-|<site> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
**Example** <site url="contoso.com">
<compat-mode>default</compat-mode>
<open-in>none</open-in>
</site>
**or** For IPv4 ranges:
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
You can also use the self-closing version, <url="contoso.com" />, which also sets:
**Example**
**or**
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
</site>
For IPv4 ranges:<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site><site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
**Examples**<site url="contoso.com">
<open-in>none</open-in>
</site>
Where
**Example**<site url="contoso.com/travel">
In this example, if `https://contoso.com/travel` is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. | Internet Explorer 11 and Microsoft Edge|
-|version |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | Internet Explorer 11 and Microsoft Edge|
-|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<open-in allow-redirect="true">IE11 </open-in>
</site>
**Note**
Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both `http://contoso.com` and `https://contoso.com`.
**Example**<site url="contoso.com:8080">
In this example, going to `https://contoso.com:8080` using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
-
-### Deprecated attributes
-These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
-
-|Deprecated attribute|New attribute|Replacement example|
-|--- |--- |--- |
-|forceCompatView|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
-|docMode|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
-|doNotTransition|<open-in>|Replace:
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
<doNotTransition="true"> with <open-in>none</open-in>|
-|<domain> and <path>|<site>|Replace:<emie>
With:
<domain>contoso.com</domain>
</emie><site url="contoso.com"/>
**-AND-**
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
Replace:<emie>
<domain exclude="true" donotTransition="true">contoso.com
<path forceCompatView="true">/about</path>
</domain>
</emie>
With:<site url="contoso.com/about">
<compat-mode>IE7Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>|
-
-While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
-
-> [!IMPORTANT]
-> Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
-
-### What not to include in your schema
-We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-
-- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
-- Don’t use wildcards.
-- Don’t use query strings, ampersands break parsing.
-
-## Related topics
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index 602eeb31b1..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. This file includes all of your URLs, including your compatibility mode selections and should be stored somewhere safe. If your list gets deleted by mistake you can easily import this file and return everything back to when this file was last saved.
-
-**Important**
-This file is not intended for distribution to your managed devices. Instead, it is only for transferring data and comments from one manager to another. For example, if one administrator leaves and passes the existing data to another administrator. Internet Explorer doesn’t read this file.
-
- **To export your compatibility list**
-
-1. On the **File** menu of the Enterprise Mode Site List Manager, click **Export**.
-
-2. Export the file to your selected location. For example, `C:\Users\
-Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual.
-
-### When do I use document modes versus Enterprise Mode?
-While the `
-If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](/previous-versions/windows/internet-explorer/ie-developer/samples/dn255001(v=vs.85)).
-
-3. If none of the document modes fix your issue, change the **Browser Profile** to **Enterprise**, pick the mode you want to test with starting with **8** (IE8 Enterprise Mode), and then test your broken scenario.
-
-### Add your site to the Enterprise Mode site list
-After you’ve figured out the document mode that fixes your compatibility problems, you can add the site to your Enterprise Mode site list.
-
-**Note**
-There are two versions of the Enterprise Mode site list schema and the Enterprise Mode Site List Manager, based on your operating system. For more info about the schemas, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) or [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). For more info about the different site list management tools, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
-
- **To add your site to the site list**
-
-1. Open the Enterprise Mode Site List Manager, and click **Add**.
-
- 
-
-2. Add the **URL** and pick the document mode from the **Launch in** box. This should be the same document mode you found fixed your problems while testing the site.
-Similar to Enterprise Mode, you can specify a document mode for a particular web path—such as contoso.com/ERP—or at a domain level. In the above, the entire contoso.com domain loads in Enterprise Mode, while microsoft.com is forced to load into IE8 Document Mode and bing.com loads in IE11.
-
-**Note**
-For more information about Enterprise Mode, see [What is Enterprise Mode?](what-is-enterprise-mode.md) For more information about the Enterprise Mode Site List Manager and how to add sites to your site list, see [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
-
-
-### Review your Enterprise Mode site list
-Take a look at your Enterprise Mode site list and make sure everything is the way you want it. The next step will be to turn the list on and start to use it in your company. The Enterprise Mode Site List Manager will look something like:
-
-
-
-And the underlying XML code will look something like:
-
-``` xml
-
-Another possibility is that redirection happens multiple times, with an intermediary site experiencing compatibility issues. For example, an employee types a short URL that then redirects multiple times, finally ending up on a non-intranet site. In this situation, you might want to add the intermediary URLs to your Enterprise Mode site list, in case there’s logic in one of them that has compatibility issues.
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
deleted file mode 100644
index 93486e7113..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Advanced Group Policy Management (AGPM) is an add-on license that available for the Microsoft Desktop Optimization Pack (MDOP). This license gives you change control and a role assignment-model that helps optimize Group Policy management and reduce the risk of widespread failures.
-
-From AGPM you can:
-
-- **Edit GPOs outside of your production environment.** Your GPOs are stored in an outside archive for editing, reviewing, and approving. Then, when you deploy, AGPM moves the GPOs to your production environment.
-
-- **Assign roles to your employees.** You can assign 3 roles to your employees or groups, including:
-
- - **Reviewer.** Can view and compare GPOs in the archive. This role can't edit or deploy GPOs.
-
- - **Editor.** Can view, compare, check-in and out, and edit GPOs in the archive. This role can also request GPO deployment.
-
- - **Approver.** Can approve GPO creation and deployment to the production environment.
-
-- **Manage your GPO lifecycle with change control features.** You can use the available version-control, history, and auditing features to help you manage your GPOs while moving through your archive, to your editing process, and finally to your GPO deployment.
-
-**Note**
-For more information about AGPM, and to get the license, see [Advanced Group Policy Management 4.0 Documents](https://www.microsoft.com/download/details.aspx?id=13975).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
deleted file mode 100644
index b56fd8d946..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-author: dansimp
-ms.prod: windows-client
-ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-A Microsoft Management Console (MMC)-based tool that uses scriptable interfaces to manage Group Policy. The 32-bit and 64-bit versions are included with Windows Server R2 with Service Pack 1 (SP1) and Windows Server 2012 R2.
-
-## Why use the GPMC?
-The GPMC lets you:
-
-- Import, export, copy, paste, backup and restore GPOs.
-
-- Search for existing GPOs.
-
-- Create reports, including providing the Resultant Set of Policy (RSoP) data in HTML reports that you can save and print.
-
-- Use simulated RSoP data to prototype your Group Policy before implementing it in the production environment.
-
-- Obtain RSoP data to view your GPO interactions and to troubleshoot your Group Policy deployment.
-
-- Create migration tables to let you import and copy GPOs across domains and across forests. Migration tables are files that map references to users, groups, computers, and Universal Naming Convention (UNC) paths in the source GPO to new values in the destination GPO.
-
-- Create scriptable interfaces to support all of the operations available within the GPMC. You can't use scripts to edit individual policy settings in a GPO.
-
-For more information about the GPMC, see [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) on TechNet.
-
-## Searching for Group Policy settings
-To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](https://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
deleted file mode 100644
index 7e8c419582..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy and Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and Internet Explorer 11 (IE11)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-
-## In this section
-
-|Topic |Description |
-|----------------------------------------------------|-----------------------------------------------------------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Info about many of the new group policy settings added for Internet Explorer 11. |
-|[Group Policy management tools](group-policy-objects-and-ie11.md) |Guidance about how to use Microsoft Active Directory Domain Services (AD DS) to manage your Group Policy settings. |
-|[ActiveX installation using group policy](activex-installation-using-group-policy.md) |Info about using the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. |
-|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatibility-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. |
-|[Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md) |Info about Group Policy preferences, as compared to Group Policy settings. |
-|[Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md) |Info about Administrative Templates, including where to store them and the related Group Policy settings. |
-|[Enable and disable add\-ons using administrative templates and group policy](enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) |Guidance about how to use your local Group Policy editor or the CLSID and Administrative Templates to manage your Group Policy objects.
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
deleted file mode 100644
index c3a615888f..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-A Microsoft Management Console (MMC)-based tool that manages both computer and user-related configurations for an individual computer policy. This tool is included with Windows® 7 Service Pack 1 (SP1) and Windows 8.1.
-
-Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725970(v=ws.11)).
-
-|Computer configuration |User configuration |
-|-----------------------|-------------------|
-|Windows settings:
|Windows settings:
|
-|Administrative templates:
|Administrative templates:
|
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
deleted file mode 100644
index 12b360b126..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Group Policy suggestions for compatibility with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and compatibility with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 has many Group Policy entries that can be configured for keeping your environment managed and safe. This table includes all of our recommendations around security, performance, and compatibility with the previous versions of Internet Explorer, regardless of which Zone the website is in.
-
-|Activity |Location |Setting the policy object |
-|---------------------------------|----------------------------------------------|-------------------------------------------------------------------------|
-|Turn on Compatibility View for all intranet zones |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Turn on IE Standards Mode for local intranet** , and then click **Disabled**. |
-|Turn on Compatibility View for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Windows Internet Explorer 7 sites** , and then click **Enabled**.Users will be able to add or remove sites manually to their local Compatibility View list, but they won’t be able to remove the sites you specifically added. |
-|Turn on Quirks mode for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Quirks Mode sites**, and then click **Enabled**. |
-|Ensure your users are using the most up-to-date version of Microsoft’s compatibility list. |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Include updated Web site lists from Microsoft**, and then click **Enabled**. |
-|Restrict users from making security zone configuration changes. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel` |Double-click **Disable the Security Page**, and then click **Enabled**. |
-|Control which security zone settings are applied to specific websites. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel\Security Page` |Double-click **Site to Zone Assignment List**, click **Enabled**, and then enter your list of websites and their applicable security zones. |
-|Turn off Data Execution Prevention (DEP). |`Administrative Templates\ Windows Components\Internet Explorer\Security Features` |Double-click **Turn off Data Execution Prevention**, and then click **Enabled**. |
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
deleted file mode 100644
index 4e6daed0d1..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview of the available Group Policy management tools
-author: dansimp
-ms.prod: windows-client
-ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy management tools (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy management tools
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Group Policy, based on Microsoft Active Directory Domain Services (AD DS), lets you manage your organization's computer and user settings as part of your Group Policy objects (GPOs), which are added and changed in the Group Policy Management Console (GPMC). GPOs can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. The most effective way to target a specific GPO is to use Windows Management Instrumentation (WMI) filters. Like, creating a WMI filter that applies a GPO only to computers with a specific make and model.
-
-By using Group Policy, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple Internet Explorer 11 security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
-
-**Note**
-For more information about Group Policy, see the [Group Policy TechCenter](/windows/deployment/deploy-whats-new). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
-
-## Managing settings with GPOs
-After deploying IE11 to your organization, you can continue to manage the browser settings by using Active Directory Domain Services (AD DS) together with the following Group Policy-related setting management groups:
-
-- [Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md). Used to manage registry-based policies and options.
-
-- [Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md). Used to set up and manage options that can be changed by the user after installation.
-
-**Note**
-Whenever possible, we recommend that you manage IE11 using Administrative Templates, because these settings are always written to secure policy branches in the registry. In addition, we recommend that you deploy using standard user accounts instead of letting your users log on to their computers as administrators. This helps to prevent your users from making unwanted changes to their systems or overriding Group Policy settings.
-
-
-Users won't be able to use the IE11 user interface or the registry to change any managed settings on their computers. However, they will be able to change many of the preferences associated with the settings you set up using the Internet Explorer Administration Kit 11 (IEAK 11).
-
-## Which GPO tool should I use?
-You can use any of these tools to create, manage, view, and troubleshoot Group Policy objects (GPOs). For information about each, see:
-
-- [Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11](group-policy-and-group-policy-mgmt-console-ie11.md). Provides a single location to manage all GPOs, WMI filters, and Group Policy–related permissions across multiple forests in an organization.
-
-- [Group Policy, the Local Group Policy Editor, and Internet Explorer 11](group-policy-and-local-group-policy-editor-ie11.md). Provides a user interface that lets you edit settings within individual GPOs.
-
-- [Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11](group-policy-and-advanced-group-policy-mgmt-ie11.md). An add-on license for the Microsoft Desktop Optimization Pack (MDOP) that helps to extend Group Policy for Software Assurance customers.
-
-- [Group Policy, Windows Powershell, and Internet Explorer 11](group-policy-windows-powershell-ie11.md). A command-line shell and scripting language that helps automate Windows and application administration on a single computer locally, or across many computers remotely.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
deleted file mode 100644
index b30e90d746..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Info about Group Policy preferences versus Group Policy settings
-author: dansimp
-ms.prod: ie11
-ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group policy preferences and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group policy preferences and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Group Policy preferences are less strict than Group Policy settings, based on:
-
-| Type |Group Policy preferences |Group Policy settings |
-|-----|-------------------------|----------------------|
-|Enforcement |
|
|
-|Flexibility |Lets you create preference items for registry settings, files, and folders. |
|
-|Local Group Policy |Not available |Available
-|Awareness |Supports apps that aren't Group Policy-aware |Requires apps to be Group Policy-aware |
-|Storage |
|
|
-|Targeting and filtering |
|
|
-
-
-For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
deleted file mode 100644
index 8cec1052e4..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy problems with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134223(v=ws.11)).
-
-## Group Policy Object-related Log Files
-You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
deleted file mode 100644
index 8a23dbf697..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, Shortcut Extensions, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, Shortcut Extensions, and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Group Policy includes the Shortcuts preference extension, which lets you configure shortcuts to:
-
-- **File system objects.** Traditional shortcuts that link to apps, files, folders, drives, shares, or computers. For example, linking a shortcut to an app from the **Start** screen.
-
-- **URLs.** Shortcuts to webpages or FTP sites. For example, a link to your intranet site from your employee's **Favorites** folder.
-
-- **Shell objects.** Shortcuts to objects that appear in the shell namespace, such as printers, desktop items, Control Panel items, the Recycle Bin, and so on.
-
-## How do I configure shortcuts?
-You can create and configure shortcuts for any domain-based Group Policy Object (GPO) in the Group Policy Management Console (GPMC).
-
- **To create a new Shortcut preference item**
-
-1. Open GPMC, right-click the Group Policy object that needs the new shortcut extension, and click **Edit**.
-
-2. From **Computer Configuration** or **User Configuration**, go to **Preferences**, and then go to **Windows Settings**.
-
-3. Right-click **Shortcuts**, click **New**, and then choose **Shortcut**.
-
-4. Choose what the shortcut should do, including **Create**, **Delete**, **Replace**, or **Update**.
-
-5. Type the required shortcut settings and your comments into the **Description** box, and click **OK**.
-
-For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730592(v=ws.11)) and [Configure a Shortcut Item](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753580(v=ws.11)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
deleted file mode 100644
index c3f3970e4d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
-author: dansimp
-ms.prod: windows-client
-ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Group Policy, Windows Powershell, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy, Windows Powershell, and Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Your domain-joined Group Policy Objects (GPOs) can use any of Group Policy-related “cmdlets” that run within Windows PowerShell.
-
-Each cmdlet is a single-function command-line tool that can:
-
-- Create, edit, remove, back up, and import GPOs.
-
-- Create, update, and remove Group Policy links.
-
-- Set inheritance flags and permissions on organizational units (OU) and domains.
-
-- Configure registry-based policy settings and registry settings for Group Policy preferences.
-
-For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759177(v=ws.11)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
deleted file mode 100644
index c8b17e2ff9..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ /dev/null
@@ -1,144 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: A high-level overview of the delivery process and your options to control deployment of Internet Explorer through automatic updates.
-author: dansimp
-ms.author: dansimp
-ms.manager: dansimp
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Internet Explorer 11 delivery through automatic updates
-ms.sitesec: library
-ms.date: 05/22/2018
----
-
-# Internet Explorer 11 delivery through automatic updates
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates.
-
-- [Automatic updates delivery process](#automatic-updates-delivery-process)
-
-- [Internet Explorer 11 automatic upgrades](#internet-explorer-11-automatic-upgrades)
-
-- [Options for blocking automatic delivery](#options-for-blocking-automatic-delivery)
-
-- [Prevent automatic installation of Internet Explorer 11 with WSUS](#prevent-automatic-installation-of-internet-explorer-11-with-wsus)
-
-## Automatic updates delivery process
-
-Internet Explorer 11 only downloads and installs if it’s available for delivery through Automatic Updates; and Automatic Updates only offer Internet Explorer 11
-to users with local administrator accounts. User’s without local administrator accounts won’t be prompted to install the update and will continue using their
-current version of Internet Explorer.
-
-Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10. If you decide you don’t want Internet Explorer 11, and you’re running Windows 7 SP1 or Windows Server 2008 R2 with SP1, you can uninstall it from the **View installed updates** section of the **Uninstall an update** page of the Control Panel.
-
-> [!NOTE]
-> If a user installs Internet Explorer 11 and then removes it, it won’t be re-offered to that computer through Automatic Updates. Instead, the user will have to manually re-install the app.
-
-## Internet Explorer 11 automatic upgrades
-
-Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11.
-
-Users who were automatically upgraded to Internet Explorer 11 can decide to uninstall Internet Explorer 11. However, Internet Explorer 11 will still appear as an optional update through Windows Update.
-
-## Options for blocking automatic delivery
-
-If you use Automatic Updates in your company, but want to stop your users from automatically getting Internet Explorer 11, do one of the following:
-
-- **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
-
- > [!NOTE]
- > The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.yml).
-
-- **Use an update management solution to control update deployment.**
- If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Microsoft Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
-
- > [!NOTE]
- > If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
-
-Additional information on Internet Explorer 11, including a Readiness Toolkit, technical overview, in-depth feature summary, and Internet Explorer 11 download is available on the [Internet Explorer 11 page of the Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge/dn262703.aspx).
-
-## Availability of Internet Explorer 11
-
-Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Configuration Manager and WSUS.
-
-## Prevent automatic installation of Internet Explorer 11 with WSUS
-
-Internet Explorer 11 will be released to WSUS as an Update Rollup package. Therefore, if you’ve configured WSUS to “auto-approve” Update Rollup packages, it’ll be automatically approved and installed. To stop Internet Explorer 11 from being automatically approved for installation, you need to:
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft
- Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves an update that is classified as
- Update Rollup, and then click **Edit.**
-
- > [!NOTE]
- > If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
- > [!NOTE]
- > The properties for this rule will resemble the following:
-
-6. Clear the **Update Rollup** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary to deploy IE11.
-
-## In this guide
-|Topic |Description |
-|------|------------|
-|[Change history for Internet Explorer 11](change-history-for-internet-explorer-11.md) |Lists new and updated topics in the Internet Explorer 11 documentation for Windows 10. |
-|[System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md) |IE11 is available for a number of systems and languages. This topic provides info about the minimum system requirements and language support. |
-|[List of updated features and tools - Internet Explorer 11 (IE11)](updated-features-and-tools-with-ie11.md) |IE11 includes several new features and tools. This topic includes high-level info about the each of them. |
-|[Install and Deploy Internet Explorer 11 (IE11)](install-and-deploy-ie11.md) |Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps. |
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Use IE to collect data on computers running Windows Internet Explorer 8 through IE11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. |
-|[Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) |Use the topics in this section to learn how to set up and use Enterprise Mode, the Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal in your company. |
-|[Group Policy and Internet Explorer 11 (IE11)](group-policy-and-ie11.md) |Use the topics in this section to learn about Group Policy and how to use it to manage IE. |
-|[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
-|[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |
-|[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called out-of-date ActiveX control blocking. |
-|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953). |
-|[What is the Internet Explorer 11 Blocker Toolkit?](what-is-the-internet-explorer-11-blocker-toolkit.md) |The IE11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update. |
-|[Missing Internet Explorer Maintenance (IEM) settings for Internet Explorer 11](missing-internet-explorer-maintenance-settings-for-ie11.md) |The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).
Ignore any warnings that say, "Skipping invalid CAB file". This shows up because the **Import OS Packages** wizard skips the IE11\_Support.cab file, which isn't an actual update file.
-
-4. After the import finishes, click **Finish**.
-
-### Offline servicing with MDT
-
-You can add the IE11 update while you're performing offline servicing, or slipstreaming, of your Windows images. This method lets you deploy IE11 without needing any additional installation after you've deployed Windows.
-
-These articles have step-by-step details about adding packages to your Windows images:
-
-- For Windows 8.1, see [Add or Remove Packages Offline Using DISM](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824838(v=win.10)).
-
-- For Windows 7 SP1, see [Add or Remove Packages Offline](/previous-versions/windows/it-pro/windows-7/dd744559(v=ws.10)).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
deleted file mode 100644
index b8083e1f8d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
-author: dansimp
-ms.prod: windows-client
-ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)). Complete these steps for each operating system and platform combination.
-
- **To install IE11**
-
-1. Download and approve the [System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md).
-
-2. Create a software distribution package that includes the IE11 installation package.
-
-3. Create a program that includes the command-line needed to run the IE11 installation package. To run the package silently, without restarting and without checking the Internet for updates, use:`ie11_package.exe /quiet /norestart /update-no`.
-
-4. Move the installation package to your distribution points, and then advertise the package.
-
-You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](https://go.microsoft.com/fwlink/p/?LinkId=214266).
-
-
-
-
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
deleted file mode 100644
index d0d9d17be1..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using your network
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using your network (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using your network
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can install Internet Explorer 11 (IE11) over your network by putting your custom IE11 installation package in a shared network folder and letting your employees run the Setup program on their own computers. You can create the network folder structure manually, or you can run Internet Explorer Administration Kit 11 (IEAK 11).
-
-**Note**
If you support multiple architectures and operating systems, create a subfolder for each combination. If you support multiple languages, create a subfolder for each localized installation file.
-
- **To manually create the folder structure**
-
-- Copy your custom IE11 installation file into a folder on your network, making sure it's available to your employees.
-
- **To create the folder structure using IEAK 11**
-
-- Run the Internet Explorer Customization Wizard 11 in IEAK 11, using the **Full Installation Package** option.
Use the localized versions of the IE Customization Wizard 11 to create localized IE11 installation packages.
-
-## Related topics
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
deleted file mode 100644
index d593de27c6..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using third-party tools (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using third-party tools
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can install Internet Explorer 11 (IE11) using third-party electronic software distribution (ESD) systems and these command-line options:
-
-## Setup Modes
-
-|Command-line options |Description |
-|---------------------|------------------------------------------------------|
-|`/passive` |Installs without customer involvement. |
-|`/quiet` |Installs without customer involvement and without showing the UI. |
-
-## Setup Options
-
-|Command-line options |Description |
-|---------------------|------------------------------------------------------|
-|`/update-no` |Installs without checking for updates.
If you don't use this option, you'll need an Internet connection to finish your installation. |
-|`/no-default` |Installs without making IE11 the default web browser. |
-|`/closeprograms` |Automatically closes running programs. |
-
-
-## Restart Options
-
-|Command-line options |Description |
-|---------------------|------------------------------------------------------|
-|`/norestart` |Installs without restarting the computer. |
-|`/forcerestart` |Installs and restarts after installation. |
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
deleted file mode 100644
index 07b0485309..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)).
-
- **To import from Windows Update to WSUS**
-
-1. Open your WSUS admin site. For example, `https://
|On the **Browser User Interface** page of IEAK 11, click **Add**, type your new toolbar caption, action, and icon, and if the button should appear by default, and then click **OK**. You can also edit, remove, or delete an existing toolbar button from this page. |
-|Custom logo and animated bitmaps |Lets you replace the static and animated logos in the upper-right corner of the IE window with customized logos. |This setting isn't available anymore. |
-
-
-### Connection replacements
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Connection settings|Lets you import your connection settings from a previously set up computer. These settings define how your employees interact with the connection settings on the **System Polices and Restrictions** page. You can also remove old dial-up connections settings from your employee's computers.|In the **Internet Settings Group Policy Preferences** dialog box, click the **Connections** tab, and set up your proxy settings.
Advanced IEM Settings were shown under **Programs** and only available when running in **Preference** mode.
-
-|IEM setting |Description |Replacement tool |
-|------------|------------|-----------------|
-|Corporate settings |Specifies the location of the file with the settings you use to make IE work best in your organization. |On the Additional Settings page of IEAK 11, expand Corporate Settings, and then customize how your organization handles temporary Internet files, code downloads, menu items, and toolbar buttons. |
-|Internet settings |Specifies the location of the file that includes your default IE settings. |In the Internet Settings Group Policy Preferences dialog box, click the Advanced tab, and then update your Internet-related settings, as required
This functionality is only available in Internet Explorer for the desktop.
-
- **To change your Compatibility View settings**
-
-1. Open Internet Explorer for the desktop, click **Tools**, and then click **Compatibility View settings**.
-
-2. In the **Compatibility View Settings** box, add the problematic website URL, and then click **Add**.
We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting. |
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.
| IE11 in Windows 10 | This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.
By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
-| Allow VBScript to run in Internet Explorer |
| Internet Explorer 11 | This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.
If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
(Internet, Restricted Zones) |
| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
(Intranet, Trusted, Local Machine Zones) |
| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you disable or don’t configure this setting, the notification will be shown. |
-| Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-| Limit Site Discovery output by Zone | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
**Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:
**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:
You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-| Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data | Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History | At least Windows Internet Explorer 9 | **In Internet Explorer 9 and Internet Explorer 10:**
This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.
This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.
If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. |
-| Show message when opening sites in Microsoft Edge using Enterprise Mode | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1607 | This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (
Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. |
-| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
-| Turn on Site Discovery WMI output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.
Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-| Turn on Site Discovery XML output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.
Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-| Use the Enterprise Mode IE website list | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1511 | This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.
Microsoft Edge doesn't support ActiveX controls. |
-|Windows 8.1 and Windows 8.1 Update |All supported versions of IE |
-|Windows 7 SP1 |All supported versions of IE |
-|Windows Server 2012 |All supported versions of IE |
-|Windows Server 2008 R2 SP1 |All supported versions of IE |
-|Windows Server 2008 SP2 |Windows Internet Explorer 9 only |
-|Windows Vista SP2 |Windows Internet Explorer 9 only |
-
-For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](blocked-out-of-date-activex-controls.md).
-
-
-## What does the out-of-date ActiveX control blocking notification look like?
-When IE blocks an outdated ActiveX control, you’ll see a notification bar similar to this, depending on your version of IE:
-
-**Internet Explorer 9 through Internet Explorer 11**
-
-
-
-**Windows Internet Explorer 8**
-
-
-
-Out-of-date ActiveX control blocking also gives you a security warning that tells you if a webpage tries to launch specific outdated apps, outside of IE:
-
-
-
-
-## How do I fix an outdated ActiveX control or app?
-From the notification about the outdated ActiveX control, you can go to the control’s website to download its latest version.
-
- **To get the updated ActiveX control**
-
-1. From the notification bar, tap or click **Update**.
If you don’t fully trust a site, you shouldn’t allow it to load an outdated ActiveX control. However, although we don’t recommend it, you can view the missing webpage content by tapping or clicking **Run this time**. This option runs the ActiveX control without updating or fixing the problem. The next time you visit a webpage running the same outdated ActiveX control, you’ll get the notification again.
-
- **To get the updated app**
-
-1. From the security warning, tap or click **Update** link.
If you don’t fully trust a site, you shouldn’t allow it to launch an outdated app. However, although we don’t recommend it, you can let the webpage launch the app by tapping or clicking **Allow**. This option opens the app without updating or fixing the problem. The next time you visit a webpage running the same outdated app, you’ll get the notification again.
-
-## How does IE decide which ActiveX controls to block?
-IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
-
-You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here:
-- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?LinkId=798230)
-- [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
-
-**Security Note:**
Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
-
-```
-reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVersionList /t REG_DWORD /d 0 /f
-```
-Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.
-
-## Out-of-date ActiveX control blocking
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
- on managed devices
-Out-of-date ActiveX control blocking includes four new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
-
-### Group Policy settings
-Here’s a list of the new Group Policy info, including the settings, location, requirements, and Help text strings. All of these settings can be set in either the Computer Configuration or User Configuration scope, but Computer Configuration takes precedence over User Configuration.
-
-**Important**
-Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone and the Trusted Sites Zone; therefore, intranet websites and line-of-business apps will continue to use out-of-date ActiveX controls without disruption.
-
-|Setting |Category path |Supported on |Help text |
-|--------|--------------|-------------|----------|
-|Turn on ActiveX control logging in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE saves log information for ActiveX controls.
|
-|Remove **Run this time** button for outdated ActiveX controls in IE |`reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v RunThisTimeEnabled /t REG_DWORD /d 0 /f`
|
-|Turn off blocking of outdated ActiveX controls for IE on specific domains |reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\Domain" /v contoso.com /t REG_SZ /f
|
-|Turn off blocking of outdated ActiveX controls for IE |`reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v VersionCheckEnabled /t REG_DWORD /d 0 /f`
|
-|Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |`reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v UpdateEnabled /t REG_DWORD /d 0 /f`
-
-## Inventory your ActiveX controls
-You can inventory the ActiveX controls being used in your company, by turning on the **Turn on ActiveX control logging in IE** setting:
-
-- **Windows 10:** Through a comma-separated values (.csv) file or through a local Windows Management Instrumentation (WMI) class.
-
-- **All other versions of Microsoft Windows:** Through a .csv file only.
-
-
-### Inventory your ActiveX controls by using a .CSV file
-If you decide to inventory the ActiveX controls being used in your company by turning on the **Turn on ActiveX control logging in IE** setting, IE logs the ActiveX control information to the `%LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode\VersionAuditLog.csv` file.
-
-Here’s a detailed example and description of what’s included in the VersionAuditLog.csv file.
-
-|Source URI |File path |Product version |File version |Allowed/Blocked |Reason |EPM-compatible |
-|-----------|----------|----------------|-------------|----------------|-------|---------------|
-|`https://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible |
-|`https://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible |
-
-**Where:**
-- **Source URI.** The URL of the page that loaded the ActiveX control.
-
-- **File path.** The location of the binary that implements the ActiveX control.
-
-- **Product version.** The product version of the binary that implements the ActiveX control.
-
-- **File version.** The file version of the binary that implements the ActiveX control.
-
-- **Allowed/Blocked** Whether IE blocked the ActiveX control.
-
-- **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](/troubleshoot/browsers/enhanced-protected-mode-add-on-compatibility).
Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
-
-- **Reason.** The ActiveX control can be blocked or allowed for any of these reasons:
-
-|Reason |Corresponds to |Description |
-|-------------------------|---------------|-------------------------------------------------|
-|Version not in blocklist |Allowed |The version of the loaded ActiveX control is explicitly allowed by the IE version list. |
-|Trusted domain |Allowed |The ActiveX control was loaded on a domain listed in the **Turn off blocking of outdated ActiveX controls for IE on specific domains** setting. |
-|File doesn’t exist |Allowed |The loaded ActiveX control is missing required binaries to run correctly. |
-|Out-of-date |Blocked |The loaded ActiveX control is explicitly blocked by the IE version list because it is out-of-date. |
-|Not in blocklist |Allowed |The loaded ActiveX control isn’t in the IE version list. |
-|Managed by policy |Allowed |The loaded ActiveX control is managed by a Group Policy setting that isn’t listed here, and will be managed in accordance with that Group Policy setting. |
-|Trusted Site Zone or intranet |Allowed |The ActiveX control was loaded in the Trusted Sites Zone or the Local Intranet Zone. |
-|Hardblocked |Blocked |The loaded ActiveX control is blocked in IE because it contains known security vulnerabilities. |
-|Unknown |Allowed or blocked |None of the above apply. |
-
-### Inventory your ActiveX controls by using a local WMI class
-For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
-
-#### Before you begin
-Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](https://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
-
-- **ConfigureWMILogging.ps1**. A Windows PowerShell script.
-
-- **ActiveXWMILogging.mof**. A managed object file.
-
-Before running the PowerShell script, you must copy both the .ps1 and .mof file to the same directory location, on the client computer.
-
- **To configure IE to use WMI logging**
-
-1. Open your Group Policy editor and turn on the `Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX control logging in IE` setting.
-
-2. On the client device, start PowerShell in elevated mode (using admin privileges) and run `ConfigureWMILogging.ps1` by by-passing the PowerShell execution policy, using this command:
- ```
- powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
- ```
- For more info, see [about_Execution_Policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies).
-
-3. **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
-
-The inventory info appears in the WMI class, `IEAXControlBlockingAuditInfo`, located in the WMI namespace, *root\\cimv2\\IETelemetry*. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
deleted file mode 100644
index 41a67c1f65..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
-author: dansimp
-ms.prod: windows-client
-ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Problems after installing Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/16/2017
----
-
-
-# Problems after installing Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After you install Internet Explorer 11 in your organization, you might run into the following issues. By following these suggestions, you should be able to fix them.
-
-## Internet Explorer is in an unusable state
-If IE11 gets into an unusable state on an employee's computer, you can use the **Reset Internet Explorer Settings (RIES)** feature to restore the default settings for many of the browser features, including:
-
-- Search scopes
-
-- Appearance settings
-
-- Toolbars
-
-- ActiveX® controls (resets to the opt-in state, unless they're pre-approved)
-
-- Branding settings created with IEAK 11
-
-RIES does not:
-
-- Clear the Favorites list, RSS feeds, or Web slices.
-
-- Reset connection or proxy settings.
-
-- Affect the applied Administrative Template Group Policy settings.
-
-RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://support.microsoft.com/windows/change-or-reset-internet-explorer-settings-2d4bac50-5762-91c5-a057-a922533f77d5).
-
-## IE is crashing or seems slow
-If you notice that CPU usage is running higher than normal, or that IE is frequently crashing or slowing down, you should check your browser add-ons and video card. By default, IE11 uses graphics processing unit (GPU) rendering mode. However, some outdated video cards and video drivers don't support GPU hardware acceleration. If IE11 determines that your current video card or video driver doesn't support GPU hardware acceleration, it'll use Software Rendering mode.
-
- **To check your browser add-ons**
-
-1. Start IE11 in **No Add-ons mode** by running the **Run** command from the **Start** menu, and then typing `iexplore.exe -extoff` into the box.
-
-2. Check if IE still crashes.
If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
-
-### Setting up, collecting, and viewing reports
-For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report.
-
- **To set up the sample**
-
-1. Set up a server to collect your Enterprise Mode information from your users.
-
-2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
-
-3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
-
-4. On the **Build** menu, tap or click **Build Solution**.
- Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
-
- 
-
- After you finish the publishing process, you need to test to make sure the app deployed successfully.
-
- **To test, deploy, and use the app**
-
-7. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
-
- ``` "Enable"="https://
-IE11 isn't supported on Windows 8 or Windows Server 2012.
-
-Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
-
-
-| Item | Minimum requirements |
-|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Computer/processor | 1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64) |
-| Operating system |
|
-| Memory |
|
-| Hard drive space | |
-| Drive | CD-ROM drive (if installing from a CD-ROM) |
-| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
-| Peripherals | Internet connection and a compatible pointing device |
-
-## Support for .NET Framework
-You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
-
-## Support for multiple languages
-IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](https://go.microsoft.com/fwlink/p/?LinkId=281818).
-
-Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
deleted file mode 100644
index ec77071c73..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Tips and tricks to manage Internet Explorer compatibility
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# Tips and tricks to manage Internet Explorer compatibility
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
-
-Jump to:
-- [Tips for IT professionals](#tips-for-it-professionals)
-- [Tips for web developers](#tips-for-web-developers)
-
-[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md) can be very effective in providing backward compatibility for older web apps. The Enterprise Mode Site List includes the ability to put any web app in any document mode, include IE8 and IE7 Enterprise Modes, without changing a single line of code on the website.
-
-
-
-Sites in the \
-Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
-
- **To turn off the site list using Group Policy**
-
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-
-2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode.
-
-4. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
-
- 
-
- - **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
-
- - **Local network:** `"SiteList"="\\network\shares\sites.xml"`
-
- - **Local file:** `"SiteList"="file:///c:\\Users\\
|
-|Approver
(includes the App Manager and Group Head roles) |
|
-|Administrator |
|
-
-## Enterprise Mode Site List Portal workflow by employee role
-The following workflow describes how to use the Enterprise Mode Site List Portal.
-
-1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md)
-
-2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md)
-
-3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md)
-
-4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md)
-
-5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md)
-
-
-## Related topics
-- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
-
-- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md)
-
-- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
-
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
deleted file mode 100644
index cbfcfecf93..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 12/04/2017
----
-
-
-# Use the Enterprise Mode Site List Manager
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-
-You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
-
-## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
-
-|Schema version |Operating system |Enterprise Site List Manager version |
-|-----------------|---------------|------------------------------------|
-|Enterprise Mode schema, version 2 (v.2) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), the XML is saved into the v.2 version of the schema.
For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).|
-|Enterprise Mode schema, version 1 (v.1) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema.
For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
-
-## Using the Enterprise Mode Site List Manager
-The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager.
-
-|Topic |Description |
-|------|------------|
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.2). |
-|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.1). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the Enterprise Mode Site List Manager (schema v.2). |
-|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
-|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.
-Because we’ve added the IE7 Enterprise Mode option, we’ve had to rename the original functionality of Enterprise Mode to be IE8 Enterprise Mode. We’ve also replaced Edge Mode with IE11 Document Mode, so you can explicitly use IE11 on Windows 10.
-
-## Turning on and using IE7 Enterprise Mode or IE8 Enterprise Mode
-For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to your webpages and apps, see:
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-
-- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-
-For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
deleted file mode 100644
index 2090ed72ef..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use IEAK 11 while planning, customizing, and building the custom installation package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Internet Explorer Administration Kit 11 (IEAK 11) helps you set up, deploy, and maintain Internet Explorer 11.
-
-**Note**
IEAK 11 works in network environments, with or without Microsoft Active Directory.
-
-
-
-## Plan, Customize, and Build with the IEAK 11
-Consider these activities while planning, customizing, and building the custom installation package.
-
-### Plan
-Before you begin, you should:
-
-- **Check the operating system requirements.** Check that the requirements for the computer you're building your installation package from, and the computers you're installing IE11 to, all meet the system requirements for IEAK 11 and IE11. For Internet Explorer requirements, see [System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md). For IEAK 11 requirements, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
-
-- **Decide on your distribution method.** Decide how to distribute your custom installation package: Windows Update, Microsoft Configuration Manager, or your network.
-
-- **Gather URLs and branding and custom graphics.** Collect the URLs for your company's own **Home**, **Search**, and **Support** pages, plus any custom branding and graphic files for the browser toolbar button and the **Favorites** list icons.
-
-- **Identify trusted network servers.** Decide which servers your employees should use to install the custom IE package. These servers need to be listed as trusted sites.
-
-- **Set up automatic detection and configuration settings.** Decide whether to automatically customize IE11 the first time it's started.
-
-- **Identify custom components for uninstallation.** Decide whether to include any custom uninstallation programs. Uninstallation programs let your employees remove your custom components through **Uninstall or change a program** in the Control Panel.
-
-- **Identify ActiveX controls.** Decide if you'll use ActiveX controls in your company. If you already use ActiveX, you should get an inventory of your active controls.
-
-### Customize and build
-After installing IE11 and the IEAK 11, you should:
-
-- **Prepare your build computer.** Create your build environment on the computer you're using to build the custom package.
-
-- **Create your branding and custom graphics.** If you don't have any, create custom branding and graphic files for the browser toolbar button and icons in your **Favorites** list.
-
-- **Specify your servers as trusted sites.** Identify your installation servers as trusted sites, in the **Trusted sites zone** of the **Internet Options** box.
-
-- **Turn on automatic detection and configuration settings (Optional).** Set up your network so that IE is automatically customized the first time it's started.
-
-- **Set up custom components for uninstallation.** Create the custom .inf file you'll use to register your custom uninstallation programs.
-
-- **Set up ActiveX controls.** Add any new ActiveX controls to the Axaa.adm file, using a text editor.
-
-- **Create a custom browser package.** Create your custom installation package, using IE Customization Wizard 11. For more information about using the wizard, see [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](../ie11-ieak/ieak11-wizard-custom-options.md).
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
deleted file mode 100644
index 0f65a6f4ac..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use Setup Information (.inf) files to create installation packages.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Using Setup Information (.inf) files to create packages (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Setup Information (.inf) files to create install packages
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](/windows-hardware/drivers/install/).
-
- **To add uninstallation instructions to the .inf files**
-
-- Open the Registry Editor (regedit.exe) and add these registry keys:
- ```
- HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"
- HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString",,"command-line"
- ```
- Where **"description"** is the name that shows up in the **Uninstall or change a program** box and **"command-line"** is the command that runs after the component is picked.
-
- Make sure your script removes the uninstallation registry key, too. Otherwise, the component name will continue to show up in the Uninstall or change a program.
-
-## Limitations
-.Inf files have limitations:
-
-- You can't delete directories.
-
-- You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](/windows-hardware/drivers/install/inf-renfiles-directive).
-
-- You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](/windows-hardware/drivers/install/inf-copyfiles-directive).
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
deleted file mode 100644
index a31c831abd..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify your changes using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-> [!Important]
-> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
-
-The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
-
-- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
-
-- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
-
-- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry.
-
-## Verify and send the change request to Approvers
-The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful.
-
-**To verify changes and send to the Approver(s)**
-1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**.
-
- The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval.
-
-
-**To rollback your pre-production changes**
-1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
-
-2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**.
-
- The change request and issue info are sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment.
-
- After the Requester rolls back the changes, the request can be updated and re-submitted.
-
-
-## View rolled back change requests
-The original Requester and the Administrator(s) group can view the rolled back change requests.
-
-**To view the rolled back change request**
-
-- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane.
-
- All rolled back change requests appear, with role assignment determining which ones are visible.
-
-## Next steps
-If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
deleted file mode 100644
index 1ccd3e4d0c..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-## Verify and sign off on the update in the production environment
-The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful.
-
-**To verify the changes and sign off**
-- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**.
-
- The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off.
-
-
-**To rollback production changes**
-1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results.
-
-2. Add a description about the issue into the **Change description** box, and then click **Send failure details**.
-
- The info is sent to the Administrators.
-
-3. The Requester clicks **Roll back** to roll back the changes in the production environment.
-
- After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists.
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
deleted file mode 100644
index 9aa736bacb..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List.
-
-**To view the active Enterprise Mode Site List**
-1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page.
-
- The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
-
-2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser.
-
-
-**To export the active Enterprise Mode Site List**
-1. On the **Production sites list** page, click **Export**.
-
-2. Save the ProductionSiteList.xlsx file.
-
- The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
deleted file mode 100644
index f2db72080d..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-# View the available Enterprise Mode reports from the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Administrators can view the Microsoft-provided Enterprise Mode reports from the Enterprise Mode Site List Portal.
-
-**To view the reports**
-1. Open the Enterprise Mode Site List Portal and click the **Enterprise Mode reports** icon in the upper-right area of the page.
-
- The **Enterprise Mode reports** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
-
-2. Use the calendars to provide the **From date** and **To date**, determining the span of time the report covers.
-
-3. Click **Apply**.
-
- The reports all change to reflect the appropriate timeframe and group, including:
-
- - **Total number of websites in the site list.** A box at the top of the reports page that tells you the total number of websites included in the Enterprise Mode Sit List.
-
- - **All websites by docmode.** Shows how many change requests exist, based on the different doc modes included in the **App best viewed in** field.
-
- - **All websites by browser.** Shows how many apps require which browser, including **IE11**, **MSEdge**, or **None**.
-
- - **All requests by status.** Shows how many change requests exist, based on each status.
-
- - **All requests by change type.** Shows how many change requests exist, based on the **Requested change** field.
-
- - **Request status by group.** Shows how many change requests exist, based on both group and status.
-
- - **Reasons for request.** Shows how many change request reasons exist, based on the **Reason for request** field.
-
- - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
deleted file mode 100644
index 613d58863c..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: virtualization
-description: Virtualization and compatibility with Internet Explorer 11
-author: dansimp
-ms.prod: ie11
-ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Virtualization and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Virtualization and compatibility with Internet Explorer 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-If your company is considering upgrading to the latest version of Internet Explorer, but is hesitant because of a large number of web apps that need to be tested and moved, we recommend that you consider virtualization. Virtualization lets you set up a virtual environment where you can run earlier versions of IE.
-
-**Important**
-We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](/previous-versions//dn384049(v=vs.85)) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
-
-The Microsoft-supported options for virtualizing web apps are:
-
-- **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](/microsoft-desktop-optimization-pack/medv-v2/).
-
-- **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](/previous-versions/windows/it-pro/windows-8.1-and-8/hh857623(v=ws.11)).
-
-6. Clear the **Update Rollup** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-
-After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Synchronizations**.
-
-3. Click **Synchronize Now**.
-
-4. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
-
-5. Choose **Unapproved** in the **Approval**drop down box.
-
-6. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
-
-> [!NOTE]
-> There may be multiple updates, depending on the imported language and operating system updates.
-
-### Optional - Reset update rollups packages to auto-approve
-
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-
-2. Expand *ComputerName*, and then click **Options**.
-
-3. Click **Automatic Approvals**.
-
-4. Click the rule that automatically approves updates of different classifications, and then click **Edit**.
-
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
-
-6. Check the **Update Rollups** check box, and then click **OK**.
-
-7. Click **OK** to close the **Automatic Approvals** dialog box.
-
-> [!NOTE]
-> Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server won’t cause this update to be auto-approved.
-
-
-
-## Additional resources
-
-- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-
-- [Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions](../ie11-faq/faq-ie11-blocker-toolkit.yml)
-
-- [Internet Explorer 11 FAQ for IT pros](../ie11-faq/faq-for-it-pros-ie11.yml)
-
-- [Internet Explorer 11 delivery through automatic updates](ie11-delivery-through-automatic-updates.md)
-
-- [Internet Explorer 11 deployment guide](./index.md)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
deleted file mode 100644
index dd8e3bcce6..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal.
-author: dansimp
-ms.prod: ie11
-title: Workflow-based processes for employees using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
----
-
-
-# Workflow-based processes for employees using the Enterprise Mode Site List Portal
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Use the topics in this section to learn how to perform the available Enterprise Mode Site List Portal processes, based on workflow.
-
-## In this section
-|Topic |Description |
-|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
-|[Create a change request using the Enterprise Mode Site List Portal](create-change-request-enterprise-mode-portal.md)|Details about how the Requester creates a change request in the Enterprise Mode Site List Portal.|
-|[Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md)|Details about how the Requester tests a change request in the pre-production environment of the Enterprise Mode Site List Portal.|
-|[Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md)|Details about how the Approver(s) approve a change request in the Enterprise Mode Site List Portal.|
-|[Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md)|Details about how the Requester schedules the approved change request update in the Enterprise Mode Site List Portal.|
-|[Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md)|Details about how the Requester tests an update in the production environment of the Enterprise Mode Site List Portal.|
-|[View the apps currently on the Enterprise Mode Site List](view-apps-enterprise-mode-site-list.md)|Details about how anyone with access to the portal can review the apps already on the active Enterprise Mode Site List.|
-|[View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](view-enterprise-mode-reports-for-portal.md) |Details about how the Administrator can view the view the Microsoft-provided Enterprise Mode reports from the Enterprise Mode Site List Portal. |
-
-
-## Related topics
-- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
-
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
deleted file mode 100644
index 96fce41e4b..0000000000
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
+++ /dev/null
@@ -1,250 +0,0 @@
-### YamlMime:FAQ
-metadata:
- ms.localizationpriority: medium
- ms.mktglfcycl: explore
- description: Frequently asked questions about Internet Explorer 11 for IT Pros
- author: dansimp
- ms.prod: ie11
- ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
- ms.reviewer:
- audience: itpro
- manager: dansimp
- ms.author: dansimp
- title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
- ms.sitesec: library
- ms.date: 10/16/2017
- ms.topic: faq
-title: Internet Explorer 11 - FAQ for IT Pros
-summary: |
- [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
- Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What operating system does IE11 run on?
- answer: |
- - Windows 10
-
- - Windows 8.1
-
- - Windows Server 2012 R2
-
- - Windows 7 with Service Pack 1 (SP1)
-
- - Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-
- - question: |
- How do I install IE11 on Windows 10, Windows 8.1, or Windows Server 2012 R2?
- answer: |
- IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
-
- - question: |
- How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?
- answer: |
- You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
-
- - question: |
- How does IE11 integrate with Windows 8.1?
- answer: |
- IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
-
- - question: |
- What are the new or improved security features?
- answer: |
- IE11 offers improvements to Enhanced Protected Mode, password manager, and other security features. IE11 also turns on Transport Layer Security (TLS) 1.2 by default.
-
- - question: |
- How is Microsoft supporting modern web standards, such as WebGL?
- answer: |
- Microsoft is committed to providing an interoperable web by supporting modern web standards. Doing this lets developers use the same markup across web browsers, helping to reduce development and support costs.
- The preinstalled version of Adobe Flash isn't supported on IE11 running on either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. However, you can still download and install the separate Adobe Flash plug-in.
-
- - question: |
- Can I replace IE11 on Windows 8.1 with an earlier version?
- answer: |
- No. Windows 8.1 doesn't support any of the previous versions of IE.
-
- - question: |
- Are there any new Group Policy settings in IE11?
- answer: |
- IE11 includes all of the previous Group Policy settings you've used to manage and control web browser configuration since Internet Explorer 9. It also includes the following new Group Policy settings, supporting new features:
-
- - Turn off Page Prediction
-
- - Turn on the swiping motion for Internet Explorer for the desktop
-
- - Allow Microsoft services to provide more relevant and personalized search results
-
- - Turn off phone number detection
-
- - Allow IE to use the SPDY/3 network protocol
-
- - Let users turn on and use Enterprise Mode from the **Tools** menu
-
- - Use the Enterprise Mode IE website list
-
- For more information, see [New group policy settings for IE11](../ie11-deploy-guide/new-group-policy-settings-for-ie11.md).
-
-
- - question: |
- Where can I get more information about IE11 for IT pros?
- answer: |
- Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
-
-
-
- - question: |
- Can I customize settings for IE on Windows 8.1?
- answer: |
- Settings can be customized in the following ways:
-
- - IE11 **Settings** charm.
-
- - IE11-related Group Policy settings.
-
- - IEAK 11 for settings shared by both IE and Internet Explorer for the desktop.
-
- - question: |
- Can I make Internet Explorer for the desktop my default browsing experience?
- answer: |
- Group Policy settings can be set to open either IE or Internet Explorer for the desktop as the default browser experience. Individual users can configure their own settings in the **Programs** tab of **Internet Options**. The following table shows the settings and results:
-The customizations you make on this page apply only to Internet Explorer for the desktop.
-
- **To use the Accelerators page**
-
-1. Click **Import** to automatically import your existing accelerators from your current version of IE into this list.
-
-2. Click **Add** to add more accelerators.
-ActiveX controls are supported in Internet Explorer for the desktop for Windows 7 and Windows 8.1. They are not supported on the immersive version of Internet Explorer for Windows 8.1.
-
-## Scenario 1: Limited Internet-only use of ActiveX controls
-While you might not care about your employees using ActiveX controls while on your intranet sites, you probably do want to limit ActiveX usage while your employee is on the Internet. By specifying and pre-approving a set of generic controls for use on the Internet, you’re able to let your employees use the Internet, but you can still limit your company’s exposure to potentially hazardous, non-approved ActiveX controls.
-
-For example, your employees need to access an important Internet site, such as for a business partner or service provider, but there are ActiveX controls on their page. To make sure the site is accessible and functions the way it should, you can visit the site to review the controls, adding them as new entries to your `
-This page only appears if you’re using the **Internal** version of the wizard.
-
-You can set your proxy settings using Internet setting (.ins) files. You can also configure and maintain your advanced proxy settings using JScript (.js), JavaScript (.jvs), or proxy auto-configuration (.pac) script files. When you provide an auto-proxy script, IE dynamically determines whether to connect directly to a host or to use a proxy server.
-
-You can use the Domain Name System (DNS) and the Dynamic Host Configuration Protocol (DHCP) naming systems to detect and change a browser’s settings automatically when the employee first starts IE on the network. For more info, see [Set up auto detection for DHCP or DNS servers using IEAK 11](auto-detection-dhcp-or-dns-servers-ieak11.md), or refer to the product documentation for your DNS and DHCP software packages.
-
-**To check the existing settings on your employee’s devices**
-
-1. Open IE, click **Tools**, click **Internet Options**, and then click the **Connections** tab.
-
-2. Click **LAN Settings** and make sure that the **Use automatic configuration script** box is selected, confirming the path and name of the file in the **Address** box.
-
-**To use the Automatic Configuration page**
-
-1. Check the **Automatically detect configuration settings** box to automatically detect browser settings.
-
-2. Check the **Enable Automatic Configuration** box if you plan to automatically change your IE settings after deployment, using configuration files. You can then:
-
- - Type the length of time (in minutes) for how often settings are to be applied in your company. Putting zero (**0**), or nothing, in this box will cause automatic configuration to only happen when the computer’s restarted.
-
- - Type the location to your .ins file. You can edit this file directly to make any necessary changes.
-
- The updates will take effect the next time your employee starts IE, or during your next scheduled update.
-
- - Type the location to your automatic proxy script file.
-
- **Note**
- If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `https://share/test.ins`.
-
-3. Click **Next** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page or **Back** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
deleted file mode 100644
index fadc8246a0..0000000000
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Set up auto detection for DHCP or DNS servers using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Set up auto detection for DHCP or DNS servers using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Set up your network to automatically detect and customize Internet Explorer 11 when it’s first started. Automatic detection is supported on both Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), letting your servers detect and set up your employee’s browser settings from a central location, using a configuration URL (.ins file) or a JavaScript proxy configuration file (.js, .jvs, or .pac).
-
-Before you can set up your environment to use automatic detection, you need to turn the feature on.
-
-**To turn on the automatic detection feature**
-
-- Open Internet Explorer Administration Kit 11 (IEAK 11), run the IE Customization Wizard 11 and on the **Automatic Configuration** page, check **Automatically detect configuration settings**. For more information, see [Use the Automatic Configuration page in the IEAK 11 Wizard](auto-config-ieak11-wizard.md).
-
-## Automatic detection on DHCP and DNS servers
-Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
- Your DHCP servers must support the DHCPINFORM message, to obtain the DHCP options.
-
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses. To use this, you have to set up either the host record or the CNAME alias record in the DNS database file.
-
- DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
-
-**To set up automatic detection for DHCP servers**
-
-- Open the [DHCP Administrative Tool](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd145324(v=ws.10)), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](/previous-versions/tn-archive/bb794881(v=technet.10)).
-
- **Examples:**
- `https://www.microsoft.com/webproxy.pac`
- `https://marketing/config.ins`
- `https://123.4.567.8/account.pac`
- `
- `corserv IN A 192.55.200.143`
- `nameserver2 IN A 192.55.200.2`
- `mailserver1 IN A 192.55.200.51`
-
For more info about creating a WPAD entry, see Creating a WPAD entry in DNS.
-
-2. After the database file propagates to the server, the DNS name, `wpad.
-IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad.
-You must run the **Automatic Version Synchronization** page once for each operating system and language combination of IE.
-
-The **Automatic Version Synchronization** page tells you:
-
-- **Version available on your machine**. The version of IE11 that’s running on the computer that’s also running the IE Customization Wizard 11.
-
-- **Latest version available on web**. The most recently released version of the IE Customization Wizard 11. To get this value, the wizard compares the version of IE on your computer to the latest version of IE on the **Downloads** site. If the versions are different, you’ll be asked to update your version of IE.
-
-- **Disk space required**. The amount of space on your hard drive needed to update the browser.
-
-- **Disk space available**. The amount of hard drive space available on the computer that’s running the IE Customization Wizard 11.
-
-
-**To use the Automatic Version Synchronization page**
-
-1. Click **Synchronize**.
| Determines the default browser behavior. |
-|CMBitmapName | `
| Determines whether to use a custom Connection Manager profile. |
-|CompanyName |`
|Determines whether to encode the **[Favorites]** section for versions of IE earlier than 5.0. |
-|FavoritesDelete |*hexadecimal:* `0x89` |Lets you remove all existing Favorites and Quick Links. |
-|FavoritesOnTop |
|Determines whether to put new favorite items at the top of the menu. |
-|IE4 Welcome Msg |
|Determines whether a **Welcome** page appears. |
-|Language ID |`
|Determines whether to optimize the Active Setup Wizard for download. |
-|SilentInstall |
|Determines whether Windows Update Setup runs interactively on the employee’s computer.
This only appears for the **Internal** version of the IEAK 11. |
-|StealthInstall |
|Determines whether Windows Update Setup shows error messages and dialog boxes.
This only appears for the **Internal** version of the IEAK 11. |
-|Toolbar Bitmap |`
|The version of IEAK 11 being used. |
-|User Agent |`
|Determines whether the IE 4.x integrated shell is included in this package. |
-|Win32DownloadSite |`
The customizations you make on this page apply only to Internet Explorer for the desktop.
-
- **To use the Browser User Interface page**
-
-1. Check the **Customize Title Bars** box so you can add your custom text to the **Title Bar Text** box.
Only Administrators can use this option.
-
-3. Click **Add** to add new toolbar buttons.
|Determines whether to delete the existing custom toolbar buttons. |
-|HotIcon0 |`
|Determines whether to show the new button on the toolbar by default. |
-|ToolTipText0 |`
Using the options on the **Additional Settings** page of the wizard, you can let your employees change their connection settings. For more information see the [Additional Settings](additional-settings-ieak11-wizard.md) page. You can also customize additional connection settings using the **Automatic Configuration** page in the wizard. For more information see the [Automatic Configuration](auto-config-ieak11-wizard.md) page.
-
-**To view your current connection settings**
-
-1. Open IE, click the **Tools** menu, click **Internet Options**, and then click the **Connections** tab.
-
-2. Click **Settings** to view your dial-up settings and click **LAN Settings** to view your network settings.
-
-**To use the Connection Settings page**
-
-1. Decide if you want to customize your connection settings. You can pick:
-
- - **Do not customize Connection Settings.** Pick this option if you don’t want to preset your employee’s connection settings.
-
- - **Import the current Connection Settings from this machine.** Pick this option to import your connection settings from your computer and use them as the preset for your employee’s connection settings.
-
- **Note**
If you want to change any of your settings later, you can click **Modify Settings** to open the **Internet Properties** box, click the **Connection Settings** tab, and make your changes.
-
-2. Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
-
-3. Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
-
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
deleted file mode 100644
index 0e7777a64e..0000000000
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the ConnectionSettings .INS file to review the network connections for install (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the ConnectionSettings .INS file to review the network connections for install
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about the network connection settings used to install your custom package. This section creates a common configuration on all of your employee’s computers.
-
-|Name |Value |Description |
-|-----------|---------------------------|-------------|
-|ConnectName0 |`
|Determines whether to remove the existing connection settings during installation of your custom package. |
-|Option |
This only appears for the **Internal** version of the IEAK 11.
|Determines whether an employee can import connection settings into the Internet Explorer Customization Wizard. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
deleted file mode 100644
index 0befbc922f..0000000000
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: How to create your folder structure on the computer that you’ll use to build your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Create the build computer folder structure using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Create the build computer folder structure using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Create your build environment on the computer that you’ll use to build your custom browser package. Your license agreement determines your folder structure and which version of Internet Explorer Administration Kit 11 (IEAK 11) you’ll use: **Internal** or **External**.
-
-|Name |Version |Description |
-|-----------------|----------------------|---------------------------------------------------------|
-|`\
|
-|Prep your environment and get all of the info you'll need for running IEAK 11 |
|
-|Run the Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard |
|
-|Review your policy settings and create multiple versions of your install package. |
|
-|Review the general IEAK Customization Wizard 11 information, which applies throughout the process. |
For deployment instructions, additional troubleshooting, and post-installation management, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
|
-
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
deleted file mode 100644
index 5d88bfa81a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Create multiple versions of your custom package using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Create multiple versions of your custom package using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You'll need to create multiple versions of your custom browser package if:
-
-- You support more than 1 version of the Windows operating system.
-
-- You support more than 1 language.
-
-- You have custom installation packages with only minor differences. For example, having a different phone number or a different set of URLs in the **Favorites** folder.
-
-The Internet Explorer Customization Wizard 11 stores your original settings in the Install.ins file and will show them each time you re-open the wizard. For more info about .ins files, see [Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md).
-
-**To create multiple versions of your browser package**
-
-1. Use the Internet Explorer Customization Wizard 11 to create a custom browser package. For more info about how to run the wizard, start with the [Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md) topic.
-
-2. Go to the Cie\Custom folder and rename the Install.ins file to a name that reflects the version. Like, if you need a version for your employees in Texas, you could name the file Texas.ins.
-
-3. Run the wizard again, choosing the newly renamed folder as the destination directory for your output files.
Except for the **Title bar** text, **Favorites**, **Links bar**, **Home** page, and **Search bar**, we recommend that you keep all of your wizard settings the same for all of your build computers.
-
-4. Repeat this process until you’ve created a package for each version of your custom installation package.
-
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
deleted file mode 100644
index ba3904ae39..0000000000
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use Setup information (.inf) files to uninstall custom components (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use uninstallation .INF files to uninstall custom components
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The Internet Explorer Administration Kit 11 (IEAK 11) uses Setup information (.inf) files to provide installation instructions for your custom browser packages. You can also use this file to uninstall your custom components by removing the files, registry entries, and shortcuts, and adding your custom component to the list of programs that can be uninstalled from **Uninstall or change a program**.
-
-**To uninstall your custom components**
-
-1. Open the Registry Editor and add a new key and value to:
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"`
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString”",,"command-line"`
You should sign any custom code that’s being downloaded over the Internet. The default settings of Internet Explorer 11 will automatically reject any unsigned code. For more info about digitally signing custom components, see [Security features and IEAK 11](security-and-ieak11.md).
-
-**To use the Custom Component page**
-
-1. Click **Add**.
You should install your component before IE if you need to run a batch file to configure your employee settings. You should install your component after IE if you plan to install software updates.
-
-4. Check the **Only install if IE is installed successfully** box if your component should only install if IE installs successfully. For example, if you’re installing a security update that requires IE.
-
-5. If your component is a .cab file, you must provide the extraction command into the **Command** box.
-
-6. If your component has its own globally unique identifier (GUID), replace the value in the **GUID** box. Otherwise, keep the automatically generated GUID.
-
-7. Describe your component using up to 511 characters in the **Description** box.
-
-8. Type any command-line options that need to run while installing your component into the **Parameters** box. For example, if you want your component to install silently, without prompts. For more info about using options, see [IExpress command-line options](iexpress-command-line-options.md).
-
-9. Type the value that Microsoft Update Setup uses to check that the component installed successfully into the **Uninstall Key** box. This check is done by comparing your value to the value in the `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ApplicationName` key.
-
-10. Type a numeric serial number for your component into the **Version** box, using this format: *xxxx*, *xxxxxx*, *xxxx*, *xxxx*.
-
-11. Click **Add**.
If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location.
-
-2. On the **Additional Settings** page of the IEAK 11, click **Internet Settings**, and then click **Advanced Settings**.
-
-3. Go to the section labeled **Searching** and type *intranet* into the **Search Provider Keyword** box.
-
-**To redirect to a different site than the one provided by the search results**
-
-- In the **Advanced Settings** section, go to the section labeled **Searching** and change the **When searching from the address bar** setting to **Just go to the most likely site**.
-
-**To disable Automatic Search**
-
-- In the **Advanced Settings** section, go to the section labeled **Searching** and change the **When searching from the address bar** setting to **Do not search from the address bar**.
-
-### Automatic Search parameters
-You must replace the Automatic Search script file parameters, *%1* and *%2* so they’re part of the actual URL.
-
-|Parameter |Value |
-|----------|--------------------------------------------------------|
-|1% |The text string typed by an employee into the **Address** bar. |
-|2% |The type of search chosen by an employee. This can include:
|
-
-### Sample Automatic Search script
-This is a VBScript-based sample of an .asp Automatic Search script.
-
-```
-<%@ Language=VBScript %>
-<%
-' search holds the words typed in the Address bar
-' by the user, without the "go" or
-' "find" or any delimiters like
-' "+" for spaces.
-' If the user typed
-' "Apple pie," search = "Apple pie."
-' If the user typed
-' "find Apple pie," search = "Apple pie."
-
-search = Request.QueryString("MT")
-search = UCase(search)
-searchOption = Request.QueryString("srch")
-
-' This is a simple if/then/else
-' to redirect the browser to the site
-' of your choice based on what the
-' user typed.
-' Example: expense report is an intranet page
-' about filling out an expense report
-
-if (search = "NEW HIRE") then
-Response.Redirect("https://admin/hr/newhireforms.htm")
-elseif (search = "LIBRARY CATALOG") then
-Response.Redirect("https://library/catalog")
-elseif (search = "EXPENSE REPORT") then
-Response.Redirect("https://expense")
-elseif (search = "LUNCH MENU") then
-Response.Redirect("https://cafe/menu/")
-else
-
-' If there is not a match, use the
-' default IE autosearch server
-Response.Redirect("https://auto.search.msn.com/response.asp?MT="
-+ search + "&srch=" + searchOption +
-"&prov=&utf8")
-end if
-%>
-```
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
deleted file mode 100644
index 7d0a2f9882..0000000000
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the ExtRegInf .INS file to specify your installation files and mode (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the ExtRegInf .INS file to specify installation files and mode
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about how to specify your Setup information (.inf) files and the installation mode for your custom components.
-
-|Name |Value |Description |
-|-----------|---------|------------------------------------------------------------------------------------------------------------------|
-|Chat |*string* |The name of the .inf file and the install mode for components. For example, *,chat.inf,DefaultInstall. |
-|Conf |*string* |The name of the .inf file and the install mode for components. For example, *,conf.inf,DefaultInstall. |
-|Inetres |*string* |The name of the .inf file and the install mode for components. For example, *,inetres.inf,DefaultInstall. |
-|Inetset |*string* |The name of the .inf file and the install mode for components. For example, *,inetset.inf,DefaultInstall. |
-|Subs |*string* |The name of the .inf file and the install mode for components. For example, *,subs.inf,DefaultInstall. |
-|ConnectionSettings |*string* |The name of the .inf file and the install mode for components. For example, *,connect.inf,DefaultInstall. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
deleted file mode 100644
index 030dc054d2..0000000000
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ /dev/null
@@ -1,113 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Favorites, Favorites Bar, and Feeds** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add:
-
-- **Links.** Used so your employees can quickly connect with your important websites. These links can appear in the **Links** folder or on the **Favorites Bar**.
-
-- **Web Slices.** Used so your employees can subscribe to a section of a webpage, tracking information as it changes, such as for weather reports, stock prices, or the progress of an auction item.
-
-- **Feeds.** Used so your employees can quickly access your recommended RSS feeds. While you can’t import a folder of RSS feeds, you can add new links.
-
-Although we provide default items in the **Favorites, Favorites Bar, and Feeds** area, you can remove any of the items, add more items, or add new folders and links as part of your custom package. The customizations you make on this page only apply to Internet Explorer for the desktop.
-
-**To work with Favorites**
-
-1. To import your existing folder of links, pick **Favorites**, and then click **Import**.
-
-2. Go to your existing link folder, most likely in the `
|Determines if the **Favorites** item is available for offline browsing. |
-|Title1 |`
Your choices on this page determine what wizard pages appear.
-
-**To use the Feature Selection page**
-
-1. Check the box next to each feature you want to include in your custom installation package.
-You can create a custom installation package on your hard drive and move it to an Internet or intranet server, or you can create it directly on a server. If you create the package on a web server that’s running from your hard drive, use the path to the web server as the destination folder location. Whatever location you choose, it must be protected by appropriate access control lists (ACLs). If the location is not protected, the custom package may be tampered with.
-
-**To use the File Locations page**
-
-1. Browse to the location where you’ll store your finished custom IE installation package and the related subfolders.
Subfolders are created for each language version, based on operating system and media type. For example, if your destination folder is `C:\Inetpub\Wwwroot\Cie\Dist`, then the English-language version is created as `C:\Inetpub\Wwwroot\Cie\Dist\Flat\Win32\En` subfolders.
-
-2. Click **Advanced Options**.
-You must run Automatic Version Synchronization at least once to check for updated components.
-
-4. Browse to your .ins file location, and then click **Open**.
You must never edit a .sed file. |
-|.spc |The software publishing certificate file, which includes:
|
-
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
deleted file mode 100644
index 9d6fe74f8a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **First Run Wizard and Welcome Page Options** page of the Internet Explorer Customization Wizard 11 lets you decide what your employee’s see the first time they log on to IE, based on their operating system.
-
-- **Windows 8.1 Update and newer.** No longer includes a **Welcome** page, so if you pick the **Use Internet Explorer 11 Welcome Page** or the **Use a custom Welcome page** option, IEAK creates an initial **Home** page that loads before all other **Home** pages, as the first tab. This only applies to the Internet Explorer for the desktop.
-
-- **Windows 7 SP1.** You can disable the first run page for Windows 7 SP1 and then pick a custom **Welcome** page to show instead. If you don’t customize the settings on this page, your employees will see the default IE **Welcome** page.
-
-**To use the First Run Wizard and Welcome Page Options page**
-
-1. Check the **Use IE11 First Run wizard (recommended)** box to use the default First Run wizard in IE.
Check your license agreement to make sure this customization is available.
-
-|Graphic |Type and description |
-|-----------------------|----------------------------------------------------------------------|
-|Browser toolbar button |2 icon (.ico) files with color images for active and inactive states. |
-|Favorites List icons |1 icon (.ico) file for each new URL. |
-
-Your icons must use the .ico file extension, no other image file extension works.
-
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
deleted file mode 100644
index 2da43b7f38..0000000000
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Hardware and software requirements for Internet Explorer 11 and the IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Hardware and software requirements for Internet Explorer 11 and the IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Before you can use the Internet Explorer Administration Kit 11 and the Internet Explorer Customization Wizard 11, you must first install Internet Explorer 11. For more info about installing IE11, see the [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md) page.
-
-## Hardware requirements
-Before you start the Internet Explorer Customization Wizard 11, you must check to see how much disk space you have on the drive you're going to use to build the IE11 install package. This drive can be on the same device as the one running the wizard; it just needs to have a secure destination folder.
-
-Before you start to create your install package, you must meet all of the [Internet Explorer 11 requirements](../ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md), plus:
-
-- Up to 100 megabytes (MB) of disk space, depending on how many components you include in the installation package.
-
-- An additional 100 MB of disk space for each custom installation package built. Different media types are considered separate packages.
-
-## Software requirements
-The device you're going to use to build your install packages must be running Internet Explorer 11, on one of these operating systems:
-
-- Windows 10
-The device you're going to use to run IEAK 11 must be running the same version of the operating system as the device where you'll build your install packages.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
deleted file mode 100644
index 6c46e306f3..0000000000
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component.
-author: dansimp
-ms.prod: ie11
-ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the HideCustom .INS file to hide the GUID for each custom component (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the HideCustom .INS file to hide the GUID for each custom component
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about whether to hide the globally unique identifier (GUID) for each of your custom components.
-
-|Name |Value |Description |
-|------|-------------------------------------------------------------------------------------|-----------------------------------------------|
-|GUID |
|Determines whether this is a hidden component. |
-
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
deleted file mode 100644
index c9d24160a9..0000000000
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Reference about the command-line options and return codes for Internet Explorer Setup.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Internet Explorer Setup command-line options and return codes (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Internet Explorer Setup command-line options and return codes
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-You can use command-line options along with a tool like IExpress to package your custom version of Internet Explorer and to perform a batch installation across your organization.
-
-## IE Setup command-line options
-These command-line options work with IE Setup:
-
-`[/help] [/passive | /quiet] [/update-no] [/no-default] [/nobackup] [/ieak-full:
The employee cancelled Setup and is then asked to confirm:
If the cancellation is confirmed, Setup will quit as soon as all of the in-progress tasks are done, like copying or extracting files. |
-
-## Related topics
-- [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
-- [Express Wizard command-line options](iexpress-command-line-options.md)
-
diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
deleted file mode 100644
index 8a02248b90..0000000000
--- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. Use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
-author: dansimp
-ms.author: dansimp
-ms.manager: dougkim
-ms.prod: ie11
-ms.assetid:
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Internet Explorer Administration Kit (IEAK) information and downloads
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# Internet Explorer Administration Kit (IEAK) information and downloads
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
->Applies to: Windows 10
-
-The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. To find more information on the IEAK, see [What IEAK can do for you](what-ieak-can-do-for-you.md).
-
-
-## Internet Explorer Administration Kit 11 (IEAK 11)
-
-[IEAK 11 documentation](index.md)
-
-[IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-
-[IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.yml)
-
-[Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](before-you-create-custom-pkgs-ieak11.md)
-
-## Download IEAK
-
-To download, choose to **Open** the download or **Save** it to your hard drive first.
-
-:::row:::
- :::column span="":::
- [English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi)
-
- [Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi)
-
- [Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi)
-
- [Chinese (Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi)
-
- [Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi)
-
- [Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi)
-
- [Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi)
-
- [Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi)
-:::column-end:::
- :::column span="":::
- [French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi)
-
- [German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi)
-
- [Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi)
-
- [Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi)
-
- [Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi)
-
- [Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi)
-
- [Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi)
-
- [Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi)
-:::column-end:::
- :::column span="":::
- [Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi)
-
- [Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi)
-
- [Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi)
-
- [Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi)
-
- [Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi)
-
- [Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi)
-
- [Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi)
-
- [Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi)
-:::column-end:::
-:::row-end:::
-
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
deleted file mode 100644
index 0aa9964807..0000000000
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Review the options available to help you customize your browser install packages for deployment to your employee's devices.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Use the Internet Explorer Administration Kit 11 (IEAK 11) and the Internet Explorer Customization Wizard 11 to customize your browser install packages for deployment to your employee's devices.
-
-## IE Customization Wizard 11 options
-IEAK 11 lets you customize a lot of Internet Explorer 11, including the IE and Internet Explorer for the desktop experiences. For more info about the experiences, see [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md). For info about which pages appear in the **Internal** or **External** version of IE Customization Wizard 11, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
-
-|Internet Explorer Customization Wizard 11 page |Browser experience |Description |
-|-----------------------------------------------|------------------------------------|-----------------------------|
-|[Custom Components](custom-components-ieak11-wizard.md) |Internet Explorer for the desktop |Add up to 10 additional components that your employees can install at the same time they install IE. |
-|[Internal install](internal-install-ieak11-wizard.md) |Internet Explorer for the desktop |Choose to set IE11 as the default browser.
This only applies to IE11 on Windows 7 SP1 |
-|[User Experience](user-experience-ieak11-wizard.md) |Internet Explorer for the desktop |Control the installation and restart experience for your employees.
You can turn off the entire **Suggested Sites** feature from this page. |
-|[Browsing Options](browsing-options-ieak11-wizard.md) |Doesn't apply. The choices that you make on this page affect only the items shown on the **Favorites, Favorites Bar, and Feeds** page. |Choose how to manage items in the **Favorites** folder, the **Favorites Bar**, and the **Feeds** folder. You can also turn off the Microsoft-default Favorites, Web slices, links, feeds, and accelerators. |
-|[First Run Wizard and Welcome Page Options](first-run-and-welcome-page-ieak11-wizard.md) |Internet Explorer for the desktop |Decide if the First Run wizard appears the first time an employee starts IE. You can also use the IE11 **Welcome** page, or link to a custom **Welcome** page. |
-|[Compatibility View](compat-view-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. For more information, see [Missing the Compatibility View Button](../ie11-deploy-guide/missing-the-compatibility-view-button.md). |
-|[Connection Manager](connection-mgr-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. |
-|[Connection Settings](connection-settings-ieak11-wizard.md) |Both |Choose whether to customize your connection settings. You can also choose to delete old dial-up connection settings. |
-|[Automatic Configuration](auto-config-ieak11-wizard.md) |Both |Choose whether to automatically detect configuration settings and whether to turn on and customize automatic configuration. |
-|[Proxy Settings](proxy-settings-ieak11-wizard.md) |Both |Turn on and set up your proxy servers.
We don't support Gopher Server anymore. |
-|[Add a Root Certification](add-root-certificate-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. |
-|[Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) |The **Security Zones and Privacy** settings are supported by both experiences. The **Content Ratings** are only supported on Internet Explorer for the desktop. |Decide if you want to:
|
-|[Programs](programs-ieak11-wizard.md) |Internet Explorer for the desktop |Decide your default programs or import your current settings. |
-|[Additional Settings](additional-settings-ieak11-wizard.md) |Both |Decide how to set up multiple IE settings that appear in the **Internet Options** box. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
deleted file mode 100644
index 391784b8a4..0000000000
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Reference about the command-line options for the IExpress Wizard.
-author: dansimp
-ms.prod: ie11
-ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: IExpress Wizard command-line options (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# IExpress Wizard command-line options
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-
-**Applies to:**
-- Windows Server 2008 R2 with SP1
-
-Use command-line options with the IExpress Wizard (IExpress.exe) to control your Internet Explorer custom browser package extraction process.
-
-These command-line options work with IExpress:
-`Ie11setup
The customizations made on this page only apply to Internet Explorer for the desktop on Windows 7.
-
-**To use the Internal Install page**
-
-1. Pick either:
-
- - **Allow user to choose.** Lets your employees pick their own default browser.
Make sure that the language of your IEAK 11 installation matches the language of your custom IE11 package. If the languages don’t match, IEAK 11 won’t work properly.
-
-**To use the Language Selection page**
-
-1. Pick the language you want your custom IE11 installation package to use.
To keep your settings across multiple versions of the package, you can pick the same destination folder for all versions. The different language versions are then saved in separate subfolders within that destination folder. Like, for an English version, `C:\Cie\Build1\Flat\Win32_WIN8\en-US\` and for a German version, `C:\Cie\Build1\Flat\Win32_WIN8\de-DE\`.
-
-2. Click **Next** to go to the [Package Type Selection](pkg-type-selection-ieak11-wizard.md) page or **Back** to go to the [Platform Selection](platform-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
deleted file mode 100644
index 9eba34b5e1..0000000000
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ /dev/null
@@ -1,110 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Learn about the version of the IEAK 11 you should run, based on your license agreement.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/23/2018
----
-
-
-# Determine the licensing version and features to use in IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
-
-During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
-
-- **External Distribution as an Internet Service Provider (ISP), Internet Content Provider (ICP), or Developer.** If you are an ISP or an ICP, your license agreement also states that you must show the Internet Explorer logo on your packaging and promotional goods, as well as on your website.
- > [!IMPORTANT]
- > Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
-
-- **Internal Distribution via a Corporate Intranet.** This version is for network admins that plan to directly deploy IE11 into a corporate environment.
-
-## Available features by version
-
-| Feature | Internal | External |
-|-------------------------------------------|:--------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
-| Welcome screen |  |  |
-| File locations |  |  |
-| Platform selection |  |  |
-| Language selection |  |  |
-| Package type selection |  |  |
-| Feature selection |  |  |
-| Automatic Version Synchronization (AVS) |  |  |
-| Custom components |  |  |
-| Internal install |  |  |
-| User experience |  |  |
-| Browser user interface |  |  |
-| Search providers |  |  |
-| Important URLs – Home page and support |  |  |
-| Accelerators |  |  |
-| Favorites, Favorites bar, and feeds |  |  |
-| Browsing options |  |  |
-| First Run wizard and Welcome page options |  |  |
-| Connection manager |  |  |
-| Connection settings |  |  |
-| Automatic configuration |  |  |
-| Proxy settings |  |  |
-| Security and privacy settings |  |  |
-| Add a root certificate |  |  |
-| Programs |  |  |
-| Additional settings |  |  |
-| Wizard complete |  |  |
-
----
-
-
-## Customization guidelines
-
-Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
-
-- **External Distribution**
- This mode is available to anyone who wants to create a customized browser for distribution outside their company (for example, websites, magazines, retailers, non-profit organizations, independent hardware vendors, independent software vendors, Internet service providers, Internet content providers, software developers, and marketers).
-
-- **Internal Distribution**
- This mode is available to companies for the creation and distribution of a customized browser only to their employees over a corporate intranet.
-
-The table below identifies which customizations you may or may not perform based on the mode you selected.
-
-| **Feature Name** | **External Distribution** | **Internal Distribution** |
-|---------------------------------|:--------------------:|:-------------------:|
-| **Custom Components** | Yes | Yes |
-| **Title Bar** | Yes | Yes |
-| **Favorites** | One folder, containing any number of links. | Any number of folders/links. |
-| **Search Provider URLs** | Yes | Yes |
-| **Search Guide URL** | No | Yes |
-| **Online Support URL** | Yes | Yes |
-| **Web Slice** | Suggested maximum five Web Slices. | Any number of Web Slices. |
-| **Accelerator** | Search provider Accelerator must be the same as the search provider set for the Search Toolbox. We recommend that Any number of Accelerators/Accelerator Categories. Feature Name External Internal Accelerator category not exceed seven total categories, and each Accelerator category must be unique. We recommend each Accelerator category not have more than two Accelerators. The Accelerator display name should follow the syntax of verb + noun, such as "Map with Bing." | Any number of Accelerators/Accelerator Categories. |
-| **Homepage URLs** | Can add a maximum of three. | Unlimited. |
-| **First Run Wizard and Welcome Page Options** | Cannot remove Internet Explorer 11 First Run wizard. Can customize **Welcome** page. | Customizable. |
-| **RSS Feeds** | One folder, containing any number of links. | Any number of folders/links. |
-| **Browsing Options** | No | Yes |
-| **Security and Privacy Settings** | No | Can add any number of sites. |
-| **Corporate Options** (Latest Updates, Default Browser, Uninstall Info, Additional Settings) | No | Yes |
-| **User Experience** (Setup/Restart) | No | Yes |
-| **User Agent String** | Yes | Yes |
-| **Compatibility View** | Yes | Yes |
-| **Connection Settings and Manage** | Yes | Yes |
-
-
-Support for some of the Internet Explorer settings on the wizard pages varies depending on your target operating system. For more information, see [Internet Explorer Customization Wizard 11 options](./ieak11-wizard-custom-options.md).
-
-## Distribution guidelines
-
-Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
-
-- **External Distribution**
- You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy).
-
-- **Internal Distribution - corporate intranet**
- The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet.
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
deleted file mode 100644
index f628def610..0000000000
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available.
-author: dansimp
-ms.prod: ie11
-ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Media .INS file to specify your install media (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Media .INS file to specify your install media
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The types of media on which your custom install package is available.
-
-|Name |Value |Description |
-|-----|------|-----------------|
-|Build_LAN |
|Determines whether you want to create a LAN-based installation package. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
deleted file mode 100644
index ae7b3c6150..0000000000
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Package Type Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Package Type Selection page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Package Type Selection** page of the Internet Explorer Customization Wizard 11 lets you pick which type of media you’ll use to distribute your custom installation package. You can pick more than one type, if you need it.
-
-**Important**
You can't create a full installation package for deployment to Windows 10 computers. That option only works for computers running Windows 7 or Windows 8.1.
-
-**To use the File Locations page**
-
-1. Check the **Full Installation Package** box if you’re going to build your package on, or move your package to, a local area network (LAN). This media package includes the Internet Explorer 11 installation files, and is named **IE11-Setup-Full.exe**, in the `
You can’t include custom components in a configuration-only package.
-
-3. Click **Next** to go to the [Feature Selection](feature-selection-ieak11-wizard.md) page or **Back** to go to the [Language Selection](language-selection-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
deleted file mode 100644
index 67d9caac65..0000000000
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Platform Selection page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package.
-
-**To use the Platform Selection page**
-
-1. Pick the operating system and architecture for the devices on which you’re going to install the custom package.
To keep your settings across several operating system packages, you can specify the same destination folder. Then, after running the wizard, you can reuse the resulting .ins file. Any additional changes to the .ins file are saved. For more info about using .ins files, see [Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md). For more info about adding in your .ins file, see [Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md).
-
-2. Click **Next** to go to the [Language Selection](language-selection-ieak11-wizard.md) page or **Back** to go to the [File Locations](file-locations-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
deleted file mode 100644
index 4720c446af..0000000000
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: plan
-description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Before you install your package over your network using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Before you install your package over your network using IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Employees can install the custom browser package using a network server. However, you must either lower the intranet security level or make the server a trusted site.
-
-**To lower your intranet security**
-
-1. In Internet Explorer 11, click **Tools**, **Internet Options**, and then the **Security** tab.
-
-2. Click **Local intranet**, and then **Sites**.
-
-3. Uncheck **Automatically detect intranet network**, uncheck **Include all network paths (UNC)**, and then click **OK**.
-
-**To make your server a trusted site**
-
-1. From the **Security** tab, click **Trusted sites**, and then **Sites**.
-
-2. Type the location of the server with the downloadable custom browser package, and then click **Add**.
-
-3. Repeat this step for every server that will include the custom browser package for download.
-
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
deleted file mode 100644
index acfbbc74ae..0000000000
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services.
-author: dansimp
-ms.prod: ie11
-ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Programs page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer.
-
-**Important**
The customizations you make on this page only apply to Internet Explorer for the desktop.
-
-**To use the Programs page**
-
-1. Determine whether you want to customize your connection settings. You can pick:
-
- - **Do not customize Program Settings.** Pick this option if you don’t want to set program associations for your employee’s devices.
If you want to change any of your settings, you can click **Modify Settings** to open the **Internet Properties** box, click **Set associations**, and make your changes.
-
-2. Click **Next** to go to the [Additional Settings](additional-settings-ieak11-wizard.md) page or **Back** to go to the [Add a Root Certificate](add-root-certificate-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
deleted file mode 100644
index 56a0823f9a..0000000000
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ /dev/null
@@ -1,185 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use proxy auto-configuration (.pac) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use proxy auto-configuration (.pac) files with IEAK 11
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-These are various ways you can use a proxy auto-configuration (.pac) file to specify an automatic proxy URL. We've included some examples here to help guide you, but you'll need to change the proxy names, port numbers, and IP addresses to match your organization's info.
-
-Included examples:
-- [Example 1: Connect directly if the host is local](#example-1-connect-directly-if-the-host-is-local)
-- [Example 2: Connect directly if the host is inside the firewall](#example-2-connect-directly-if-the-host-is-inside-the-firewall)
-- [Example 3: Connect directly if the host name is resolvable](#example-3-connect-directly-if-the-host-name-is-resolvable)
-- [Example 4: Connect directly if the host is in specified subnet](#example-4-connect-directly-if-the-host-is-in-specified-subnet)
-- [Example 5: Determine the connection type based on the host domain](#example-5-determine-the-connection-type-based-on-the-host-domain)
-- [Example 6: Determine the connection type based on the protocol](#example-6-determine-the-connection-type-based-on-the-protocol)
-- [Example 7: Determine the proxy server based on the host name matching the IP address](#example-7-determine-the-proxy-server-based-on-the-host-name-matching-the-ip-address)
-- [Example 8: Connect using a proxy server if the host IP address matches the specified IP address](#example-8-connect-using-a-proxy-server-if-the-host-ip-address-matches-the-specified-ip-address)
-- [Example 9: Connect using a proxy server if there are periods in the host name](#example-9-connect-using-a-proxy-server-if-there-are-periods-in-the-host-name)
-- [Example 10: Connect using a proxy server based on specific days of the week](#example-10-connect-using-a-proxy-server-based-on-specific-days-of-the-week)
-
-
-## Example 1: Connect directly if the host is local
-In this example, if the host is local, it can connect directly. However, if the server isn't local, it must connect through a proxy server. Specifically, the `isPlainHostName` function looks to see if there are any periods (.) in the host name. If the function finds periods, it means the host isn’t local and it returns false. Otherwise, the function returns true.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isPlainHostName(host))
- return "DIRECT";
- else
- return "PROXY proxy:80";
- }
-```
-## Example 2: Connect directly if the host is inside the firewall
-In this example, if the host is inside the firewall, it can connect directly. However, if the server is outside the firewall, it must connect through a proxy server. Specifically, the `localHostOrDomainIs` function only runs for URLs in the local domain. If the host domain name matches the provided domain information, the `dnsDomainIs` function returns true.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if ((isPlainHostName(host) ||
- dnsDomainIs(host, ".company.com")) &&
- !localHostOrDomainIs(host, "www.company.com") &&
- !localHostOrDoaminIs(host, "home.company.com"))
- return "DIRECT";
- else
- return "PROXY proxy:80";
-}
-```
-## Example 3: Connect directly if the host name is resolvable
-In this example, if the host name can be resolved, it can connect directly. However, if the name can’t be resolved, the server must connect through a proxy server. Specifically, this function requests the DNS server to resolve the host name it's passed. If the name can be resolved, a direct connection is made. If it can't, the connection is made using a proxy. This is particularly useful when an internal DNS server is used to resolve all internal host names.
-
-**Important**
The `isResolvable` function queries a Domain Name System (DNS) server. References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references `window.open(...)`, `alert(...)`, and `password(...)` all cause the proxy auto-configuration file to fail.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isResolvable(host))
- return "DIRECT";
- else
- return "PROXY proxy:80";
- }
-```
-
-## Example 4: Connect directly if the host is in specified subnet
-In this example, if the host is in a specified subnet, it can connect directly. However, if the server is outside of the specified subnet, it must connect through a proxy server. Specifically, the `isInNet` (host, pattern, mask) function returns true if the host IP address matches the specified pattern. The mask indicates which part of the IP address to match (255=match, 0=ignore).
-
-**Important**
The `isInNet` function queries a DNS server. References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references `window.open(...)`, `alert(...)`, and `password(...)` all cause the proxy auto-configuration file to fail.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isInNet(host, "999.99.9.9", "255.0.255.0"))
- return "DIRECT";
- else
- return "PROXY proxy:80";
- }
-```
-## Example 5: Determine the connection type based on the host domain
-In this example, if the host is local, the server can connect directly. However, if the host isn’t local, this function determines which proxy to use based on the host domain. Specifically, the `shExpMatch(str, shexp)` function returns true if `str` matches the `shexp` using shell expression patterns. This is particularly useful when the host domain name is one of the criteria for proxy selection.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (isPlainHostName(host))
- return "DIRECT";
- else if (shExpMatch(host, "*.com"))
- return "PROXY comproxy:80";
- else if (shExpMatch(host, "*.edu"))
- return "PROXY eduproxy:80";
- else
- return "PROXY proxy";
- }
-```
-## Example 6: Determine the connection type based on the protocol
-In this example, the in-use protocol is extracted from the server and used to make a proxy selection. If no protocol match occurs, the server is directly connected. Specifically the `substring` function extracts the specified number of characters from a string. This is particularly useful when protocol is one of the criteria for proxy selection.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (url.substring(0, 5) == "http:") {
- return "PROXY proxy:80";
- }
- else if (url.substring(0, 4) == "ftp:") {
- return "PROXY fproxy:80";
- }
- else if (url.substring(0, 6) == "https:") {
- return "PROXY secproxy:8080";
- }
- else {
- return "DIRECT";
- }
- }
-```
-## Example 7: Determine the proxy server based on the host name matching the IP address
-In this example, the proxy server is selected by translating the host name into an IP address and then comparing the address to a specified string.
-
-**Important**
The `dnsResolve` function queries a DNS server. References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references `window.open(...)`, `alert(...)`, and `password(...)` all cause the proxy auto-configuration file to fail.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (dnsResolve(host) == "999.99.99.999") { // = https://secproxy
- return "PROXY secproxy:8080";
- }
- else {
- return "PROXY proxy:80";
- }
- }
-```
-## Example 8: Connect using a proxy server if the host IP address matches the specified IP address
-In this example, the proxy server is selected by explicitly getting the IP address and then comparing it to a specified string. If no protocol match occurs, the server makes a direct connection. Specifically, the `myIpAddress` function returns the IP address (in integer-period format) for the host that the browser is running on.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (myIpAddress() == "999.99.999.99") {
- return "PROXY proxy:80";
- }
- else {
- return "DIRECT";
- }
- }
-```
-## Example 9: Connect using a proxy server if there are periods in the host name
-In this example, the function looks to see if there are periods (.) in the host name. If there are any periods, the connection occurs using a proxy server. If there are no periods, a direct connection occurs. Specifically, the `dnsDomainLevels` function returns an integer equal to the number of periods in the host name.
-
-**Note**
This is another way to determine connection types based on host name characteristics.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if (dnsDomainLevels(host) > 0) { // if the number of periods in host > 0
- return "PROXY proxy:80";
- }
- return "DIRECT";
- }
-```
-## Example 10: Connect using a proxy server based on specific days of the week
-In this example, the function decides whether to connect to a proxy server, based on the days of the week. Connecting on days that don’t fall between the specified date parameters let the server make a direct connection. Specifically the `weekdayRange(day1 [,day2] [,GMT] )` function returns whether the current system time falls within the range specified by the parameters `day1`, `day2`, and `GMT`. Only the first parameter is required. The GMT parameter presumes time values are in Greenwich Mean Time rather than the local time zone. This function is particularly useful for situations where you want to use a proxy server for heavy traffic times, but allow a direct connection when traffic is light.
-
-``` javascript
-function FindProxyForURL(url, host)
- {
- if(weekdayRange("WED", "SAT", "GMT"))
- return "PROXY proxy:80";
- else
- return "DIRECT";
- }
-```
-
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
deleted file mode 100644
index 9def48f2d3..0000000000
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Proxy .INS file to specify a proxy server (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Proxy .INS file to specify a proxy server
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about whether to use a proxy server. If yes, this also includes the host names for the proxy server.
-
-|Name |Value |Description |
-|-----|------|------------|
-|FTP_Proxy_Server |`
|Determines whether to use a proxy server. |
-|Proxy_Override |`
|Determines whether to use a single proxy server for all services. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
deleted file mode 100644
index ba113af6cc..0000000000
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Proxy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Proxy Settings page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **Proxy Settings** page of the Internet Explorer Customization Wizard 11 lets you pick the proxy servers used by your employees to connect for services required by the custom install package.
-
-Using a proxy server lets you limit access to the Internet. You can also use the **Additional Settings** page of the wizard to further restrict your employees from changing the proxy settings.
-
-**To use the Proxy Settings page**
-
-1. Check the **Enable proxy settings** box if you want to use proxy servers for any of your services.
-
-2. Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.
IE11 also uses this registry key to verify that the component installed successfully during setup.
-
-|Subkey |Data type |Value |
-|-------|----------|-----------|
-|DisplayName |*string* |Friendly name for your uninstall app. This name must match your **Uninstall Key** in the **Add a Custom Component** page of the Internet Explorer Customization Wizard 11. For more info, see the [Custom Components](custom-components-ieak11-wizard.md) page. |
-|UninstallString |*string* |Full command-line text, including the path, to uninstall your component. You must not use a batch file or a sub-process. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
deleted file mode 100644
index 52e023abde..0000000000
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: manage
-description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the RSoP snap-in to review policy settings (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using the Resultant Set of Policy (RSoP) snap-in to review policy settings
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772175(v=ws.11)).
-
-**To add the RSoP snap-in**
-
-1. On the **Start** screen, type *MMC*.
The Internet Explorer Customization Wizard 11 offers improved and extended search settings. However, you can still optionally include support for Search Suggestions and Favicons, as well as Accelerator previews by using an .ins file from a previous version of IEAK.
-
-**To use the Search Providers page**
-
-1. Click **Import** to automatically import your existing search providers from your current version of IE into this list.
-
-2. Click **Add** to add more providers.
To change your settings, click **Modify Settings** to open the **Internet Properties** box, and then click the **Security** and **Privacy** tabs to make your changes.
-
-2. Decide if you want to customize your content ratings. You can pick:
-
- - **Do not customize content ratings.** Pick this option if you don’t want to customize content ratings.
-
- - **Import the current content ratings settings.** Pick this option to import your content rating settings from your computer and use them as the preset for your employee’s settings.
Not all Internet content is rated. If you choose to allow users to view unrated sites, some of those sites could contain inappropriate material. To change your settings, click **Modify Settings** to open the **Content Advisor** box, where you can make your changes.
-
-3. Click **Next** to go to the [Add a Root Certificate](add-root-certificate-ieak11-wizard.md) page or **Back** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
deleted file mode 100644
index b4fd0c45b2..0000000000
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package.
-author: dansimp
-ms.prod: ie11
-ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the Security Imports .INS file to import security info (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Security Imports .INS file to import security info
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-Info about how to import security information from your local device to your custom package.
-
-|Name |Value |Description |
-|-----|------|------------|
-|ImportAuthCode |
|Whether to import the existing Authenticode settings. |
-|ImportRatings |
|Whether to import the existing Content Ratings settings. |
-|ImportSecZones |
|Whether to import the existing Security Zone settings. |
-|ImportSiteCert |
|Whether to import the existing site certification authorities. |
-|Win16SiteCerts |
|Whether to use site certificates for computers running 16-bit versions of Windows. |
-
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
deleted file mode 100644
index e4fcd7c739..0000000000
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-description: Info about some of the known issues using the Internet Exporer Customization Wizard and a custom Internet Explorer install package.
-author: dansimp
-ms.author: dansimp
-ms.prod: ie11
-ms.assetid: 9e22cc61-6c63-4cab-bfdf-6fe49db945e4
-ms.reviewer:
-audience: itpro
-manager: dansimp
-title: Troubleshoot custom package and IEAK 11 problems (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Troubleshoot custom package and IEAK 11 problems
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-While the Internet Explorer Customization Wizard has been around for quite a while, there are still some known issues that you might encounter while deploying or managing your custom IE install package.
-
-## I am unable to locate some of the wizard pages
-The most common reasons you will not see certain pages is because:
-
-- **Your licensing agreement with Microsoft.** Your licensing agreement determines whether you install the **Internal** or **External** version of the Internet Explorer Customization Wizard, and there are different features available for each version. For info about which features are available for each version, see [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md).
-
-- **Your choice of operating system.** Depending on the operating system you picked from the **Platform Selection** page of the wizard, you might not see all of the pages. Some features aren’t available for all operating systems. For more information, see [Use the Platform Selection page in the IEAK 11 Wizard](platform-selection-ieak11-wizard.md).
-
-- **Your choice of features.** Depending on what you selected from the **Feature Selection** page of the wizard, you might not see all of the pages. You need to make sure that the features you want to customize are all checked. For more information, see [Use the Feature Selection page in the IEAK 11 Wizard](feature-selection-ieak11-wizard.md).
-
-## Internet Explorer Setup fails on user's devices
-Various issues can cause problems during Setup, including missing files, trust issues, or URL monikers. You can troubleshoot these issues by reviewing the Setup log file, located at `IE11\_main.log` from the **Windows** folder (typically, `C:\Windows`). The log file covers the entire Setup process from the moment IE11Setup.exe starts until the last .cab file finishes, providing error codes that you can use to help determine the cause of the failure.
-
-### Main.log file codes
-
-|Code |Description |
-|-----|------------|
-|0 |Initializing, making a temporary folder, and checking disk space. |
-|1 |Checking for all dependencies. |
-|2 |Downloading files from the server. |
-|3 |Copying files from download location to the temporary installation folder. |
-|4 |Restarting download and retrying Setup, because of a time-out error or other download error. |
-|5 |Checking trust and checking permissions. |
-|6 |Extracting files. |
-|7 |Running Setup program (an .inf or .exe file). |
-|8 |Installation is finished. |
-|9 |Download finished, and all files are downloaded. |
-
-### Main.log error codes
-
-|Code |Description |
-|-----|------------|
-|80100003 |Files are missing from the download folder during installation. |
-|800bxxxx |An error code starting with 800b is a trust failure. |
-|800Cxxxx |An error code starting with 800C is a Urlmon.dll failure. |
-
-
-## Internet Explorer Setup connection times out
-Internet Explorer Setup can switch servers during the installation process to maintain maximum throughput or to recover from a non-responsive download site (you receive less than 1 byte in 2 minutes). If the connection times out, but Setup is able to connect to the next download site on the list, your download starts over. If however the connection times out and Setup can’t connect to a different server, it’ll ask if you want to stop the installation or try again.
-
-To address connection issues (for example, as a result of server problems) where Setup can’t locate another download site by default, we recommend you overwrite your first download server using this workaround:
-
-``` syntax
-
|Determines whether to automatically configure the customized browser on your employee’s device. |
-|AutoConfigJSURL |`
|Determines whether to show the **Welcome** page the first time the browser’s used on an employee’s device. |
-|Quick_Link_1 |`
|Determines whether to make the Quick Links available for offline browsing. |
-|Search_Page |`
|Determines whether to use a local Internet Settings (.ins) file |
-
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
deleted file mode 100644
index 364daedbbc..0000000000
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-author: dansimp
-ms.prod: ie11
-ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
-ms.reviewer:
-audience: itpro
-manager: dansimp
-ms.author: dansimp
-title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the User Experience page in the IEAK 11 Wizard
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-
-The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
-
-**Note**
You’ll only see this page if you are running the **Internal** version of the Internet Explorer Customization Wizard 11.
Record these settings and use them to help configure your on-premises Active Directory or Microsoft Entra ID to mirror the current behavior of your Chromebook environment.|
-|Password monitoring|This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section.|
-|API reference|This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section.|
-|Set up single sign-on (SSO)|This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Microsoft Entra synchronization to replace Google-based SSO.|
-|Advanced settings|This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.|
-
-**Identify locally configured settings to migrate**
-
-In addition to the settings configured in the Google Admin Console, users may have locally configured their devices based on their own personal preferences (as shown in Figure 2). Table 4 lists the Chromebook user and device settings that you can locally configure. Review the settings and determine which settings you'll migrate to Windows. Some of the settings listed in Table 4 can only be seen when you click the **Show advanced settings** link (as shown in Figure 2).
-
-
-
-Figure 2. Locally configured settings on Chromebook
-
-Table 4. Locally configured settings
-
-| Section | Settings |
-|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Internet connections | These settings configure the Internet connection for the devices, such as Wi-Fi and VPN connections. Record the network connection currently in use and configure the Windows device to use the same network connection settings. |
-| Appearances | These settings affect the appearance of the desktop. Record the wallpaper image file that is used. Migrate the image file to the Windows device and configure as the user’s wallpaper to maintain similar user experience. |
-| Search | These settings configure which search engine is used to search for content. Record this setting so that you can use as the search engine on the Windows device. |
-| Advanced sync settings | These settings configure which user settings are synchronized with the Google cloud, such as Apps, Extensions, History, Passwords, Settings, and so on. Record these settings and configure the Windows device with the same settings if you decide to continue to use Google Apps and other cloud services after you migrate to Windows devices. |
-| Date and time | These settings configure the time zone and if 24-hour clock time should be used. Record these settings and configure the Windows device to use these settings. |
-| Privacy | These settings configure Google Chrome web browser privacy settings (such as prediction service, phishing and malware protection, spelling errors, resource pre-fetch, and so on). Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings. |
-| Bluetooth | This setting configures whether or not Bluetooth is enabled on the device. Record this setting and configure the Windows device similarly. |
-| Passwords and forms | These settings configure Google Chrome web browser to enable autofill of web forms and to save web passwords. Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings. |
-| Smart lock | These settings configure the Chromebook when the user’s Android phone is nearby and unlocked, which eliminates the need to type a password. You don’t need to migrate settings in this section. |
-| Web content | These settings configure how the Chrome web browser displays content (such as font size and page zoom). Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings. |
-| Languages | These settings configure the language in use for the Chromebook. Record these settings and configure the Windows device to support the same language. |
-| Downloads | These settings configure the default folder for file download, if the user should be prompted where to save files, and if the Google Drive account should be disconnected. Record these settings and configure the Windows device with similar settings. |
-| HTTPS/SSL | These settings configure client-side certificates that are used to authenticate the device. Depending on the services or apps that use these certificates, you may need to export and then migrate these certificates to the Windows device. Contact the service or app provider to determine if you can use the existing certificate or if a new certificate needs to be issued. Record these settings and migrate the certificate to the Windows device or enroll for a new certificate as required by the service or app. |
-| Google Cloud Print | These settings configure the printers that are available to the user. Record the list of printers available to the user and configure the Windows device to have the same printers available. Ensure that the user-friendly printer names in Windows are the same as for the Chromebook device. For example, if the Chromebook device has a printer named “Laser Printer in Registrar’s Office”, use that same name in Windows. |
-| On startup | These settings configure which web pages are opened when the Chrome web browser starts. Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings. |
-| Accessibility | These settings configure the Chromebook ease of use (such as display of large mouse cursor, use of high contrast mode, enablement of the screen magnifier, and so on). Record these settings and configure the Windows device with similar settings. |
-| Powerwash | This action removes all user accounts and resets the Chromebook device back to factory settings. You don’t have to migrate any settings in this section. |
-| Reset settings | This action retains all user accounts, but restores all settings back to their default values. You don’t have to migrate any settings in this section. |
-
-
-
-Determine how many users have similar settings and then consider managing those settings centrally. For example, a large number of users may have many of the same Chrome web browser settings. You can centrally manage these settings in Windows after migration.
-
-Also, as a part of this planning process, consider settings that may not be currently managed centrally, but should be managed centrally. Record the settings that are currently being locally managed, but you want to manage centrally after the migration.
-
-**Prioritize settings to migrate**
-
-After you've collected all the Chromebook user, app, and device settings that you want to migrate, you need to prioritize each setting. Evaluate each setting and assign a priority to the setting based on the levels of high, medium, and low.
-
-Assign the setting-migration priority based on how critical the setting is to the faculty performing their day-to-day tasks and how the setting affects the curriculum in the classrooms. Focus on the migration of higher priority settings and put less effort into the migration of lower priority settings. There may be some settings that aren't necessary at all and can be dropped from your list of settings entirely. Record the setting priority in the list of settings you plan to migrate.
-
-## Plan for email migration
-
-
-Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you'll migrate and the best time to perform the migration.
-
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](/Exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes).
-
-**Identify the list of user mailboxes to migrate**
-
-With regard to creating the list of users you'll migrate, it might seem that the answer “all the users” might be the best one. However, depending on the time you select for migration, only a subset of the users may need to be migrated. For example, you may not persist student email accounts between semesters or between academic years. In this case, you would only need to migrate faculty and staff.
-
-Also, when you perform a migration, it's a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
-
-Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](/Exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
-
-**Identify companion devices that access Google Apps Gmail**
-
-In addition to Chromebook devices, users may have companion devices (smartphones, tablets, desktops, laptops, and so on) that also access the Google Apps Gmail mailbox. You'll need to identify those companion devices and identify the proper configuration for those devices to access Office 365 mailboxes.
-
-After you've identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
-
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify these credentials on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://support.microsoft.com/office/compare-how-different-mobile-devices-work-with-office-365-bdd06229-776a-4824-947c-82425d72597b).
-
-**Identify the optimal timing for the migration**
-
-Typically, the best time to perform the migration is between academic years or during semester breaks. Select the time of least activity for your institution. And during that time, the optimal time to perform the migration might be during an evening or over a weekend.
-
-Ensure that you communicate the time the migration will occur to your users well in advance. Also, ensure that users know how to access their Office 365 email after the migration is complete. Finally, ensure that your users know how to perform the common tasks they performed in Google Apps Gmail in Office 365 and/or Outlook 2016.
-
-## Plan for cloud storage migration
-
-
-Chromebook devices have limited local storage. So, most of your users will store data in cloud storage, such as Google Drive. You'll need to plan how to migrate your cloud storage as a part of the Chromebook migration process.
-
-In this section, you'll create a list of the existing cloud services, select the Microsoft cloud services that best meet your needs, and then optimize your cloud storage services migration plan.
-
-**Identify cloud storage services currently in use**
-
-Typically, most Chromebook users use Google Drive for cloud storage services because your educational institution purchased other Google cloud services and Google Drive is a part of those services. However, some users may use cloud storage services from other vendors. For each member of your faculty and staff and for each student, create a list of cloud storage services that includes the following details:
-
-- Name of the cloud storage service
-
-- Cloud storage service vendor
-
-- Associated licensing costs or fees
-
-- Approximate storage currently in use per user
-
-Use this information as the requirements for your cloud storage services after you migrate to Windows devices. If at the end of this discovery you determine there's no essential data being stored in cloud storage services that requires migration, then you can skip to the [Plan for cloud services migration](#plan-cloud-services) section.
-
-**Optimize cloud storage services migration plan**
-
-Now that you know the current cloud storage services configuration, you need to optimize your cloud storage services migration plan for Microsoft OneDrive for Business. Optimization helps ensure that your use only the cloud storage services resources that are necessary for your requirements.
-
-Consider the following to help optimize your cloud storage services migration plan:
-
-- **Eliminate inactive user storage.** Before you perform the cloud storage services migration, identify cloud storage that is currently allocated to inactive users. Remove this storage from your list of cloud storage to migrate.
-
-- **Eliminate or archive inactive files.** Review cloud storage to identify files that are inactive (haven't been accessed for some period of time). Eliminate or archive these files so that they don't consume cloud storage.
-
-- **Consolidate cloud storage services.** If multiple cloud storage services are in use, reduce the number of cloud storage services and standardize on one cloud storage service. This standardization will help reduce management complexity, support time, and typically will reduce cloud storage costs.
-
-Record your optimization changes in your cloud storage services migration plan.
-
-## Plan for cloud services migration
-
-
-Many of your users may use cloud services on their Chromebook device, such as Google Apps, Google Drive, or Google Apps Gmail. You've planned for these individual cloud services in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections.
-
-In this section, you'll create a combined list of these cloud services and then select the appropriate strategy to migrate these cloud services.
-
-###
-
-**Identify cloud services currently in use**
-
-You've already identified the individual cloud services that are currently in use in your educational institution in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections. Create a unified list of these cloud services and record the following about each service:
-
-- Cloud service name
-
-- Cloud service provider
-
-- Number of users that use the cloud service
-
-**Select cloud services to migrate**
-
-One of the first questions you should ask after you identify the cloud services currently in use is, “Why do we need to migrate from these cloud services?” The answer to this question largely comes down to finances and features.
-
-Here's a list of reasons that describe why you might want to migrate from an existing cloud service to Microsoft cloud services:
-
-- **Better integration with Office 365.** If your long-term strategy is to migrate to Office 365 apps (such as Word 2016 or Excel 2016), then a migration to Microsoft cloud services will provide better integration with these apps. The use of existing cloud services may not be as intuitive for users. For example, Office 365 apps will integrate better with OneDrive for Business compared to Google Drive.
-
-- **Online apps offer better document compatibility.** Microsoft Office apps (such as Word and Excel for the web) provide the highest level of compatibility with Microsoft Office documents. The Office apps allow you to open and edit documents directly from SharePoint or OneDrive for Business. Users can access the Office app from any device with Internet connectivity.
-
-- **Reduce licensing costs.** If you pay for Office 365 licenses, then Office 365 apps and cloud storage are included in those licenses. Although you could keep existing cloud services, you probably would pay more to keep those services.
-
-- **Improve storage capacity and cross-platform features.** Microsoft cloud services provide competitive storage capacity and provide more Windows-centric features than other cloud services providers. While the Microsoft cloud services user experience is highly optimized for Windows devices, Microsoft cloud services are also highly optimized for companion devices (such as iOS or Android devices).
-
-Review the list of existing cloud services that you created in the [Identify cloud services currently in use](#identify-cloud-services-inuse) section and identify the cloud services that you want to migrate to Microsoft cloud services. If you determine at the end of this task that there are no cloud services to be migrated, then skip to the [Plan for Windows device deployment](#plan-windevice-deploy) section. Also, skip the [Perform cloud services migration](#perform-cloud-services-migration) section later in this guide.
-
-**Prioritize cloud services**
-
-After you've created your aggregated list of cloud services currently in use by Chromebook users, prioritize each cloud service. Evaluate each cloud service and assign a priority based on the levels of high, medium, and low.
-
-Assign the priority based on how critical the cloud service is to the faculty and staff performing their day-to-day tasks and how the cloud service affects the curriculum in the classrooms. Also, make cloud services that are causing pain for the users a higher priority. For example, if users experience outages with a specific cloud service, then make migration of that cloud service a higher priority.
-
-Focus on the migration of higher priority cloud services first and put less effort into the migration of lower priority cloud services. There may be some cloud services that are unnecessary and you can remove them from your list of cloud services to migrate entirely. Record the cloud service migration priority in the list of cloud services you plan to migrate.
-
-###
-
-**Select cloud services migration strategy**
-
-When you deploy the Windows devices, should you migrate the faculty, staff, and students to the new cloud services? Perhaps. But, in most instances you'll want to select a migration strategy that introduces many small changes over a period of time.
-
-Consider the following when you create your cloud services migration strategy:
-
-- **Introduce small changes.** The move from Chrome OS to Windows will be simple for most users as most will have exposure to Windows from home, friends, or family. However, users may not be as familiar with the apps or cloud services. Consider the move to Windows first, and then make other changes as time progresses.
-
-- **Start off by using existing apps and cloud services.** Immediately after the migration to Windows devices, you may want to consider running the existing apps and cloud services (such Google Apps, Google Apps Gmail, and Google Drive). This option gives users a familiar method to perform their day-to-day tasks.
-
-- **Resolve pain points.** If some existing apps or cloud services cause problems, you may want to migrate them sooner rather than later. In most instances, users will be happy to go through the learning curve of a new app or cloud service if it's more reliable or intuitive for them to use.
-
-- **Migrate classrooms or users with common curriculum.** Migrate to Windows devices for an entire classroom or for multiple classrooms that share common curriculum. You must ensure that the necessary apps and cloud services are available for the curriculum prior to the migration of one or more classrooms.
-
-- **Migrate when the fewest number of active users are affected.** Migrate your cloud services at the end of an academic year or end of a semester. This migration will ensure you've minimal impact on faculty, staff, and students. Also, a migration during this time will minimize the learning curve for users as they're probably dealing with new curriculum for the next semester. Also, you may not need to migrate student apps and data because many educational institutions don't preserve data between semesters or academic years.
-
-- **Overlap existing and new cloud services.** For faculty and staff, consider overlapping the existing and new cloud services (having both services available) for one business cycle (end of semester or academic year) after migration. This overlap operation allows you to easily recover any data that might not have migrated successfully from the existing cloud services. At a minimum, overlap the user of existing and new cloud services until the user can verify the migration. The tradeoff for using this strategy is the cost of the existing cloud services. However, depending on when license renewal occurs, the cost may be minimal.
-
-## Plan for Windows device deployment
-
-
-You need to plan for Windows device deployment to help ensure that the devices are successfully installed and configured to replace the Chromebook devices. Even if the vendor that provides the devices pre-loads Windows 10 on them, you still will need to perform other tasks.
-
-In this section, you'll select a Windows device deployment strategy; plan for Active Directory Domain Services (AD DS) and Microsoft Entra services; plan for device, user, and app management; and plan for any necessary network infrastructure remediation.
-
-###
-
-**Select a Windows device deployment strategy**
-
-What decisions need to be made about Windows device deployment? You just put the device on a desk, hook up power, connect to Wi-Fi, and then let the users operate the device, right? That approach is correct, but depending on the extent of your deployment and other factors, you need to consider different deployment strategies.
-
-For each classroom that has Chromebook devices, select a combination of the following device deployment strategies:
-
-- **Deploy one classroom at a time.** In most cases, you'll want to perform your deployment in batches of devices and a classroom is an excellent way to batch devices. You can treat each classroom as a unit and check each classroom off your list after you've deployed the devices.
-
-- **Deploy based on curriculum.** Deploy the Windows devices after you've confirmed that the curriculum is ready for the Windows devices. If you deploy Windows devices without the curriculum installed and tested, you could significantly reduce the ability for students and teachers to perform effectively in the classroom. Also, deployment based on curriculum has the advantage of letting you move from classroom to classroom quickly if multiple classrooms use the same curriculum.
-
-- **Deploy side-by-side.** In some instances, you may need to have both the Chromebook and Windows devices in one or more classrooms. You can use this strategy if some of the curriculum only works on Chromebook and other parts of the curriculum works on Windows devices. This method helps prevent delays in Windows device deployment, while ensuring that students and teachers can make optimal use of technology in their curriculum.
-
-- **Deploy after apps and cloud services migration.** If you deploy a Windows device without the necessary apps and cloud services to support the curriculum, this arrangement provides only a portion of your complete solution. Ensure that the apps and cloud services are tested, provisioned, and ready for use prior to the deployment of Windows devices.
-
-- **Deploy after the migration of user and device settings.** Ensure that you've identified the user and device settings that you plan to migrate and that those settings are ready to be applied to the new Windows devices. For example, you would want to create Group Policy Objects (GPOs) to apply the user and device settings to Windows devices.
-
- If you ensure that Windows devices closely mirror the Chromebook device configuration, you'll ease user learning curve and create a sense of familiarity. Also, when you've the settings ready to be applied to the devices, it helps ensure you'll deploy your new Windows devices in a secure configuration.
-
-Record the combination of Windows device deployment strategies that you selected.
-
-###
-
-**Plan for AD DS and Microsoft Entra services**
-
-The next decision you'll need to make concerns AD DS and Microsoft Entra services. You can run AD DS on-premises, in the cloud by using Microsoft Entra ID, or a combination of both (hybrid). The decision about which of these options is best is closely tied to how you'll manage your users, apps, and devices and if you'll use Office 365 and other Azure-based cloud services.
-
-In the hybrid configuration, your on-premises AD DS user and group objects are synchronized with Microsoft Entra ID (including passwords). The synchronization happens both directions so that changes are made in both your on-premises AD DS and Microsoft Entra ID.
-
-Table 5 is a decision matrix that helps you decide if you can use only on-premises AD DS, only Microsoft Entra ID, or a combination of both (hybrid). If the requirements you select from the table require on-premises AD DS and Microsoft Entra ID, then you should select hybrid. For example, if you plan to use Office 365 and use Group Policy for management, then you would select hybrid. However, if you plan to use Office 365 and use Intune for management, then you would select only Microsoft Entra ID.
-
-Table 5. Select on-premises AD DS, Microsoft Entra ID, or hybrid
-
-|If you plan to...|On-premises AD DS|Microsoft Entra ID|Hybrid|
-|--- |--- |--- |--- |
-|Use Office 365||✔️|✔️|
-|Use Intune for management||✔️|✔️|
-|Use Microsoft Configuration Manager for management|✔️||✔️|
-|Use Group Policy for management|✔️||✔️|
-|Have devices that are domain-joined|✔️||✔️|
-|Allow faculty and students to Bring Your Own Device (BYOD) which aren't domain-joined||✔️|✔️|
-
-###
-
-**Plan device, user, and app management**
-
-You may ask the question, “Why plan for device, user, and app management before you deploy the device?” The answer is that you'll only deploy the device once, but you'll manage the device throughout the remainder of the device's lifecycle.
-
-Also, planning management before deployment is essential to being ready to support the devices as you deploy them. You want to have your management processes and technology in place when the first teachers, facility, or students start using their new Windows device.
-
-Table 6 is a decision matrix that lists the device, user, and app management products and technologies and the features supported by each product or technology. The primary device, user, and app management products and technologies include Group Policy, Microsoft Configuration Manager, Intune, and the Microsoft Deployment Toolkit (MDT). Use this decision matrix to help you select the right combination of products and technologies for your plan.
-
-Table 6. Device, user, and app management products and technologies
-
-|Desired feature|Windows provisioning packages|Group Policy|Configuration Manager|Intune|MDT|Windows Software Update Services|
-|--- |--- |--- |--- |--- |--- |--- |
-|Deploy operating system images|✔️||✔️||✔️||
-|Deploy apps during operating system deployment|✔️||✔️||✔️||
-|Deploy apps after operating system deployment|✔️|✔️|✔️||||
-|Deploy software updates during operating system deployment|||✔️||✔️||
-|Deploy software updates after operating system deployment|✔️|✔️|✔️|✔️||✔️|
-|Support devices that are domain-joined|✔️|✔️|✔️|✔️|✔️||
-|Support devices that aren't domain-joined|✔️|||✔️|✔️||
-|Use on-premises resources|✔️|✔️|✔️||✔️||
-|Use cloud-based services||||✔️|||
-
-You can use Configuration Manager and Intune with each other to provide features from both products and technologies. In some instances, you may need only one of these products or technologies. In other instances, you may need two or more to meet the device, user, and app management needs for your institution.
-
-Record the device, user, and app management products and technologies that you selected.
-
-###
-
-**Plan network infrastructure remediation**
-
-In addition to AD DS, Microsoft Entra ID, and management components, there are other network infrastructure services that Windows devices need. In most instances, Windows devices have the same network infrastructure requirements as the existing Chromebook devices.
-
-Examine each of the following network infrastructure technologies and services and determine if any remediation is necessary:
-
-- **Domain Name System (DNS)** provides translation between a device name and its associated IP address. For Chromebook devices, public facing, Internet DNS services are the most important. For Windows devices that only access the Internet, they have the same requirements.
-
- However, if you intend to communicate between Windows devices (peer-to-peer or client/server) then you'll need local DNS services. Windows devices will register their name and IP address with the local DNS services so that Windows devices can locate each other.
-
-- **Dynamic Host Configuration Protocol (DHCP)** provides automatic IP configuration for devices. Your existing Chromebook devices probably use DHCP for configuration. If you plan to immediately replace the Chromebook devices with Windows devices, then you only need to release all the DHCP reservations for the Chromebook devices prior to the deployment of Windows devices.
-
- If you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that your DHCP service has adequate IP addresses available for both sets of devices.
-
-- **Wi-Fi.** Chromebook devices are designed to connect to Wi-Fi networks. Windows devices are the same. Your existing Wi-Fi network for the Chromebook devices should be adequate for the same number of Windows devices.
-
- If you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that Wi-Fi network can support the number of devices.
-
-- **Internet bandwidth.** Chromebook devices consume more Internet bandwidth (up to 700 times more) than Windows devices. This consumption behavior means that if your existing Internet bandwidth is adequate for the Chromebook devices, then the bandwidth will be more than adequate for Windows devices.
-
- However, if you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that your Internet connection can support the number of devices.
-
- For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
-
- - [Chromebook vs. Windows Notebook Network Traffic Analysis](https://www.principledtechnologies.com/Microsoft/Chromebook_PC_network_traffic_0613.pdf)
-
- - [Hidden Cost of Chromebook Deployments](https://www.principledtechnologies.com/Microsoft/Windows_Chromebook_bandwidth_0514.pdf)
-
- - [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://www.principledtechnologies.com/Microsoft/Windows_8.1_vs_Chromebooks_in_Education_0715.pdf)
-
-- **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This condition means that your existing power outlets should support the same number of Windows devices.
-
- If you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, you need to ensure that the power outlets, power strips, and other power management components can support the number of devices.
-
-At the end of this process, you may determine that no network infrastructure remediation is necessary. If so, you can skip the [Perform network infrastructure remediation](#network-infra-remediation) section of this guide.
-
-## Perform Chromebook migration
-
-
-Thus far, planning has been the primary focus. Believe it or not most of the work is now done. The rest of the Chromebook migration is just the implementation of the plan you've created.
-
-In this section, you'll perform the necessary steps for the Chromebook device migration. You'll perform the migration based on the planning decision that you made in the [Plan Chromebook migration](#plan-migration) section earlier in this guide.
-
-You must perform some of the steps in this section in a specific sequence. Each section has guidance about when to perform a step. You can perform other steps before, during, or after the migration. Again, each section will tell you if the sequence is important.
-
-## Perform network infrastructure remediation
-
-
-The first migration task is to perform any network infrastructure remediation. In the [Plan network infrastructure remediation](#plan-network-infra-remediation) section, you determined the network infrastructure remediation (if any) that you needed to perform.
-
-It's important that you perform any network infrastructure remediation first because the remaining migration steps are dependent on the network infrastructure. Use the following Microsoft network infrastructure products and technologies:
-
-- [Core network guidance for Windows Server](/windows-server/networking/core-network-guide/core-network-guide-windows-server)
-- [DHCP overview](/windows-server/networking/technologies/dhcp/dhcp-top)
-- [DNS overview](/windows-server/networking/dns/dns-top)
-
-If you use network infrastructure products and technologies from other vendors, refer to the vendor documentation on how to perform the necessary remediation. If you determined that no remediation is necessary, you can skip this section.
-
-
-
-## Perform AD DS and Microsoft Entra services deployment or remediation
-
-
-It's important that you perform AD DS and Microsoft Entra services deployment or remediation right after you finish network infrastructure remediation. Many of the remaining migration steps are dependent on you having your identity system (AD DS or Microsoft Entra ID) in place and up to necessary expectations.
-
-In the [Plan for Active Directory services](#plan-adservices) section, you determined the AD DS and/or Microsoft Entra deployment or remediation (if any) that needed to be performed. Use the following resources to deploy or remediate on-premises AD DS, Microsoft Entra ID, or both:
-
-- [Core network guidance for Windows Server](/windows-server/networking/core-network-guide/core-network-guide-windows-server)
-- [AD DS overview](/windows-server/identity/ad-ds/active-directory-domain-services)
-- [Microsoft Entra documentation](/azure/active-directory/)
-- [Microsoft Entra ID P1 or P2](https://azure.microsoft.com/pricing/details/active-directory/)
-- [Safely virtualizing Active Directory Domain Services (AD DS)](/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100)|
-
-If you decided not to migrate to AD DS or Microsoft Entra ID as a part of the migration, or if you determined that no remediation is necessary, you can skip this section. If you use identity products and technologies from another vendor, refer to the vendor documentation on how to perform the necessary steps.
-
-## Prepare device, user, and app management systems
-
-In the [Plan device, user, and app management](#plan-userdevapp-manage) section of this guide, you selected the products and technologies that you'll use to manage devices, users, and apps on Windows devices. You need to prepare your management systems prior to Windows 10 device deployment. You'll use these management systems to manage the user and device settings that you selected to migrate in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section. You need to prepare these systems prior to the migration of user and device settings.
-
-Use the following Microsoft management systems and the deployment resources to prepare (deploy or remediate) these management systems.
-
-- [Microsoft Intune](/mem/intune/fundamentals/setup-steps)
-
-- [Windows Autopilot](/mem/autopilot/windows-autopilot)
-
-- Microsoft Configuration Manager [core infrastructure documentation](/mem/configmgr/core/)
-
-- Provisioning packages:
-
- - [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
- - [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
- - [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)
-
-- Group policy
-
- - [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
- - [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))
-
-If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
-
-## Perform app migration or replacement
-
-
-In the [Plan for app migration or replacement](#plan-app-migrate-replace) section, you identified the apps currently in use on Chromebook devices and selected the Windows apps that will replace the Chromebook apps. You also performed app compatibility testing for web apps to ensure that web apps on the Chromebook devices would run on Microsoft Edge and Internet Explorer.
-
-In this step, you need to configure your management system to deploy the apps to the appropriate Windows users and devices. Use the following Microsoft management systems and the app deployment resources to configure these management systems to deploy the apps that you selected in the [Plan for app migration or replacement](#plan-app-migrate-replace) section of this guide.
-
-- [Manage apps in Microsoft Intune](/mem/intune/apps/)
-- [App management in Configuration Manager](/mem/configmgr/apps/)
-- Group policy
- - [Edit an AppLocker policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10))
- - [Group policy software deployment background](/previous-versions/windows/it-pro/windows-server-2003/cc739305(v=ws.10))
- - [Assigning and publishing software](/previous-versions/windows/it-pro/windows-server-2003/cc783635(v=ws.10))
-
-If you determined that no deployment of apps is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
-
-## Perform migration of user and device settings
-
-In the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, you determined the user and device settings that you want to migrate. You selected settings that are configured in the Google Admin Console and locally on the Chromebook device.
-
-Perform the user and device setting migration by using the following steps:
-
-1. From the list of institution-wide settings that you created in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, configure as many as possible in your management system (such as Group Policy, Configuration Manager, or Intune).
-
-2. From the list of device-specific settings that you created in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, configure device-specific setting for higher priority settings.
-
-3. From the list of user-specific settings that you created in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, configure user-specific setting for higher priority settings.
-
-4. Verify that all higher-priority user and device settings have been configured in your management system.
-
-If you do no want to migrate any user or device settings from the Chromebook devices to the Windows devices, you can skip this section.
-
-## Perform email migration
-
-
-In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
-
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](/Exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes).
-
-Alternatively, if you want to migrate to Office 365 from:
-
-- **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
-
- - [What you need to know about a cutover email migration in Exchange Online](/exchange/mailbox-migration/what-to-know-about-a-cutover-migration)
-
- - [Step-By-Step: Migration of Exchange 2003 Server to Office 365](/archive/blogs/canitpro/step-by-step-migration-of-exchange-2003-server-to-office-365)
-
- - [Step-By-Step: Migrating from Exchange 2007 to Office 365](/archive/blogs/canitpro/step-by-step-migrating-from-exchange-2007-to-office-365)
-
-- **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
-
-## Perform cloud storage migration
-
-In the [Plan for cloud storage migration](#plan-cloud-storage-migration) section, you identified the cloud storage services currently in use, selected the Microsoft cloud storage services that you'll use, and optimized your cloud storage services migration plan. You can perform the cloud storage migration before or after you deploy the Windows devices.
-
-Manually migrate the cloud storage migration by using the following steps:
-
-1. Install both Google Drive app and OneDrive for Business or OneDrive app on a device.
-
-2. Sign in as the user in the Google Drive app.
-
-3. Sign in as the user in the OneDrive for Business or OneDrive app.
-
-4. Copy the data from the Google Drive storage to the OneDrive for Business or OneDrive storage.
-
-5. Optionally uninstall the Google Drive app.
-
-There are also many software vendors who provide software that helps automate the migration from Google Drive to OneDrive for Business, Office 365 SharePoint, or OneDrive. For more information about these automated migration tools, contact the vendors.
-
-## Perform cloud services migration
-
-
-In the [Plan for cloud services migration](#plan-cloud-services)section, you identified the cloud services currently in use, selected the cloud services that you want to migrate, prioritized the cloud services to migrate, and then selected the cloud services migration strategy. You can perform the cloud services migration before or after you deploy the Windows devices.
-
-Migrate the cloud services that you currently use to the Microsoft cloud services that you selected. For example, you could migrate from a collaboration website to Office 365 SharePoint. Perform the cloud services migration based on the existing cloud services and the Microsoft cloud services that you selected.
-
-There are also many software vendors who provide software that helps automate the migration from other cloud services to Microsoft cloud services. For more information about these automated migration tools, contact the vendors.
-
-## Perform Windows device deployment
-
-
-In the [Select a Windows device deployment strategy](#select-windows-device-deploy) section, you selected how you wanted to deploy Windows 10 devices. The other migration task that you designed in the [Plan for Windows device deployment](#plan-windevice-deploy) section have already been performed. Now it's time to deploy the actual devices.
-
-For example, if you selected to deploy Windows devices by each classroom, start with the first classroom and then proceed through all of the classrooms until you’ve deployed all Windows devices.
-
-In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager or MDT. For more information on how to deploy Windows 10 images to the devices, see the following resources:
-
-- [OS deployment in Configuration Manager](/mem/configmgr/osd/)
-
-- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
-
-- [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
-
-- [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)
-
-In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
-
-- Enroll the device with your management system.
-
-- Ensure that Windows Defender is enabled and configured to receive updates.
-
-- Ensure that Windows Update is enabled and configured to receive updates.
-
-- Deploy any apps that you want the user to immediately be able to access when they start the device (such as Word 2016 or Excel 2016).
-
-After you complete these steps, your management system should take over the day-to-day maintenance tasks for the Windows 10 devices. Verify that the user and device settings migrated correctly as you deploy each batch of Windows 10 devices. Continue this process until you deploy all Windows 10 devices.
-
-## Related topics
-
-[Try it out: Windows 10 deployment (for education)](../index.yml)
-
-[Try it out: Windows 10 in the classroom](../index.yml)
diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md
index 8f3304ae76..75606b7b94 100644
--- a/education/windows/configure-aad-google-trust.md
+++ b/education/windows/configure-aad-google-trust.md
@@ -26,7 +26,7 @@ To test federation, the following prerequisites must be met:
1. A Google Workspace environment, with users already created
> [!IMPORTANT]
> Users require an email address defined in Google Workspace, which is used to match the users in Microsoft Entra ID.
- > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-azure-ad).
+ > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-microsoft-entra-id).
1. Individual Microsoft Entra accounts already created: each Google Workspace user will require a matching account defined in Microsoft Entra ID. These accounts are commonly created through automated solutions, for example:
- School Data Sync (SDS)
- Microsoft Entra Connect Sync for environment with on-premises AD DS
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
deleted file mode 100644
index 43162f541c..0000000000
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ /dev/null
@@ -1,1292 +0,0 @@
----
-title: Deploy Windows 10 in a school district
-description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Entra ID, use Microsoft Configuration Manager, Intune, and Group Policy to manage devices.
-ms.topic: how-to
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Deploy Windows 10 in a school district
-
-This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Entra ID; and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
-
-## Prepare for district deployment
-
-Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. As with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you'll manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district.
-
-> [!NOTE]
-> This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/cloud-platform/mobile-device-management).
-
-### Plan a typical district configuration
-
-As part of preparing for your district deployment, you need to plan your district configuration — the focus of this guide. Figure 1 illustrates a typical finished district configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
-
-> [!div class="mx-imgBorder"]
-> 
-
-*Figure 1. Typical district configuration for this guide*
-
-A *district* consists of multiple schools, typically at different physical locations. Figure 2 illustrates a typical school configuration within the district that this guide uses.
-
-> [!div class="mx-imgBorder"]
-> 
-
-*Figure 2. Typical school configuration for this guide*
-
-Finally, each school consists of multiple classrooms. Figure 3 shows the classroom configuration this guide uses.
-
-> [!div class="mx-imgBorder"]
-> 
-
-*Figure 3. Typical classroom configuration in a school*
-
-This district configuration has the following characteristics:
-
-* It contains one or more admin devices.
-
-* It contains two or more schools.
-
-* Each school contains two or more classrooms.
-
-* Each classroom contains one teacher device.
-
-* The classrooms connect to each other through multiple subnets.
-
-* All devices in each classroom connect to a single subnet.
-
-* All devices have high-speed, persistent connections to each other and to the Internet.
-
-* All teachers and students have access to Microsoft Store or Microsoft Store for Business.
-
-* You install a 64-bit version of Windows 10 on the admin device.
-
-* You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device.
-
-* You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device.
-
- > [!NOTE]
- > In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
-
-* The devices use Microsoft Entra ID in Office 365 Education for identity management.
-
-* If you've on-premises AD DS, you can [integrate Microsoft Entra ID with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
-
-* Use [Intune](/intune/), [Mobile Device Management for Office 365](/microsoft-365/admin/basic-mobility-security/set-up), or [Group Policy in AD DS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725828(v=ws.10)) to manage devices.
-
-* Each device supports a one-student-per-device or multiple-students-per-device scenario.
-
-* The devices can be a mixture of different make, model, and processor architecture (32-bit or 64-bit) or be identical.
-
-* To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment (PXE) boot.
-
-* The devices can be a mixture of different Windows 10 editions, such as Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education.
-
-Use these characteristics at a minimum as you deploy your schools. If your district deployment is less complex, you may want to review the guidance in [Deploy Windows 10 in a school](./deploy-windows-10-in-a-school.md).
-
-> [!NOTE]
-> This guide focuses on Intune as the mobile device management (MDM) solution. If you want to use an MDM solution other than Intune, ignore the Intune-specific content in this guide. For each section, contact your MDM provider to determine the features and management capabilities for your institution.
-
-Office 365 Education allows:
-
-* Students and faculty to use Microsoft Office to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
-
-* Teachers to use the [OneNote Class Notebook app](https://www.onenote.com/classnotebook) to share content and collaborate with students.
-
-* Faculty to use the [OneNote Staff Notebooks app](https://www.onenote.com/staffnotebookedu) to collaborate with other teachers, the administration, and faculty.
-
-* Teachers to employ Sway to create interactive educational digital storytelling.
-
-* Students and faculty to use email and calendars, with mailboxes up to 50 GB per user.
-
-* Faculty to use advanced email features like email archiving and legal hold capabilities.
-
-* Faculty to help prevent unauthorized users from accessing documents and email by using Microsoft Azure Rights Management.
-
-* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal.
-
-* Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business.
-
-* Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
-
-* Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.
-
-* Students and faculty to use Office 365 Video to manage videos.
-
-* Students and faculty to use Viva Engage to collaborate through private social networking.
-
-* Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
-
-For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://www.microsoft.com/microsoft-365/academic/compare-office-365-education-plans).
-
-### How to configure a district
-
-Now that you've the plan (blueprint) for your district and individual schools and classrooms, you’re ready to learn about the tools you'll use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
-
-The primary tool you'll use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
-
-You can use MDT as a stand-alone tool or integrate it with Microsoft Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as Configuration Manager) but result in fully automated deployments.
-
-This guide focuses on LTI deployments to deploy the reference device. You can use ZTI deployments with Configuration Manager or LTI deployments to deploy the reference images to your faculty and student devices. If you want to only use MDT, see [Deploy Windows 10 in a school](./deploy-windows-10-in-a-school.md).
-
-MDT includes the Deployment Workbench, a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices.
-
-LTI performs deployment from a *deployment share* — a network-shared folder on the device on which you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You'll learn more about MDT in [Prepare the admin device](#prepare-the-admin-device), earlier in this article.
-
-The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with Intune, the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
-
-ZTI performs fully automated deployments using Configuration Manager and MDT. Although you could use Configuration Manager by itself, using Configuration Manager with MDT provides an easier process for deploying operating systems. MDT works with the operating system deployment feature in Configuration Manager.
-
-The configuration process requires the following devices:
-
-* **Admin device.** This device is the one you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the Configuration Manager Console on this device.
-
-* **Reference devices.** These devices are the ones that you'll use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices.
-
- You'll have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all).
-
-* **Faculty and staff devices.** These devices are the ones that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
-
-* **Student devices.** The students will use these devices. You'll use the admin device deploy (or upgrade) Windows 10 and apps to them.
-
-The high-level process for deploying and configuring devices within individual classrooms, individual schools, and the district as a whole is as follows and illustrated in Figure 4:
-
-1. Prepare the admin device for use, which includes installing the Windows ADK, MDT, and the Configuration Manager console.
-
-2. On the admin device, create and configure the Office 365 Education subscription that you'll use for the district’s classrooms.
-
-3. On the admin device, configure integration between on-premises AD DS and Microsoft Entra ID (if you've an on premises AD DS configuration).
-
-4. On the admin device, create and configure a Microsoft Store for Business portal.
-
-5. On the admin device, prepare for management of the Windows 10 devices after deployment.
-
-6. On the reference devices, deploy Windows 10 and the Windows desktop apps on the device, and then capture the reference image from the devices.
-
-7. Import the captured reference images into MDT or Microsoft Configuration Manager.
-
-8. On the student and faculty devices, deploy Windows 10 to new or existing devices, or upgrade eligible devices to Windows 10.
-
-9. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS–Microsoft Entra integration.
-
-> [!div class="mx-imgBorder"]
-> 
-
-*Figure 4. How district configuration works*
-
-Each step illustrated in Figure 4 directly corresponds to the remaining high-level sections in this guide.
-
-#### Summary
-
-In this district, you looked at the final configuration of your individual classrooms, individual schools, and the district as a whole upon completion of this guide. You also learned the high-level steps for deploying the faculty and student devices in your district.
-
-## Select deployment and management methods
-
-Now that you know what a typical district looks like and how to configure the devices in your district, you need to make a few decisions. You must select the methods you’ll use to deploy Windows 10 to the faculty and student devices in your district. Next, you must select the method you’ll use to manage configuration settings for your users and devices. Finally, you must select the method you’ll use to manage Windows desktop apps, Microsoft Store apps, and software updates.
-
-### Typical deployment and management scenarios
-
-Before you select the deployment and management methods, you need to review the typical deployment and management scenarios (the cloud-centric scenario and the on-premises and cloud scenario). Table 1 lists the scenario feature and the corresponding products and technologies for that feature in each scenario.
-
-|Scenario feature |Cloud-centric|On-premises and cloud|
-|---|---|---|
-|Identity management | Microsoft Entra ID (stand-alone or integrated with on-premises AD DS) | AD DS integrated with Microsoft Entra ID |
-|Windows 10 deployment | MDT only | Microsoft Configuration Manager with MDT |
-|Configuration setting management | Intune | Group Policy
Intune|
-|App and update management | Intune |Microsoft Configuration Manager
Intune|
-
-*Table 1. Deployment and management scenarios*
-
-These scenarios assume the need to support:
-
-* Institution-owned and personal devices.
-* AD DS domain-joined and nondomain-joined devices.
-
-Some constraints exist in these scenarios. As you select the deployment and management methods for your device, keep the following constraints in mind:
-
-* You can use Group Policy or Intune to manage configuration settings on a device but not both.
-* You can use Configuration Manager or Intune to manage apps and updates on a device but not both.
-* You can't manage multiple users on a device with Intune if the device is AD DS domain joined.
-
-Use the cloud-centric scenario and on-premises and cloud scenario as a guide for your district. You may need to customize these scenarios, however, based on your district. As you go through the [Select the deployment methods](#select-the-deployment-methods), [Select the configuration setting management methods](#select-the-configuration-setting-management-methods), and the [Select the app and update management products](#select-the-app-and-update-management-products) sections, remember these scenarios and use them as the basis for your district.
-
-### Select the deployment methods
-
-To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Configuration Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
-
-|Method|Description|
-|--- |--- |
-|MDT|MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Microsoft Store apps and software updates.
Select this method when you:
The advantages of this method are that:
The disadvantages of this method are that it:
Select this method when you:
The advantages of this method are that:
The disadvantages of this method are that it:
Select this method when you
The advantages of this method include:
The disadvantages of this method are that it:
Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with Configuration Manager is unavailable.
Select this method when you:
The advantages of this method are that:
The disadvantages of this method are that it:
The advantages of this method are that:
The disadvantages of this method are that it:
Select this method when you:
The advantages of this method are that:
The disadvantages of this method are that it:
Configuration Manager and Intune in the hybrid configuration allows you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.
Select this method when you:
The advantages of this method are that:
The disadvantages of this method are that it:
|
|
- |Microsoft 365 Apps for enterprise |
|
|
-
- *Table 8. Comparison of standard and Microsoft 365 Apps for enterprise plans*
-
- The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
-
-3. Determine whether students or faculty need Azure Rights Management.
-
- You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management Documentation](/rights-management/).
-
-4. Record the Office 365 Education license plans needed for the classroom in Table 9.
-
- |Quantity |Plan |
- |---------|-----|
- | |Office 365 Education for students|
- | |Office 365 Education for faculty|
- | |Azure Rights Management for students|
- | |Azure Rights Management for faculty|
-
- *Table 9. Office 365 Education license plans needed for the classroom*
-
-You'll use the Office 365 Education license plan information you record in Table 9 in [Create user accounts in Office 365](#create-user-accounts-in-office-365) later in this guide.
-
-### Create a new Office 365 Education subscription
-
-To create a new Office 365 Education subscription for use in the classroom, use your educational institution’s email account. There are no costs to you or to students for signing up for Office 365 Education subscriptions.
-
-> [!NOTE]
-> If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Create user accounts in Office 365](#create-user-accounts-in-office-365).
-
-#### To create a new Office 365 subscription
-
-1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
-
- > [!NOTE]
- > If you've already used your current sign-in account to create a new Office 365 subscription, you'll be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
- >
- > - In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap More actions), and then click or tap New InPrivate window.
- >
- > - In Internet Explorer 11, open Internet Explorer 11 (press Ctrl+Shift+P, or click or tap Settings), click or tap Safety, and then click or tap InPrivate Browsing.
-
-
-2. On the **Get started** page, in **Enter your school email address**, type your school email address, and then click **Sign up**.
-
- You'll receive an email in your school email account.
-3. Click the hyperlink in the email in your school email account.
-
-4. On the **One last thing** page, complete your user information, and then click **Start**.
-
-
-The wizard creates your new Office 365 Education subscription, and you’re automatically signed in as the administrative user you specified when you created the subscription.
-
-### Add domains and subdomains
-
-Now that you've created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has contoso.edu as the primary domain name but you've subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
-
-#### To add more domains and subdomains
-
-1. In the admin center, in the list view, click **DOMAINS**.
-
-2. In the details pane, above the list of domains, on the menu bar, click **Add domain**.
-
-3. In the Add a New Domain in Office 365 Wizard, on the **Verify domain** wizard page, click **Let’s get started**.
-
-4. On the **Verify domain** wizard page, in **Enter a domain you already own**, type your domain name, and then click **Next**.
-
-5. Sign in to your domain name management provider (for example, Network Solutions or GoDaddy), and then complete the steps for your provider.
-
-6. Repeat these steps for each domain and subdomain you want faculty and students to use for your institution.
-
-### Configure automatic tenant join
-
-To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
-
-> [!NOTE]
-> By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Microsoft Entra Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up FAQ](/microsoft-365/education/deploy/office-365-education-self-sign-up).
-
-Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
-
-* If an Office 365 tenant with that domain name (contoso.edu) exists, Office 365 automatically adds the user to that tenant.
-* If an Office 365 tenant with that domain name (contoso.edu) doesn't exist, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
-
-You'll always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before you allow other faculty and students to join Office 365.
-
-> [!NOTE]
-> You can't merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
-
-By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up).
-
-|Action |Windows PowerShell command|
-|-------|--------------------------|
-|Enable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $true` |
-|Disable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $false` |
-
-*Table 10. Windows PowerShell commands to enable or disable automatic tenant join*
-
-> [!NOTE]
-> If your institution has AD DS, then disable automatic tenant join. Instead, use Microsoft Entra integration with AD DS to add users to your Office 365 tenant.
-
-### Disable automatic licensing
-
-To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that don't require administrative approval.
-
-> [!NOTE]
-> By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
-
-Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up).
-
-|Action |Windows PowerShell command|
-|-------|--------------------------|
-|Enable |`Set-MsolCompanySettings -AllowAdHocSubscriptions $true` |
-|Disable|`Set-MsolCompanySettings -AllowAdHocSubscriptions $false`|
-
-*Table 11. Windows PowerShell commands to enable or disable automatic licensing*
-
-
-
-### Enable Microsoft Entra ID P1 or P2
-
-When you create your Office 365 subscription, you create an Office 365 tenant that includes a Microsoft Entra directory, the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Microsoft Entra integrated apps. Microsoft Entra ID is available in Free, Basic, and Premium editions. Microsoft Entra ID Free, which is included in Office 365 Education, has fewer features than Microsoft Entra Basic, which in turn has fewer features than Microsoft Entra ID P1 or P2.
-
-Educational institutions can obtain Microsoft Entra Basic edition licenses at no cost if they have a volume license agreement. After your institution obtains its licenses, activate your Microsoft Entra ID access by completing the steps in [Step 3: Activate your Microsoft Entra ID access](/azure/active-directory/fundamentals/active-directory-get-started-premium#step-3-activate-your-azure-active-directory-access).
-
-The following Microsoft Entra ID P1 or P2 features aren't in Microsoft Entra Basic:
-
-* Allow designated users to manage group membership
-* Dynamic group membership based on user metadata
-* Microsoft Entra multifactor authentication (MFA; see [What is Microsoft Entra multifactor authentication](/azure/active-directory/authentication/concept-mfa-howitworks))
-* Identify cloud apps that your users run
-* Self-service recovery of BitLocker
-* Add local administrator accounts to Windows 10 devices
-* Microsoft Entra Connect Health monitoring
-* Extended reporting capabilities
-
-You can assign Microsoft Entra ID P1 or P2 licenses to the users who need these features. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Microsoft Entra ID P1 or P2 to only those users.
-
-You can sign up for Microsoft Entra ID P1 or P2, and then assign licenses to users. In this section, you sign up for Microsoft Entra ID P1 or P2. You'll assign Microsoft Entra ID P1 or P2 licenses to users later in the deployment process.
-
-For more information about:
-
-* Microsoft Entra editions and the features in each, see [Microsoft Entra editions](/azure/active-directory/fundamentals/active-directory-whatis).
-* How to enable Microsoft Entra ID P1 or P2, see [Associate a Microsoft Entra directory with a new Azure subscription](/previous-versions/azure/azure-services/jj573650(v=azure.100)#create_tenant3).
-
-#### Summary
-
-You provision and initially configure Office 365 Education as part of initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Microsoft Entra ID P1 or P2 enabled (if necessary), you’re ready to select the method you'll use to create user accounts in Office 365.
-
-## Select an Office 365 user account–creation method
-
-Now that you've an Office 365 subscription, you must determine how you’ll create your Office 365 user accounts. Use one of the following methods to make your decision:
-
-* Method 1: Automatically synchronize your on-premises AD DS domain with Microsoft Entra ID. Select this method if you've an on-premises AD DS domain.
-* Method 2: Bulk-import the user accounts from a .csv file (based on information from other sources) into Microsoft Entra ID. Select this method if you don’t have an on-premises AD DS domain.
-
-
-
-### Method 1: Automatic synchronization between AD DS and Microsoft Entra ID
-
-In this method, you've an on-premises AD DS domain. As shown in Figure 5, the Microsoft Entra Connector tool automatically synchronizes AD DS with Microsoft Entra ID. When you add or change any user accounts in AD DS, the Microsoft Entra Connector tool automatically updates Microsoft Entra ID.
-
-> [!NOTE]
-> Microsoft Entra Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](/previous-versions/mim/dn510997(v=ws.10)).
-
-> [!div class="mx-imgBorder"]
-> 
-
-*Figure 5. Automatic synchronization between AD DS and Microsoft Entra ID*
-
-For more information about how to perform this step, see the [Integrate on-premises AD DS with Microsoft Entra ID](#integrate-on-premises-ad-ds-with-azure-ad) section later in this guide.
-
-
-
-### Method 2: Bulk import into Microsoft Entra ID from a .csv file
-
-In this method, you've no on-premises AD DS domain. As shown in Figure 6, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Microsoft Entra ID. The .csv file must be in the format that Office 365 specifies.
-
-> [!div class="mx-imgBorder"]
-> 
-
-*Figure 6. Bulk import into Microsoft Entra ID from other sources*
-
-To implement this method, perform the following steps:
-
-1. Export the student information from the source.
-
- Put the student information in the format the bulk-import feature requires.
-2. Bulk-import the student information into Microsoft Entra ID.
-
- For more information about how to perform this step, see the [Bulk-import user and group accounts into Office 365](#bulk-import-user-and-group-accounts-into-office-365) section.
-
-#### Summary
-
-In this section, you selected the method for creating user accounts in your Office 365 subscription. Ultimately, these user accounts are in Microsoft Entra ID (which is the identity management system for Office 365). Now, you’re ready to create your Office 365 accounts.
-
-
-
-## Integrate on-premises AD DS with Microsoft Entra ID
-
-You can integrate your on-premises AD DS domain with Microsoft Entra ID to provide identity management for your Office 365 tenant. With this integration, you can synchronize the users, security groups, and distribution lists in your AD DS domain with Microsoft Entra ID with the Microsoft Entra Connect tool. Users will be able to sign in to Office 365 automatically by using their email account and the same password they use to sign in to AD DS.
-
-> [!NOTE]
-> If your institution doesn't have an on-premises AD DS domain, you can skip this section.
-
-### Select a synchronization model
-
-Before you deploy AD DS and Microsoft Entra synchronization, determine where you want to deploy the server that runs Microsoft Entra Connect.
-
-You can deploy the Microsoft Entra Connect tool:
-
-- **On premises.** As shown in Figure 7, Microsoft Entra Connect runs on premises which has the advantage of not requiring a VPN connection to Azure. It does, however, require a virtual machine (VM) or physical server.
-
- > [!div class="mx-imgBorder"]
- > 
-
- *Figure 7. Microsoft Entra Connect on premises*
-
-- **In Azure.** As shown in Figure 8, Microsoft Entra Connect runs on a VM in Microsoft Entra ID, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
-
- > [!div class="mx-imgBorder"]
- > 
-
- *Figure 8. Microsoft Entra Connect in Azure*
-
-This guide describes how to run Microsoft Entra Connect on premises. For information about running Microsoft Entra Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](/microsoft-365/enterprise/deploy-microsoft-365-directory-synchronization-dirsync-in-microsoft-azure).
-
-
-
-### Deploy Microsoft Entra Connect on premises
-
-In this synchronization model (illustrated in Figure 7), you run Microsoft Entra Connect on premises on a physical device or in a VM. Microsoft Entra Connect synchronizes AD DS user and group accounts with Microsoft Entra ID and includes a wizard that helps you configure Microsoft Entra Connect for your AD DS domain and Office 365 subscription. First, you install Microsoft Entra Connect; then, you run the wizard to configure it for your institution.
-
-
-
-#### To deploy AD DS and Microsoft Entra synchronization
-
-1. Configure your environment to meet the prerequisites for installing Microsoft Entra Connect by performing the steps in [Prerequisites for Microsoft Entra Connect](/azure/active-directory/cloud-sync/how-to-prerequisites).
-
-2. In the VM or on the physical device that will run Microsoft Entra Connect, sign in with a domain administrator account.
-
-3. Install Microsoft Entra Connect by performing the steps in [Install Microsoft Entra Connect](/azure/active-directory/hybrid/whatis-hybrid-identity#install-azure-ad-connect).
-
-4. Configure Microsoft Entra Connect features based on your institution’s requirements by performing the steps in [Configure sync features](/azure/active-directory/hybrid/whatis-hybrid-identity#configure-sync-features).
-
-Now that you've used on premises Microsoft Entra Connect to deploy AD DS and Microsoft Entra synchronization, you’re ready to verify that Microsoft Entra Connect is synchronizing AD DS user and group accounts with Microsoft Entra ID.
-
-### Verify synchronization
-
-Microsoft Entra Connect should start synchronization immediately. Depending on the number of users in your AD DS domain, the synchronization process can take some time. To monitor the process, view the number of AD DS users and groups the tool has synchronized with Microsoft Entra ID in the Office 365 admin console.
-
-
-
-#### To verify AD DS and Microsoft Entra synchronization
-
-1. Open https://portal.office.com in your web browser.
-
-2. Using the administrative account that you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section, sign in to Office 365.
-
-3. In the list view, expand USERS, and then click **Active Users**.
-
-4. In the details pane, view the list of users.
-
- The list of users should mirror the users in AD DS.
-5. In the list view, click **GROUPS**.
-
-6. In the details pane, view the list of security groups.
-
- The list of users should mirror the security groups in AD DS.
-7. In the details pane, double-click one of the security groups.
-
- The list of security group members should mirror the group membership for the corresponding security group in AD DS.
-8. Close the browser.
-
-Now that you've verified Microsoft Entra Connect synchronization, you’re ready to assign user licenses for Microsoft Entra ID P1 or P2.
-
-#### Summary
-
-In this section, you selected your synchronization model, deployed Microsoft Entra Connect, and verified that Microsoft Entra ID is synchronizing properly.
-
-## Bulk-import user and group accounts into AD DS
-
-You can bulk-import user and group accounts into your on-premises AD DS domain. Bulk-importing accounts helps reduce the time and effort needed to create users compared to creating the accounts manually in the Office 365 Admin portal. First, you select the appropriate method for bulk-importing user accounts into AD DS. Next, you create the .csv file that contains the user accounts. Finally, you use the selected method to import the .csv file into AD DS.
-
-> [!NOTE]
-> If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
-
-### Select the bulk import method
-
-Several methods are available to bulk-import user accounts into AD DS domains. Table 12 lists the methods that the Windows Server operating system supports natively. In addition, you can use partner solutions to bulk-import user and group accounts into AD DS.
-
-|Method |Description and reason to select this method |
-|-------|---------------------------------------------|
-|Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren't comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).|
-|VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)).|
-|Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Windows PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
-
-*Table 12. AD DS bulk-import account methods*
-
-### Create a source file that contains the user and group accounts
-
-After you've selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 13 lists the source file format for the bulk import methods.
-
-|Method |Source file format |
-|-------|-------------------|
-|Ldifde.exe |Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).|
-|VBScript |VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)).|
-|Windows PowerShell |Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). |
-
-*Table 13. Source file format for each bulk import method*
-
-### Import the user accounts into AD DS
-
-With the bulk-import source file finished, you’re ready to import the user and group accounts into AD DS. The steps for importing the file are slightly different for each method.
-
-> [!NOTE]
-> Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts.
-
-For more information about how to import user accounts into AD DS by using:
-
-* Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).
-* VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)).
-* Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).
-
-#### Summary
-
-In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts into AD DS. If you've Microsoft Entra Connect, it automatically synchronizes the new AD DS user and group accounts to Microsoft Entra ID. Now, you’re ready to assign user licenses for Microsoft Entra ID P1 or P2 in the [Assign user licenses for Microsoft Entra ID P1 or P2](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
-
-## Bulk-import user and group accounts into Office 365
-
-You can bulk-import user and group accounts directly into Office 365, reducing the time and effort required to create users. First, you bulk-import the user accounts into Office 365. Then, you create the security groups for your institution. Finally, you create the email distribution groups your institution requires.
-
-### Create user accounts in Office 365
-
-Now that you've created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
-
-> [!NOTE]
-> If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Microsoft Entra integration to synchronize the security groups with your Office 365 tenant.
-
-You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you've many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
-
-The bulk-add process assigns the same Office 365 Education license plan to all users on the list. Therefore, you must create a separate list for each license plan you recorded in Table 9. Depending on the number of faculty members who need to use the classroom, you may want to add the faculty Office 365 accounts manually; however, use the bulk-add process to add student accounts.
-
-For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Microsoft 365](/microsoft-365/enterprise/add-several-users-at-the-same-time).
-
-> [!NOTE]
-> If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
-
-The email accounts are assigned temporary passwords on creation. You must communicate these temporary passwords to your users before they can sign in to Office 365.
-
-### Create Office 365 security groups
-
-Assign SharePoint Online resource permissions to Office 365 security groups, not individual user accounts. For example, create one security group for faculty members and another for students. Then, you can assign unique SharePoint Online resource permissions to faculty members and a different set of permissions to students. Add or remove users from the security groups to grant or revoke access to SharePoint Online resources.
-
-> [!NOTE]
-> If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Microsoft Entra integration to synchronize the security groups with your Office 365 tenant.
-
-For information about creating security groups, see [Create an Office 365 Group in the admin center](/microsoft-365/admin/create-groups/create-groups).
-
-You can add and remove users from security groups at any time.
-
-> [!NOTE]
-> Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may have to sign out, and then sign in again for the change to take effect.
-
-### Create email distribution groups
-
-Microsoft Exchange Online uses an email distribution group as a single email recipient for multiple users. For example, you could create an email distribution group that contains all students. Then, you could send a message to the email distribution group instead of individually addressing the message to each student.
-
-You can create email distribution groups based on job role (such as teacher, administration, or student) or specific interests (such as robotics, drama club, or soccer team). You can create any number of distribution groups, and users can be members of more than one group.
-
-> [!NOTE]
-> Office 365 can take some time to complete the Exchange Online creation process. You'll have to wait until the creation process ends before you can perform the following steps.
-
-
-For information about creating email distribution groups, see [Create a Microsoft 365 group in the admin center](/microsoft-365/admin/create-groups/create-groups).
-
-#### Summary
-
-You've bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Microsoft Entra ID P1 or P2.
-
-
-
-## Assign user licenses for Microsoft Entra ID P1 or P2
-
-If you enabled Microsoft Entra ID P1 or P2 in the [Enable Microsoft Entra ID P1 or P2](#enable-azure-ad-premium) section, you must now assign Microsoft Entra ID P1 or P2 licenses to the users who need the features this edition offers. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Microsoft Entra ID P1 or P2 only to those users.
-
-For more information about assigning user licenses for Microsoft Entra ID P1 or P2, see [How to assign EMS/Azure AD Premium licenses to user accounts](https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/How-to-assign-Azure-AD-Premium-Licenses-to-user-accounts).
-
-## Create and configure a Microsoft Store for Business portal
-
-Microsoft Store for Business allows you to create your own private portal to manage Microsoft Store apps in your institution. With Microsoft Store for Business, you can:
-
-* Find and acquire Microsoft Store apps.
-* Manage apps, app licenses, and updates.
-* Distribute apps to your users.
-
-
-For more information about Microsoft Store for Business, see [Microsoft Store for Business overview](/microsoft-store/microsoft-store-for-business-overview).
-
-This section shows you how to create a Microsoft Store for Business portal and configure it for your school.
-
-### Create and configure your Microsoft Store for Business portal
-
-To create and configure your Microsoft Store for Business portal, use the administrative account for your Office 365 subscription to sign in to Microsoft Store for Business. Microsoft Store for Business automatically creates a portal for your institution and uses your account as its administrator.
-
-#### To create and configure a Microsoft Store for Business portal
-
-1. In Microsoft Edge or Internet Explorer, type `https://microsoft.com/business-store` in the address bar.
-
-2. On the **Microsoft Store for Business** page, click **Sign in with an organizational account**.
-
-3. On the Microsoft Store for Business sign-in page, use the administrative account for the Office 365 subscription you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section to sign in.
-
-4. On the **Microsoft Store for Business Services Agreement** page, review the agreement, select the **I accept this agreement and certify that I have the authority to bind my organization to its terms** check box, and then click **Accept**.
-
-5. In the **Welcome to the Microsoft Store for Business** dialog box, click **OK**.
-
-After you create the Microsoft Store for Business portal, configure it by using the commands in the **Settings** menu listed in Table 14. Depending on your institution, you may (or may not) need to change these settings to further customize your portal.
-
-|Menu selection|What can you do in this menu|
-|--------------|----------------------------|
-|Account information |Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Management Portal. For more information, see [Update Microsoft Store for Business account settings](/microsoft-store/update-microsoft-store-for-business-account-settings).|
-|Device Guard signing |Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).|
-|LOB publishers |Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps).|
-|Management tools |Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](/microsoft-store/distribute-apps-with-management-tool).|
-|Offline licensing|Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see the “Licensing model: online and offline licenses” section in [Apps in Microsoft Store for Business](/microsoft-store/apps-in-microsoft-store-for-business#licensing-model).|
-|Permissions |Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you've previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](/microsoft-store/roles-and-permissions-microsoft-store-for-business).|
-|Private store |Allows you to change the organization name used in your Microsoft Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store).|
-
-*Table 14. Menu selections to configure Microsoft Store for Business settings*
-
-### Find, acquire, and distribute apps in the portal
-
-Now that you've created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you'll add to your portal. You do this task from the **Inventory** page in Microsoft Store for Business.
-
-> [!NOTE]
-> Your educational institution can now use a credit card or purchase order to pay for apps in Microsoft Store for Business.
-
-You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users to install the apps.
-
-For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](/microsoft-store/app-inventory-management-microsoft-store-for-business).
-
-#### Summary
-
-At the end of this section, you should have a properly configured Microsoft Store for Business portal. You've also found and acquired your apps from Microsoft Store. Finally, you should have deployed all your Microsoft Store apps to your users. Now, you’re ready to deploy Microsoft Store apps to your users.
-
-## Plan for deployment
-
-You'll use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you'll use, the approach you'll use to create your Windows 10 images, and the method you'll use to initiate the LTI deployment process.
-
-### Select the operating systems
-
-Later in the process, you'll import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. In the case of:
-
-* New devices or refreshing existing devices, you'll completely replace the existing operating system on a device with Windows 10.
-* Upgrading existing devices, you'll upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
-
-
-Depending on your school’s requirements, you may need any combination of the following Windows 10 editions:
-
-- **Windows 10 Pro.** Use this operating system to:
- * Upgrade existing eligible institution-owned and personal devices running Windows 8.1 Pro or Windows 7 Professional to Windows 10 Pro.
- * Deploy new instances of Windows 10 Pro to devices so that new devices have a known configuration.
-
-- **Windows 10 Education.** Use this operating system to:
- * Upgrade institution-owned devices to Windows 10 Education.
- * Deploy new instances of Windows 10 Education so that new devices have a known configuration.
-
-> [!NOTE]
-> Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business—features not available in Windows 10 Home. For more information about how to upgrade Windows 10 Home to Windows 10 Pro or Windows 10 Education, see [Windows 10 edition upgrade](/windows/deployment/upgrade/windows-10-edition-upgrades).
-
-For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
-One other consideration is the mix of processor architectures you'll support. If you can, support only 64-bit versions of Windows 10. If you've devices that can run only 32-bit versions of Windows 10, you'll need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
-
-> [!NOTE]
-> On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
-
-Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). Of course, you can't standardize personal devices on a specific operating system version or processor architecture.
-
-### Select an image approach
-
-A key operating system image decision is whether to use a thin or thick image. *Thin images* contain only the operating system, and MDT installs the necessary device drivers and apps after the operating system has been installed. *Thick images* contain the operating system, “core” apps (such as Office), and device drivers. With thick images, MDT installs any device drivers and apps not included in the thick image after the operating system has been installed.
-
-The advantage to a thin image is that the final deployment configuration is dynamic: you can easily change the configuration without having to capture another image. The disadvantage of a thin image is that it takes longer to complete the deployment.
-
-The advantage of a thick image is that the deployment takes less time than it would for a thin image. The disadvantage of a thick image is that you need to capture a new image each time you want to make a change to the operating system, apps, or other software in the image.
-
-This guide discusses thick image deployment. For information about thin image deployments, see [Deploy Windows 10 in a school](./deploy-windows-10-in-a-school.md).
-
-### Select a method to initiate deployment
-The LTI deployment process is highly automated: it requires minimal information to deploy or upgrade Windows 10. The ZTI deployment process is fully automated, but you must manually initiate it. To do so, use the method listed in Table 15 that best meets the needs of your institution.
-
-|Method|Description and reason to select this method|
-|--- |--- |
-|Windows Deployment Services|This method:
Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.|
-|Bootable media|This method:
Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.|
-|Deployment media|This method:
Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk.
-
-*Table 15. Methods to initiate LTI and ZTI deployments*
-
-#### Summary
-At the end of this section, you should know the Windows 10 editions and processor architecture that you want to deploy (and will import later in the process). You also determined whether you want to use thin or thick images. Finally, you selected the method for initiating your LTI or ZTI deployment. Now, you can prepare for Windows 10 deployment.
-
-## Prepare for deployment
-
-Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and Microsoft Configuration Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
-
-### Configure the MDT deployment share
-
-The first step in preparing for Windows 10 deployment is to configure—that is, *populate*—the MDT deployment share. Table 16 lists the MDT deployment share configuration tasks that you must perform. Perform the tasks in the order represented in Table 16.
-
-|Task|Description|
-|--- |--- |
-|1. Import operating systems|Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench)|
-|2. Import device drivers|Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device can't play sounds; without the proper camera driver, the device can't take photos or use video chat.
Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench)|
-|3. Create MDT applications for Microsoft Store apps|Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the **Add-AppxPackage** Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.
Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you'll use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you'll need to obtain the .appx files by performing one of the following tasks:
If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.
If you've Intune or Microsoft Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) and [Deploy and manage apps by using Microsoft Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-configuration-manager). This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.
In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:
To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in[Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source).
If you've Intune, you can [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune), as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps.
This is the preferred method for deploying and managing Windows desktop apps.
**Note:** You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)
For more information about how to create an MDT application for Windows desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt).|
-|5. Create task sequences|You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:
Again, you'll create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench).|
-|6. Update the deployment share|Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.
For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).|
-
-*Table 16. Tasks to configure the MDT deployment share*
-
-### Configure Microsoft Configuration Manager
-
-> [!NOTE]
-> If you've already configured your Microsoft Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
-
-Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you don’t have an existing Configuration Manager infrastructure, you'll need to deploy a new infrastructure.
-
-Deploying a new Configuration Manager infrastructure is beyond the scope of this guide, but the following resources can help you deploy a new Configuration Manager infrastructure:
-
-* [Get ready for Configuration Manager](/mem/configmgr/core/plan-design/get-ready)
-* [Start using Configuration Manager](/mem/configmgr/core/servers/deploy/start-using)
-
-
-#### To configure an existing Microsoft Configuration Manager infrastructure for operating system deployment
-
-1. Perform any necessary infrastructure remediation.
-
- Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in Microsoft Configuration Manager](/mem/configmgr/osd/plan-design/infrastructure-requirements-for-operating-system-deployment).
-2. Add the Windows PE boot images, Windows 10 operating systems, and other content.
-
- You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you'll use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
-
- You can add this content by using Microsoft Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](/mem/configmgr/mdt/use-the-mdt#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
-3. Add device drivers.
-
- You must add device drivers for the different device types in your district. For example, if you've a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
-
- Create a Microsoft Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](/mem/configmgr/osd/get-started/manage-drivers).
-4. Add Windows apps.
-
- Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that includes Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you can't capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
-
- Create a Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications).
-
-### Configure Windows Deployment Services for MDT
-
-You can use Windows Deployment Services in conjunction with MDT to automatically initiate boot images on target devices. These boot images can be Windows PE images (which you generated in step 6 in Table 16) or custom images that can deploy operating systems directly to the target devices.
-
-#### To configure Windows Deployment Services for MDT
-
-1. Set up and configure Windows Deployment Services.
-
- Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution.
-
- For more information about how to perform this step, see the following resources:
-
- * [Windows Deployment Services Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11))
- * The Windows Deployment Services Help file, included in Windows Deployment Services
- * [Windows Deployment Services Getting Started Guide for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj648426(v=ws.11))
-
-2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
-
- The LTI boot images (.wim files) that you'll add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the deployment share’s Boot subfolder.
-
- For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](/mem/configmgr/mdt/use-the-mdt#AddLTIBootImagestoWindowsDeploymentServices).
-
-### Configure Windows Deployment Services for Microsoft Configuration Manager
-
-> [!NOTE]
-> If you've already configured your Microsoft Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
-
-You can use Windows Deployment Services in conjunction with Configuration Manager to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
-
-#### To configure Windows Deployment Services for Microsoft Configuration Manager
-
-1. Set up and configure Windows Deployment Services.
-
- Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution.
-
- For more information about how to perform this step, see the following resources:
- * [Windows Deployment Services Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11))
- * The Windows Deployment Services Help file, included in Windows Deployment Services
- * [Windows Deployment Services Getting Started Guide for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj648426(v=ws.11))
-
-2. Configure a distribution point to accept PXE requests in Configuration Manager.
-
- To support PXE boot requests, you install the PXE service point site system role. Then, you must configure one or more distribution points to respond to PXE boot request.
- For more information about how to perform this step, see [Install site system roles for Configuration Manager](/mem/configmgr/core/servers/deploy/configure/install-site-system-roles), [Use PXE to deploy Windows over the network with Configuration Manager](/mem/configmgr/osd/deploy-use/use-pxe-to-deploy-windows-over-the-network), and [Configuring distribution points to accept PXE requests](/mem/configmgr/osd/get-started/prepare-site-system-roles-for-operating-system-deployments#BKMK_PXEDistributionPoint).
-3. Configure the appropriate boot images (Windows PE images) to deploy from the PXE-enabled distribution point.
-
- Before a device can start a boot image from a PXE-enabled distribution point, you must change the properties of the boot image to enable PXE booting. Typically, you create this boot image when you created your MDT task sequence in the Configuration Manager console.
-
- For more information about how to perform this step, see [Configure a boot image to deploy from a PXE-enabled distribution point](/mem/configmgr/osd/get-started/manage-boot-images#BKMK_BootImagePXE) and [Manage boot images with Configuration Manager](/mem/configmgr/osd/get-started/manage-boot-images).
-
-#### Summary
-
-Your MDT deployment share and Microsoft Configuration Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You've set up and configured Windows Deployment Services for MDT and for Configuration Manager. You've also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, you’re ready to capture the reference images for the different devices you've in your district.
-
-## Capture the reference image
-
-The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Microsoft 365 Apps for enterprise if you selected that student license plan.
-
-After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.
-
-You'll capture multiple reference images, one for each type of device that you've in your organization. You perform the steps in this section for each image (device) that you've in your district. Use LTI in MDT to automate the deployment and capture of the reference image.
-
-> [!NOTE]
-> You can use LTI in MDT or Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
-
-### Customize the MDT deployment share
-
-You initially configured the MDT deployment share in the [Configure the MDT deployment share](#configure-the-mdt-deployment-share) section earlier in this guide. In that section, you configured the deployment share for generic use. Now, you need to customize the deployment share to deploy the appropriate Windows 10 edition, desktop apps, and device drivers to each reference device.
-
-#### To customize the MDT deployment share
-
-1. Create a task sequence to deploy the appropriate Windows 10 edition.
-
- A task sequence can deploy only one Windows 10 edition or version, which means that you must create a task sequence for each Windows 10 edition and version you selected in the [Select the operating systems](#select-the-operating-systems) section earlier in this guide. To create task sequences, use the New Task Sequence Wizard.
-
- For more information, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench).
-2. Create an MDT application for each desktop app you want to include in your reference image.
-
- You create MDT applications by using the New Application Wizard in the Deployment Workbench. As part of creating the MDT application, specify the command-line parameters used to install the app without user intervention (unattended installation). For more information, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench).
-3. Customize the task sequence to install the MDT applications that you created in step 2.
-
- You can add an **Install Application** task sequence step to your task sequence. Then, you can customize the **Install Application** task sequence step to install a specific app, which automatically installs the app with no user interaction required when your run the task sequence.
-
- You need to add an **Install Application** task sequence step for each app you want to include in your reference image. For more information, see [Customize Application Installation in Task Sequences](/mem/configmgr/mdt/use-the-mdt#CustomizeApplicationInstallationinTaskSequences).
-4. Create a selection profile that contains the drivers for the device.
-
- A *selection profile* lets you select specific device drivers. For example, if you want to deploy the device drivers for a Surface Pro 4 device, you can create a selection profile that contains only the Surface Pro 4 device drivers.
-
- First, in the Out-of-Box Drivers node in the Deployment Workbench, create a folder that will contain your device drivers. Next, import the device drivers into the folder you created. Finally, create the selection profile and specify the folder that contains the device drivers. For more information, see the following resources:
-
- * [Create Folders to Organize Device Drivers for LTI Deployments](/mem/configmgr/mdt/use-the-mdt#CreateFolderstoOrganizeDeviceDriversforLTIDeployments)
- * [Create Selection Profiles to Select the Device Drivers for LTI Deployments](/mem/configmgr/mdt/use-the-mdt#CreateSelectionProfilestoSelecttheDeviceDriversforLTIDeployments)
-
-5. Customize the task sequence to use the selection profile that you created in step 4.
-
- You can customize the **Inject Driver** task sequence step in the **Preinstall** task sequence group in your task sequence to deploy only the device drivers in the selection profile. For more information, see [Configure Task Sequences to Deploy Device Drivers in Selection Profiles for LTI Deployments](/mem/configmgr/mdt/use-the-mdt#ConfigureTaskSequencestoDeployDeviceDriversinSelectionProfilesforLTIDeployments).
-
-### Capture reference image
-
-To capture the reference image, run the LTI task sequence that you created in the previous section. The LTI task sequence will allow you to specify a storage location and file name for the .wim file, which contains the captured image.
-
-Use the Deployment Wizard to deploy Windows 10, your apps, and device drivers to the device, and then capture the .wim file. The LTI deployment process is almost fully automated: you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
-
-> [!NOTE]
-> To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section of [Microsoft Deployment Toolkit Samples Guide](/mem/configmgr/mdt/samples-guide#Anchor_6).
-
-In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
-
-#### To deploy Windows 10
-
-1. **Initiate the LTI deployment process.** Initiate the LTI deployment process booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
-
-2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section in [Using the Microsoft Deployment Toolkit](/mem/configmgr/mdt/use-the-mdt#Anchor_5).
-
-### Import reference image
-
-After you've captured the reference image (.wim file), import the image into the MDT deployment share or into Configuration Manager (depending on which method you selected to perform Windows 10 deployments). You'll deploy the reference image to the student and faculty devices in your district.
-
-Both the Deployment Workbench and the Configuration Manager console have wizards that help you import the reference image. After you import the reference image, you need to create a task sequence that will deploy the reference image.
-
-For more information about how to import the reference image into:
-
-* An MDT deployment share, see [Import a Previously Captured Image of a Reference Computer](/mem/configmgr/mdt/use-the-mdt#ImportaPreviouslyCapturedImageofaReferenceComputer).
-* Microsoft Configuration Manager, see [Manage operating system images with Microsoft Configuration Manager](/mem/configmgr/osd/get-started/manage-operating-system-images) and [Customize operating system images with Microsoft Configuration Manager](/mem/configmgr/osd/get-started/customize-operating-system-images).
-
-### Create a task sequence to deploy the reference image
-
-You created an LTI task sequence in the Deployment Workbench earlier in this process to deploy Windows 10 and your desktop apps to the reference device. Now that you've captured and imported your reference image, you need to create a tasks sequence to deploy it.
-
-As you might expect, both the Deployment Workbench and the Configuration Manager console have wizards that help you create a starting task sequence. After you create your task sequence, in most instances you'll need to customize it to deploy more apps, device drivers, and other software.
-
-For more information about how to create a task sequence in the:
-
-* Deployment Workbench for a deployment share, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench).
-* Configuration Manager console, see [Create a task sequence to install an operating system in Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/create-a-task-sequence-to-install-an-operating-system).
-
-#### Summary
-In this section, you customized the MDT deployment share to deploy Windows 10 and desktop apps to one or more reference devices by creating and customizing MDT applications, device drivers, and applications. Next, you ran the task sequence, which deploys Windows 10, deploys your apps, deploys the appropriate device drivers, and captures an image of the reference device. Then, you imported the captured reference image into a deployment share or Microsoft Configuration Manager. Finally, you created a task sequence to deploy your captured reference image to faculty and student devices. At this point in the process, you’re ready to deploy Windows 10 and your apps to your devices.
-
-## Prepare for device management
-
-Before you deploy Windows 10 in your district, you must prepare for device management. You'll deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
-
-You also want to deploy apps and software updates after you deploy Windows 10. You need to manage apps and updates by using Configuration Manager, Intune, or a combination of both (hybrid model).
-
-### Select Microsoft-recommended settings
-
-Microsoft has several recommended settings for educational institutions. Table 17 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 17 and evaluate their relevancy to your institution.
-
-> [!NOTE]
-> The settings for Intune in Table 17 also apply to the Configuration Manager and Intune management (hybrid) method.
-
-Use the information in Table 17 to help you determine whether you need to configure the setting and which method you'll use to do so. At the end, you'll have a list of settings that you want to apply to the Windows 10 devices and know which management method you'll use to configure the settings.
-
-|Recommendation|Description|
-|--- |--- |
-|Use of Microsoft accounts|You want faculty and students to use only Microsoft Entra accounts for institution-owned devices. For these devices, don't use Microsoft accounts or associate a Microsoft account with the Microsoft Entra accounts.
**Note** Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Microsoft Entra account on these devices.
**Group Policy.** Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.
****Intune**.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.|
-|Restrict the local administrator accounts on the devices|Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.
**Group Policy**. Create a Local Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.
**Intune**. Not available.|
-|Manage the built-in administrator account created during device deployment|When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.
**Group Policy**. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-essentials-sbs/cc747484(v=ws.10)). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852165(v=ws.11)).
**Intune**. Not available.|
-|Control Microsoft Store access|You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.
**Group policy**. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?
**Intune**. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.|
-|Use of Remote Desktop connections to devices|Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.
**Group policy**. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.
**Intune**. Not available.|
-|Use of camera|A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.
**Group policy**. Not available.
**Intune**. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.|
-|Use of audio recording|Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.
**Group policy**. To disable the Sound Recorder app, use the don't allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) and [Create Your AppLocker Policies](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791899(v=ws.11)).
**Intune**. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.|
-|Use of screen capture|Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.
**Group policy**. Not available.
**Intune**. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.|
-|Use of location services|Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.
**Group policy**. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors.
**Intune**. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.|
-|Changing wallpaper|Custom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.
**Group policy**. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.
**Intune**. Not available.|
-
-
-
-Table 17. Recommended settings for educational institutions
-
-### Configure settings by using Group Policy
-
-Now, you’re ready to use Group Policy to configure settings. The steps in this section assume that you've an AD DS infrastructure. Here, you configure the Group Policy settings you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
-
-For more information about Group Policy, see [Group Policy Planning and Deployment Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754948(v=ws.10)).
-
-#### To configure Group Policy settings
-
-1. Create a Group Policy object (GPO) to contain your Group Policy settings by completing the steps in [Create a new Group Policy object](/previous-versions/windows/it-pro/windows-server-2003/cc738830(v=ws.10)).
-
-2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](/previous-versions/windows/it-pro/windows-server-2003/cc739902(v=ws.10)).
-
-3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](/previous-versions/windows/it-pro/windows-server-2003/cc738954(v=ws.10)).
-
-### Configure settings by using Intune
-
-Now, you’re ready to use Intune to configure settings. The steps in this section assume that you've an Office 365 subscription. Here, you configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
-
-For more information about Intune, see [Microsoft Intune Documentation](/intune/).
-
-#### To configure Intune settings
-
-1. Add Intune to your Office 365 subscription by completing the steps in [Manage Intune licenses](/mem/intune/fundamentals/licenses-assign).
-
-2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](/mem/intune/enrollment/quickstart-enroll-windows-device).
-
-3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](/mem/intune/configuration/device-profiles).
-
-4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](/mem/intune/remote-actions/device-management).
-
-### Deploy and manage apps by using Intune
-
-If you selected to deploy and manage apps by using Microsoft Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-configuration-manager) section.
-
-You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as iOS or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that aren't enrolled in Intune or that another solution manages.
-
-For more information about how to configure Intune to manage your apps, see the following resources:
-
-- [Add apps with Microsoft Intune](/mem/intune/apps/apps-add)
-- [Deploy apps with Microsoft Intune](/mem/intune/apps/apps-windows-10-app-deploy)
-- [Protect apps and data with Microsoft Intune](/mem/intune/apps/app-protection-policy)
-- [Help protect your data with full or selective wipe using Microsoft Intune](/mem/intune/remote-actions/devices-wipe)
-
-### Deploy and manage apps by using Microsoft Configuration Manager
-
-You can use Microsoft Configuration Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
-
-For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, iOS, and Android. You can deploy the one application to multiple device types.
-
-> [!NOTE]
-> When you configure Configuration Manager and Intune in a hybrid model, you deploy apps by using Configuration Manager as described in this section.
-
-Configuration Manager helps you manage apps by monitoring app installation. You can determine how many of your devices have a specific app installed. Finally, you can allow users to install apps at their discretion or make apps mandatory.
-
-For more information about how to configure Configuration Manager to deploy and manage your apps, see [Deploy and manage applications with Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications).
-
-### Manage updates by using Intune
-
-If you selected to manage updates by using Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Manage updates by using Microsoft Configuration Manager](#manage-updates-by-using-microsoft-configuration-manager) section.
-
-To help ensure that your users have the most current features and security protection, keep Windows 10 and your apps current with updates. To configure Windows 10 and app updates, use the **Updates** workspace in Intune.
-
-> [!NOTE]
-> You can only manage updates (including antivirus and antimalware updates) for Windows 10 desktop operating systems (not iOS or Android).
-
-For more information about how to configure Intune to manage updates and malware protection, see the following resources:
-
-- [Keep Windows PCs up to date with software updates in Microsoft Intune](/mem/intune/protect/windows-update-for-business-configure)
-- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](/mem/intune/protect/endpoint-protection-configure)
-
-### Manage updates by using Microsoft Configuration Manager
-
-To ensure that your users have the most current features and security protection, use the software updates feature in Configuration Manager to manage updates. The software updates feature works in conjunction with WSUS to manage updates for Windows 10 devices.
-
-You configure the software updates feature to manage updates for specific versions of Windows and apps. Then, the software updates feature obtains the updates from Windows Updates by using the WSUS server in your environment. This integration provides greater granularity of control over updates and more specific targeting of updates to users and devices (compared to WSUS alone or Intune alone), which allows you to ensure that the right user or device gets the right updates.
-
-> [!NOTE]
-> When you configure Configuration Manager and Intune in a hybrid model, you use Configuration manager to manage updates as described in this section.
-
-For more information about how to configure Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in Configuration Manager](/mem/configmgr/sum/understand/software-updates-introduction).
-
-#### Summary
-
-In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or Microsoft Configuration Manager to manage your apps. Finally, you configured Intune or Microsoft Configuration Manager to manage software updates for Windows 10 and your apps.
-
-## Deploy Windows 10 to devices
-
-You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms and for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows 7 to Windows 10.
-
-### Prepare for deployment
-
-Prior to deployment of Windows 10, complete the tasks in Table 18. Most of these tasks are already complete, but use this step to make sure.
-
-| | Task |
-|:---|:---|
-|**1.** |Ensure that the target devices have sufficient system resources to run Windows 10.|
-|**2.** |Identify the necessary devices drivers, and then import them into the MDT deployment share or Microsoft Configuration Manager.|
-|**3.** |For each Microsoft Store and Windows desktop app, create an MDT application or Configuration Manager application.|
-|**4.** |Notify the students and faculty about the deployment.|
-
-*Table 18. Deployment preparation checklist*
-
-### Perform the deployment
-
-Use the Deployment Wizard to deploy Windows 10. With the LTI deployment process, you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
-
-> [!NOTE]
-> To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](/mem/configmgr/mdt/samples-guide#Anchor_6).
-
-
-In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
-
-#### To use LTI to deploy Windows 10
-
-1. **Initiate the LTI deployment process.** Initiate the LTI deployment process by booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
-
-2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section of [Using the Microsoft Deployment Toolkit](/mem/configmgr/mdt/use-the-mdt#Anchor_5).
-
-#### To use ZTI to deploy Windows 10
-
-1. **Initiate the ZTI deployment process.** Initiate the ZTI deployment process by booting over the network (PXE boot) or from local media. You selected the method for initiating the ZTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
-
-### Set up printers
-
-After you've deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to [Verify deployment](#verify-deployment).
-
-> [!NOTE]
-> If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to [Verify deployment](#verify-deployment).
-
-#### To set up printers
-
-1. Review the printer manufacturer’s instructions for installing the printer drivers.
-
-2. On the admin device, download the printer drivers.
-
-3. Copy the printer drivers to a USB drive.
-
-4. On a device, use the same account you used to set up Windows 10 in the [Prepare for deployment](#prepare-for-deployment) section to sign in to the device.
-
-5. Plug the USB drive into the device.
-
-6. Follow the printer manufacturer’s instructions to install the printer drivers from the USB drive.
-
-7. Verify that the printer drivers were installed correctly by printing a test page.
-
-8. Complete steps 1–8 for each printer.
-
-### Verify deployment
-
-As a final quality control step, verify the device configuration to ensure that all apps run. Microsoft recommends that you perform all the tasks that the user would perform. Specifically, verify that:
-
-* The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
-* Windows Update is active and current with software updates.
-* Windows Defender is active and current with malware Security intelligence.
-* Windows Defender SmartScreen is active.
-* All Microsoft Store apps are properly installed and updated.
-* All Windows desktop apps are properly installed and updated.
-* Printers are properly configured.
-
-When you've verified that the first device is properly configured, you can move to the next device and perform the same steps.
-
-#### Summary
-
-You prepared the devices for deployment by verifying that they have adequate system resources and that the resources in the devices have corresponding Windows 10 device drivers. You performed device deployment over the network or by using local MDT media. Next, you configured the appropriate printers on the devices. Finally, you verified that the devices are properly configured and ready for use.
-
-## Maintain Windows devices and Office 365
-
-After the initial deployment, you need to perform certain tasks to maintain the Windows 10 devices and your Office 365 Education subscription. You should perform these tasks on the following schedule:
-
-- **Monthly.** These tasks help ensure that the devices are current with software updates and properly protected against viruses and malware.
-- **New semester or academic year.** Perform these tasks prior to the start of a new curriculum—for example, at the start of a new academic year or semester. These tasks help ensure that the classroom environments are ready for the next group of students.
-- **As required (ad hoc).** Perform these tasks as necessary in a classroom. For example, a new version of an app may be available, or a student may inadvertently corrupt a device so that you must restore it to the default configuration.
-
-Table 19 lists the school and individual classroom maintenance tasks, the resources for performing the tasks, and the schedule (or frequency) on which you should perform the tasks.
-
-|Task and resources|Monthly|New semester or academic year|As required|
-|--- |--- |--- |--- |
-|Verify that Windows Update is active and current with operating system and software updates.
For more information about completing this task when you have:
Neither Intune, Group Policy, nor WSUS, see "Install, upgrade, & activate" in Windows 10 help.|✔️|✔️|✔️|
-|Verify that Windows Defender is active and current with malware Security intelligence.
For more information about completing this task, see [Turn Windows Defender on or off](/mem/intune/user-help/turn-on-defender-windows) and [Updating Windows Defender](/mem/intune/user-help/turn-on-defender-windows).|✔️|✔️|✔️|
-|Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.
For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses).|✔️|✔️|✔️|
-|Download and approve updates for Windows 10, apps, device driver, and other software.
For more information, see:
For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options](/windows/deployment/update/).||✔️|✔️|
-|Refresh the operating system and apps on devices.
For more information about completing this task, see the following resources:
For more information, see:
Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.
You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Configuration Manager, or both in a hybrid configuration.
For more information, see:
For more information about how to:
For more information about how to:
For more information about how to:
For more information about how to:
For more information about how to:
For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see [Create and manage distribution groups](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) and [Create, edit, or delete a security group](/microsoft-365/admin/email/create-edit-or-delete-a-security-group).||✔️|✔️|
-|Install new student devices.
Follow the same steps you followed in the[Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.|||✔️|
-
-*Table 19. School and individual classroom maintenance tasks, with resources and the schedule for performing them*
-
-#### Summary
-
-You've now identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your district and individual school configuration should match the typical school configuration you saw in the [Plan a typical district configuration](#plan-a-typical-district-configuration) section. By performing these maintenance tasks, you help ensure that your district as a whole stays secure and is configured as you specified.
-
-## Related topics
-
-* [Try it out: Windows 10 deployment (for educational institutions)](../index.yml)
-* [Try it out: Windows 10 in the classroom](../index.yml)
-* [Chromebook migration guide](./chromebook-migration-guide.md)
-* [Deploy Windows 10 in a school](./deploy-windows-10-in-a-school.md)
-* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](./index.yml)
-* [Deploy a custom Windows 10 Start menu layout for a school (video)](./index.yml)
-* [Manage Windows 10 updates and upgrades in a school environment (video)](./index.yml)
-* [Reprovision devices at the end of the school year (video)](./index.yml)
-* [Use MDT to deploy Windows 10 in a school (video)](./index.yml)
-* [Use Microsoft Store for Business in a school environment (video)](./index.yml)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
deleted file mode 100644
index d1c9aea19e..0000000000
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ /dev/null
@@ -1,894 +0,0 @@
----
-title: Deploy Windows 10 in a school
-description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Entra ID. Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy.
-ms.topic: how-to
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Deploy Windows 10 in a school
-
-This guide shows you how to deploy the Windows 10 operating system in a school environment. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Entra ID; and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Intune and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
-
-## Prepare for school deployment
-
-Proper preparation is essential for a successful school deployment. To avoid common mistakes, your first step is to plan a typical school configuration. As with building a house, you need a blueprint for what your school should look like when it’s finished. The second step in preparation is to learn how you'll configure your school. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your school.
-
-### Plan a typical school configuration
-
-As part of preparing for your school deployment, you need to plan your configuration—the focus of this guide. Figure 1 illustrates a typical finished school configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
-
-:::image type="content" source="images/deploy-win-10-school-figure1.png" alt-text="A finished school configuration for a Windows client deployment.":::
-
-*Figure 1. Typical school configuration for this guide*
-
-Figure 2 shows the classroom configuration this guide uses.
-
-:::image type="content" source="images/deploy-win-10-school-figure2.png" alt-text="See the classroom configuration used in this Windows client deployment guide.":::
-
-*Figure 2. Typical classroom configuration in a school*
-
-This school configuration has the following characteristics:
-- It contains one or more admin devices.
-- It contains two or more classrooms.
-- Each classroom contains one teacher device.
-- The classrooms connect to each other through multiple subnets.
-- All devices in each classroom connect to a single subnet.
-- All devices have high-speed, persistent connections to each other and to the Internet.
-- All teachers and students have access to Microsoft Store or Microsoft Store for Business.
-- All devices receive software updates from Intune (or another device management system).
-- You install a 64-bit version of Windows 10 on the admin device.
-- You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device.
-- You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device.
-- You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device.
-
- > [!NOTE]
- > In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
-
-- The devices use Microsoft Entra ID in Office 365 Education for identity management.
-- If you've on-premises AD DS, you can [integrate Microsoft Entra ID with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
-- Use [Intune](/mem/intune/), [Set up Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/set-up), or Group Policy in AD DS to manage devices.
-- Each device supports a one-student-per-device or multiple-students-per-device scenario.
-- The devices can be a mixture of different make, model, and processor architecture (32 bit or 64 bit) or be identical.
-- To start a Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment Boot (PXE Boot).
-- The devices can be a mixture of different Windows 10 editions, such as Windows 10 Home, Windows 10 Pro, and Windows 10 Education.
-
-Office 365 Education allows:
-
-- Students and faculty to use Microsoft Office to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
-- Teachers to use the [OneNote Class Notebook app](https://www.onenote.com/classnotebook) to share content and collaborate with students.
-- Faculty to use the [OneNote Staff Notebooks app](https://www.onenote.com/staffnotebookedu) to collaborate with other teachers, administration, and faculty.
-- Teachers to employ Sway to create interactive educational digital storytelling.
-- Students and faculty to use email and calendars, with mailboxes up to 50 GB per user.
-- Faculty to use advanced email features like email archiving and legal hold capabilities.
-- Faculty to help prevent unauthorized users from accessing documents and email by using Azure Rights Management.
-- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal.
-- Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business or Skype.
-- Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
-- Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.
-- Students and faculty to use Office 365 Video to manage videos.
-- Students and faculty to use Viva Engage to collaborate through private social networking.
-- Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
-
-For more information about Office 365 Education features and a FAQ, go to [Office 365 Education](https://www.microsoft.com/microsoft-365/academic/compare-office-365-education-plans).
-
-## How to configure a school
-
-Now that you've the plan (blueprint) for your classroom, you’re ready to learn about the tools you'll use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
-
-The primary tool you'll use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
-
-You can use MDT as a stand-alone tool or integrate it with Microsoft Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as Configuration Manager) but result in fully automated deployments.
-
-MDT includes the Deployment Workbench—a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices.
-
-LTI performs deployment from a *deployment share*—a network-shared folder on the device where you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You'll learn more about MDT in the [Prepare the admin device](#prepare-the-admin-device) section.
-
-The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), [Configuration Manager](/mem/configmgr/core/understand/introduction), the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
-
-The configuration process requires the following devices:
-
-- **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK and MDT on this device.
-- **Faculty devices.** These are the devices that the teachers and other faculty use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
-- **Student devices.** The students will use these devices. You'll use the admin device deploy (or upgrade) Windows 10 and apps to them.
-
-The high-level process for deploying and configuring devices within individual classrooms and the school as a whole is as follows and illustrated in Figure 3:
-
-1. Prepare the admin device for use, which includes installing the Windows ADK and MDT.
-2. On the admin device, create and configure the Office 365 Education subscription that you'll use for each classroom in the school.
-3. On the admin device, configure integration between on-premises AD DS and Microsoft Entra ID (if you've an on premises AD DS configuration).
-4. On the admin device, create and configure a Microsoft Store for Business portal.
-5. On the admin device, prepare for management of the Windows 10 devices after deployment.
-6. On the student and faculty devices, deploy Windows 10 to new or existing devices, or upgrade eligible devices to Windows 10.
-7. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS and Microsoft Entra integration.
-
-:::image type="content" source="images/deploy-win-10-school-figure3.png" alt-text="See the high level process of configuring Windows client devices in a classroom and the school":::
-
-*Figure 3. How school configuration works*
-
-Each of the steps illustrated in Figure 3 directly correspond to the remaining high-level sections in this guide.
-
-### Summary
-
-In this section, you looked at the final configuration of your individual classrooms and the school as a whole upon completion of this guide. You also learned the high-level steps you need to perform to deploy the faculty and student devices in your school.
-
-## Prepare the admin device
-
-Now, you’re ready to prepare the admin device for use in the school. This process includes installing the Windows ADK, installing the MDT, and creating the MDT deployment share.
-
-### Install the Windows ADK
-
-The first step in preparing the admin device is to install the Windows ADK. The Windows ADK contains the deployment tools that MDT uses, including the Windows Preinstallation Environment (Windows PE), the Windows User State Migration Tool (USMT), and Deployment Image Servicing and Management.
-
-When you install the Windows ADK on the admin device, select the following features:
-
-- Deployment tools
-- Windows Preinstallation Environment (Windows PE)
-- User State Migration Tool (USMT)
-
-For more information about installing the Windows ADK, see [Step 2-2: Install the Windows ADK](/mem/configmgr/mdt/lite-touch-installation-guide#InstallWindowsADK).
-
-### Install MDT
-
-Next, install MDT. MDT uses the Windows ADK to help you manage and perform Windows 10 and app deployment and is a free tool available directly from Microsoft.
-
-You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 64-bit version of MDT to support deployment of 32-bit and 64-bit operating systems.
-
-> [!NOTE]
-> If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32-bit versions of the operating system.
-
-For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](/mem/configmgr/mdt/use-the-mdt#InstallingaNewInstanceofMDT).
-
-Now, you’re ready to create the MDT deployment share and populate it with the operating system, apps, and device drivers you want to deploy to your devices.
-
-### Create a deployment share
-
-MDT includes the Deployment Workbench, a graphical user interface that you can use to manage MDT deployment shares. A deployment share is a shared folder that contains all the MDT deployment content. The LTI Deployment Wizard accesses the deployment content over the network or from a local copy of the deployment share (known as MDT deployment media).
-
-For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](/mem/configmgr/mdt/lite-touch-installation-guide#step-3-configure-mdt-to-create-the-reference-computer).
-
-### Summary
-
-In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you'll configure and use later in the LTI deployment process.
-
-## Create and configure Office 365
-
-Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. Teachers and students use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business.
-
-As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office).
-
-### Select the appropriate Office 365 Education license plan
-
-Complete the following steps to select the appropriate Office 365 Education license plan for your school:
-
-- Determine the number of faculty members and students who will use the classroom. Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.
-
-- Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 1 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.
-
-*Table 1. Comparison of standard and Microsoft 365 Apps for enterprise plans*
-
----
-| Plan | Advantages | Disadvantages |
-| --- | --- | --- |
-| Standard | - Less expensive than Microsoft 365 Apps for enterprise
- Can be run from any device
- No installation necessary | - Must have an Internet connection to use it
- Doesn't support all the features found in Microsoft 365 Apps for enterprise |
-| Office ProPlus | - Only requires an Internet connection every 30 days (for activation)
- Supports full set of Office features | - Requires installation
- Can be installed on only five devices per user (there's no limit to the number of devices on which you can run Office apps online) |
-
----
-
-The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
-
-- Determine whether students or faculty need Azure Rights Management.
-
- You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management](/information-protection/).
-
-- Record the Office 365 Education license plans needed for the classroom in Table 2.
-
-*Table 2. Office 365 Education license plans needed for the classroom*
-
----
-| Quantity | Plan |
-| --- | --- |
-| | Office 365 Education for students |
-| | Office 365 Education for faculty |
-| | Azure Rights Management for students |
-| | Azure Rights Management for faculty |
-
----
-
-You'll use the Office 365 Education license plan information you record in Table 2 in the [Create user accounts in Office 365](#create-user-accounts-in-office-365) section of this guide.
-
-### Create a new Office 365 Education subscription
-
-To create a new Office 365 Education subscription for use in the classroom, use your educational institution’s email account. There are no costs to you or to students for signing up for Office 365 Education subscriptions.
-
-> [!NOTE]
-> If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Add domains and subdomains](#add-domains-and-subdomains).
-
-#### To create a new Office 365 subscription
-
-1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
-
- If you've already used your current sign-in account to create a new Office 365 subscription, you'll be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window. Your options:
-
- - In Microsoft Edge, select Ctrl+Shift+N. Or, select **More actions** > **New InPrivate window**.
- - In Internet Explorer, select Ctrl+Shift+P. Or, select **Settings** > **Safety** > **InPrivate Browsing**.
-
-2. On the **Get started** page, type your school email address in the **Enter your school email address** box, and then click **Sign up**. You'll receive an email in your school email account.
-3. Click the hyperlink in the email in your school email account.
-4. On the **One last thing** page, complete your user information, and then click **Start**. The wizard creates your new Office 365 Education subscription, and you're automatically signed in as the administrative user you specified when you created the subscription.
-
-### Add domains and subdomains
-
-Now that you've created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has `contoso.edu` as the primary domain name but you've subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
-
-#### To add more domains and subdomains
-
-1. In the admin center, in the list view, click **DOMAINS**.
-2. In the details pane, above the list of domains, on the menu bar, click **Add domain**.
-3. In the Add a New Domain in Office 365 Wizard, on the **Verify domain wizard** page, click **Let’s get started**.
-4. On the **Verify domain** wizard page, in the **Enter a domain you already own** box, type your domain name, and then click **Next**.
-5. Sign in to your domain name management provider (for example, Network Solutions or GoDaddy), and then complete the steps for your provider.
-6. Repeat these steps for each domain and subdomain you want faculty and students to use for your institution.
-
-### Configure automatic tenant join
-
-To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
-
-> [!NOTE]
-> By default, automatic tenant join is enabled in Office 365 Education, except for certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Microsoft Entra Connect, then automatic tenant join is disabled.
-
-Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
-
-- If an Office 365 tenant with that domain name (contoso.edu) exists, Office 365 automatically adds the user to that tenant.
-- If an Office 365 tenant with that domain name (contoso.edu) doesn't exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
-
-You'll always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before allowing other faculty and students to join Office 365.
-
-> [!NOTE]
-> You can't merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
-
-All new Office 365 Education subscriptions have automatic tenant join enabled by default, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 3. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up#how-can-i-prevent-students-from-joining-my-existing-office-365-tenant).
-
-*Table 3. Windows PowerShell commands to enable or disable Automatic Tenant Join*
-
----
-| Action | Windows PowerShell command |
-|---------|-----------------------------------------------------------|
-| Enable | `Set-MsolCompanySettings -AllowEmailVerifiedUsers $true` |
-| Disable | `Set-MsolCompanySettings -AllowEmailVerifiedUsers $false` |
-
----
-
-> [!NOTE]
-> If your institution has AD DS, then disable automatic tenant join. Instead, use Microsoft Entra integration with AD DS to add users to your Office 365 tenant.
-
-### Disable automatic licensing
-
-To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that don't require administrative approval.
-
-> [!NOTE]
-> By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
-
-Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 4. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up#how-can-i-prevent-students-from-joining-my-existing-office-365-tenant).
-
-*Table 4. Windows PowerShell commands to enable or disable automatic licensing*
-
----
-| Action | Windows PowerShell command |
-|---------|-----------------------------------------------------------|
-| Enable | `Set-MsolCompanySettings -AllowAdHocSubscriptions $true` |
-| Disable | `Set-MsolCompanySettings -AllowAdHocSubscriptions $false` |
-
----
-
-
-
-### Enable Microsoft Entra ID P1 or P2
-
-When you create your Office 365 subscription, you create an Office 365 tenant that includes a Microsoft Entra directory. Microsoft Entra ID is the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Microsoft Entra ID–integrated apps. Microsoft Entra ID has different editions, which may include Office 365 Education. For more information, see [Introduction to Microsoft Entra tenants](/microsoft-365/education/deploy/intro-azure-active-directory).
-
-Educational institutions can obtain Microsoft Entra Basic edition licenses at no cost. After you obtain your licenses, activate your Microsoft Entra ID access by completing the steps in [Step 3: Activate your Microsoft Entra ID access](/azure/active-directory/fundamentals/active-directory-get-started-premium#step-3-activate-your-azure-active-directory-access).
-
-The Microsoft Entra ID P1 or P2 features that aren't in Microsoft Entra Basic include:
-
-- Allow designated users to manage group membership
-- Dynamic group membership based on user metadata
-- Multifactor authentication (MFA)
-- Identify cloud apps that your users run
-- Automatic enrollment in a mobile device management (MDM) system (such as Intune)
-- Self-service recovery of BitLocker
-- Add local administrator accounts to Windows 10 devices
-- Microsoft Entra Connect Health monitoring
-- Extended reporting capabilities
-
-You can assign Microsoft Entra ID P1 or P2 licenses to the users who need these features. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Microsoft Entra ID P1 or P2 to only those users.
-
-You can sign up for Microsoft Entra ID P1 or P2, and then assign licenses to users. In this section, you sign up for Microsoft Entra ID P1 or P2. You'll assign Microsoft Entra ID P1 or P2 licenses to users later in the deployment process.
-
-For more information, see:
-
-- [Microsoft Entra ID licenses](/azure/active-directory/fundamentals/active-directory-whatis)
-- [Sign up for Microsoft Entra ID P1 or P2](/azure/active-directory/fundamentals/active-directory-get-started-premium)
-
-### Summary
-You provision and initially configure Office 365 Education as part of the initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Microsoft Entra ID P1 or P2 enabled (if necessary), you’re ready to select the method you'll use to create user accounts in Office 365.
-
-## Select an Office 365 user account–creation method
-
-
-Now that you've an Office 365 subscription, you need to determine how you'll create your Office 365 user accounts. Use the following methods to create Office 365 user accounts:
-
-- **Method 1:** Automatically synchronize your on-premises AD DS domain with Microsoft Entra ID. Select this method if you've an on-premises AD DS domain.
-- **Method 2:** Bulk-import the user accounts from a .csv file (based on information from other sources) into Microsoft Entra ID. Select this method if you don’t have an on-premises AD DS domain.
-
-
-
-### Method 1: Automatic synchronization between AD DS and Microsoft Entra ID
-
-In this method, you've an on-premises AD DS domain. As shown in Figure 4, the Microsoft Entra Connector tool automatically synchronizes AD DS with Microsoft Entra ID. When you add or change any user accounts in AD DS, the Microsoft Entra Connector tool automatically updates Microsoft Entra ID.
-
-> [!NOTE]
-> Microsoft Entra Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [LDAP synchronization with Microsoft Entra ID](/azure/active-directory/fundamentals/sync-ldap).
-
-:::image type="content" source="images/deploy-win-10-school-figure4.png" alt-text="See the automatic synchronization between Active Directory Directory Services and Azure AD.":::
-
-*Figure 4. Automatic synchronization between AD DS and Microsoft Entra ID*
-
-For more information about how to perform this step, see the [Integrate on-premises AD DS with Microsoft Entra ID](#integrate-on-premises-ad-ds-with-azure-ad) section in this guide.
-
-
-
-### Method 2: Bulk import into Microsoft Entra ID from a .csv file
-
-In this method, you've no on-premises AD DS domain. As shown in Figure 5, you manually prepare a `.csv` file with the student information from your source, and then manually import the information directly into Microsoft Entra ID. The `.csv` file must be in the format that Office 365 specifies.
-
-:::image type="content" source="images/deploy-win-10-school-figure5.png" alt-text="Create a csv file with student information, and import the csv file into Azure AD.":::
-
-*Figure 5. Bulk import into Microsoft Entra ID from other sources*
-
-To implement this method, perform the following steps:
-
-1. Export the student information from the source. Ultimately, you want to format the student information in the format the bulk-import feature requires.
-2. Bulk-import the student information into Microsoft Entra ID. For more information about how to perform this step, see the [Bulk-import user accounts into Office 365](#bulk-import-user-accounts-into-office-365) section.
-
-### Summary
-
-In this section, you selected the method for creating user accounts in your Office 365 subscription. Ultimately, these user accounts are in Microsoft Entra ID (which is the identity management system for Office 365). Now, you’re ready to create your Office 365 accounts.
-
-
-
-## Integrate on-premises AD DS with Microsoft Entra ID
-
-You can integrate your on-premises AD DS domain with Microsoft Entra ID to provide identity management for your Office 365 tenant. With this integration, you can synchronize the users, security groups, and distribution lists in your AD DS domain with Microsoft Entra ID with the Microsoft Entra Connect tool. Users will be able to sign in to Office 365 automatically by using their email account and the same password they use to sign in to AD DS.
-
-> [!NOTE]
-> If your institution doesn't have an on-premises AD DS domain, you can skip this section.
-
-### Select synchronization model
-
-Before you deploy AD DS and Microsoft Entra synchronization, you need to determine where you want to deploy the server that runs Microsoft Entra Connect.
-
-You can deploy the Microsoft Entra Connect tool by using one of the following methods:
-
-- **On premises**: As shown in Figure 6, Microsoft Entra Connect runs on premises, which have the advantage of not requiring a virtual private network (VPN) connection to Azure. It does, however, require a virtual machine (VM) or physical server.
-
- :::image type="content" source="images/deploy-win-10-school-figure6.png" alt-text="Microsoft Entra Connect runs on-premises and uses a virtual machine.":::
-
- *Figure 6. Microsoft Entra Connect on premises*
-
-- **In Azure**: As shown in Figure 7, Microsoft Entra Connect runs on a VM in Microsoft Entra which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
-
- :::image type="content" source="images/deploy-win-10-school-figure7.png" alt-text="Microsoft Entra Connect runs on a VM in Microsoft Entra ID, and uses a VPN gateway on-premises.":::
-
- *Figure 7. Microsoft Entra Connect in Azure*
-
-This guide describes how to run Microsoft Entra Connect on premises. For information about running Microsoft Entra Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](/microsoft-365/enterprise/deploy-microsoft-365-directory-synchronization-dirsync-in-microsoft-azure).
-
-
-
-### Deploy Microsoft Entra Connect on premises
-
-In this synchronization model (illustrated in Figure 6), you run Microsoft Entra Connect on premises on a physical device or VM. Microsoft Entra Connect synchronizes AD DS user and group accounts with Microsoft Entra ID. Microsoft Entra Connect includes a wizard that helps you configure Microsoft Entra Connect for your AD DS domain and Office 365 subscription. First, you install Microsoft Entra Connect; then, you run the wizard to configure it for your institution.
-
-
-
-#### To deploy AD DS and Microsoft Entra synchronization
-
-1. Configure your environment to meet the prerequisites for installing Microsoft Entra Connect by performing the steps in [Prerequisites for Microsoft Entra Connect](/azure/active-directory/hybrid/how-to-connect-install-prerequisites).
-2. On the VM or physical device that will run Microsoft Entra Connect, sign in with a domain administrator account.
-3. Install Microsoft Entra Connect by performing the steps in [Install Microsoft Entra Connect](/azure/active-directory/hybrid/how-to-connect-install-select-installation).
-4. Configure Microsoft Entra Connect features based on your institution’s requirements. For more information, see [Microsoft Entra Connect Sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
-
-Now that you've used on premises Microsoft Entra Connect to deploy AD DS and Microsoft Entra synchronization, you’re ready to verify that Microsoft Entra Connect is synchronizing AD DS user and group accounts with Microsoft Entra ID.
-
-### Verify synchronization
-
-Microsoft Entra Connect should start synchronization immediately. Depending on the number of users in your AD DS domain, the synchronization process can take some time. To monitor the process, view the number of AD DS users and groups the tool has synchronized with Microsoft Entra ID in the Office 365 admin console.
-
-
-
-#### To verify AD DS and Microsoft Entra synchronization
-
-1. In your web browser, go to [https://portal.office.com](https://portal.office.com).
-2. Using the administrative account that you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section, sign in to Office 365.
-3. In the list view, expand **USERS**, and then click **Active Users**.
-4. In the details pane, view the list of users. The list of users should mirror the users in AD DS.
-5. In the list view, click **GROUPS**.
-6. In the details pane, view the list of security groups. The list of users should mirror the security groups in AD DS.
-7. In the details pane, double-click one of the security groups.
-8. The list of security group members should mirror the group membership for the corresponding security group in AD DS.
-9. Close the browser.
-
-Now that you've verified Microsoft Entra Connect synchronization, you’re ready to assign user licenses for Microsoft Entra ID P1 or P2.
-
-### Summary
-
-In this section, you selected your synchronization model, deployed Microsoft Entra Connect, and verified that Microsoft Entra ID is synchronizing properly.
-
-## Bulk-import user and group accounts into AD DS
-
-You can bulk-import user and group accounts into your on-premises AD DS domain. Bulk-importing accounts helps reduce the time and effort needed to create users compared to creating the accounts manually in the Office 365 Admin portal. First, you select the appropriate method for bulk-importing user accounts into AD DS. Next, you create the .csv file that contains the user accounts. Finally, you use the selected method to import the .csv file into AD DS.
-
-> [!NOTE]
-> If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
-
-### Select the bulk import method
-
-Several methods are available to bulk-import user accounts into AD DS domains. Table 5 lists the methods that the Windows Server operating system supports natively. In addition, you can use partner solutions to bulk-import user and group accounts into AD DS.
-
-*Table 5. AD DS bulk-import account methods*
-
----
-| Method | Description and reason to select this method |
-|---|---|
-| **Ldifde.exe** | This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
-| **VBScript** | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx). |
-| **Windows PowerShell** | This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Windows PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). |
-
----
-
-### Create a source file that contains the user and group accounts
-
-After you've selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 6 lists the source file format for the bulk import methods.
-
-*Table 6. Source file format for each bulk import method*
-
----
-| Method | Source file format |
-|---|---|
-| **Ldifde.exe** | Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
-| **VBScript** | VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx) |
-| **Windows PowerShell** | Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). |
-
----
-
-### Import the user accounts into AD DS
-
-With the bulk-import source file finished, you’re ready to import the user and group accounts into AD DS. The steps for importing the file are slightly different for each method.
-
-> [!NOTE]
-> Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts.
-
-For more information about how to import user accounts into AD DS by using:
-
-- Ldifde.exe: See [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).
-- VBScript: See [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx).
-- Windows PowerShell: See [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).
-
-### Summary
-
-In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts in to AD DS. If you've Microsoft Entra Connect, it automatically synchronizes the new AD DS user and group accounts to Microsoft Entra ID. Now, you’re ready to assign user licenses for Microsoft Entra ID P1 or P2 in the [Assign user licenses for Microsoft Entra ID P1 or P2](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
-
-## Bulk-import user accounts into Office 365
-
-You can bulk-import user and group accounts directly into Office 365, reducing the time and effort required to create users. First, you bulk-import the user accounts into Office 365. Then, you create the security groups for your institution. Finally, you create the email distribution groups your institution requires.
-
-### Create user accounts in Office 365
-
-Now that you've created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
-
-You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you've many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
-
-The bulk-add process assigns the same Office 365 Education license plan to all users on the list. Therefore, you must create a separate list for each license plan you recorded in Table 2. Depending on the number of faculty members who need to use the classroom, you may want to add the faculty Office 365 accounts manually; however, use the bulk-add process to add student accounts.
-
-For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365](/microsoft-365/enterprise/add-several-users-at-the-same-time).
-
-> [!NOTE]
-> If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
-
-The email accounts are assigned temporary passwords upon creation. Communicate these temporary passwords to your users before they can sign in to Office 365.
-
-### Create Office 365 security groups
-
-Assign SharePoint Online resource permissions to Office 365 security groups, not individual user accounts. For example, create one security group for faculty members and another for students. Then, you can assign unique SharePoint Online resource permissions to faculty members and a different set of permissions to students. Add or remove users from the security groups to grant or revoke access to SharePoint Online resources.
-
-> [!NOTE]
-> If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Microsoft Entra integration to synchronize the security groups with your Office 365 tenant.
-
-For information about creating security groups, see [Create a group in the Microsoft 365 admin center](/microsoft-365/admin/create-groups/create-groups).
-
-You can add and remove users from security groups at any time.
-
-> [!NOTE]
-> Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may need to sign out, and then sign in again for the change to take effect.
-
-### Create email distribution groups
-
-Microsoft Exchange Online uses an email distribution group as a single email recipient for multiple users. For example, you could create an email distribution group that contains all students. Then, you could send a message to the email distribution group instead of individually addressing the message to each student.
-
-You can create email distribution groups based on job role (such as teachers, administration, or students) or specific interests (such as robotics, drama club, or soccer team). You can create any number of distribution groups, and users can be members of more than one group.
-
-> [!NOTE]
-> Office 365 can take some time to complete the Exchange Online creation process. You'll have to wait until Office 365 completes the Exchange Online creation process before you can perform the following steps.
-
-For information about how to create security groups, see [Create a group in the Microsoft 365 admin center](/microsoft-365/admin/create-groups/create-groups).
-
-### Summary
-
-Now, you've bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Microsoft Entra ID P1 or P2.
-
-
-
-## Assign user licenses for Microsoft Entra ID P1 or P2
-
-Microsoft Entra ID is available in Free, Basic, and Premium editions. Microsoft Entra ID Free, which is included in Office 365 Education, has fewer features than Microsoft Entra Basic, which in turn has fewer features than Microsoft Entra ID P1 or P2. Educational institutions can obtain Microsoft Entra Basic licenses at no cost and Microsoft Entra ID P1 or P2 licenses at a reduced cost.
-
-You can assign Microsoft Entra ID P1 or P2 licenses to the users who need the features this edition offers. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Microsoft Entra ID P1 or P2 only to those users.
-
-For more information about:
-
-- Microsoft Entra editions, see [Microsoft Entra editions](/azure/active-directory/fundamentals/active-directory-whatis).
-- How to assign user licenses for Microsoft Entra ID P1 or P2, see [How to assign EMS/Azure AD Premium licenses to user accounts](https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/How-to-assign-Azure-AD-Premium-Licenses-to-user-accounts).
-
-## Create and configure a Microsoft Store for Business portal
-
-Microsoft Store for Business allows you to create your own private portal to manage Microsoft Store apps in your institution. With Microsoft Store for Business, you can do the following:
-
-- Find and acquire Microsoft Store apps.
-- Manage apps, app licenses, and updates.
-- Distribute apps to your users.
-
-For more information, see [Microsoft Store for Business overview](/microsoft-store/microsoft-store-for-business-overview).
-
-The following section shows you how to create a Microsoft Store for Business portal and configure it for your school.
-
-### Create and configure your Microsoft Store for Business portal
-
-To create and configure your Microsoft Store for Business portal, use the administrative account for your Office 365 subscription to sign in to Microsoft Store for Business. Microsoft Store for Business automatically creates a portal for your institution and uses your account as its administrator.
-
-#### To create and configure a Microsoft Store for Business portal
-
-1. In Microsoft Edge or Internet Explorer, go to [https://microsoft.com/business-store](https://microsoft.com/business-store).
-2. On the **Microsoft Store for Business** page, click **Sign in with an organizational account**.
-
- If your institution has AD DS, then don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Microsoft Entra integration to synchronize the security groups with your Office 365 tenant.
-
-1. On the Microsoft Store for Business sign-in page, use the administrative account for the Office 365 subscription you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section to sign in.
-2. On the **Microsoft Store for Business Services Agreement** page, review the agreement, select the **I accept this agreement and certify that I have the authority to bind my organization to its terms** check box, and then click **Accept**
-3. In the **Welcome to the Microsoft Store for Business** dialog box, click **OK**.
-
-After you create the Microsoft Store for Business portal, configure it by using the commands in the settings menu listed in Table 7. Depending on your institution, you may (or may not) need to change these settings to further customize your portal.
-
-*Table 7. Menu selections to configure Microsoft Store for Business settings*
-
----
-| Menu selection | What you can do in this menu |
-|---|---|
-| Account information | Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure portal. For more information, see [Update Microsoft Store for Business account settings](/microsoft-store/update-microsoft-store-for-business-account-settings).|
-| Device Guard signing | Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). |
-| LOB publishers | Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps). |
-| Management tools | Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](/microsoft-store/distribute-apps-with-management-tool). |
-| Offline licensing | Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](/microsoft-store/apps-in-microsoft-store-for-business#licensing-model). |
-| Permissions | Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you've previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](/microsoft-store/roles-and-permissions-microsoft-store-for-business). |
-| Private store | Allows you to change the organization name used in your Microsoft Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store). |
-
----
-
-### Find, acquire, and distribute apps in the portal
-
-Now that you've created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you'll add to your portal. You do this task by using the Inventory page in Microsoft Store for Business.
-
-> [!NOTE]
-> Your educational institution can now use a credit card to pay for apps in Microsoft Store for Business.
-
-You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users.
-
-For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](/microsoft-store/app-inventory-management-microsoft-store-for-business).
-
-### Summary
-
-At the end of this section, you should have a properly configured Microsoft Store for Business portal. You've also found and acquired your apps from Microsoft Store. Finally, you should have deployed all your Microsoft Store apps to your users. Now, you’re ready to deploy Microsoft Store apps to your users.
-
-## Plan for deployment
-
-You'll use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you'll use, the approach you'll use to create your Windows 10 images, and the method you'll use to initiate the LTI deployment process.
-
-### Select the operating systems
-
-Later in the process, you'll import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. If:
-
-- New devices or refreshing existing devices, you'll complete replace the existing operating system on a device with Windows 10.
-- Upgrading existing devices, you'll upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
-
-Depending on your school’s requirements, you may need any combination of the following Windows 10 editions:
-
-- **Windows 10 Home**. Use this operating system to upgrade existing eligible institution-owned and personal devices that are running Windows 8.1 Home or Windows 7 Home to Windows 10 Home.
-- **Windows 10 Pro**. Use this operating system to:
- - Upgrade existing eligible institution-owned and personal devices running Windows 8.1 Pro or Windows 7 Professional to Windows 10 Pro.
- - Deploy new instances of Windows 10 Pro to devices so that new devices have a known configuration.
-- **Windows 10 Education**. Use this operating system to:
- - Upgrade institution-owned devices to Windows 10 Education.
- - Deploy new instances of Windows 10 Education so that new devices have a known configuration.
-- **Windows 10 Pro Education**. Use this operating system to upgrade existing eligible institution-owned devices running Windows 10 Pro Education, version 1903 or later, to Windows 10 Education using [subscription activation](/windows/deployment/windows-10-subscription-activation).
-
-> [!NOTE]
-> Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business. These features aren't available in Windows 10 Home.
-
-One other consideration is the mix of processor architectures you'll support. If you can, support only 64-bit versions of Windows 10. If you've devices that can run only 32-bit versions of Windows 10, you'll need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
-
-> [!NOTE]
-> On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
-
-Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). You can't standardize personal devices on a specific operating system version or processor architecture.
-
-### Select an image approach
-
-A key operating system image decision is whether to use a “thin” or “thick” image. *Thin images* contain only the operating system, and MDT installs the necessary device drivers and apps after the operating system has been installed. *Thick images* contain the operating system, “core” apps (such as Office), and device drivers. With thick images, MDT installs any device drivers and apps not included in the thick image after the operating system has been installed.
-
-The advantage to a thin image is that the final deployment configuration is dynamic, and you can easily change the configuration without having to capture another image. The disadvantage of a thin image is that it takes longer to complete the deployment.
-
-The advantage of a thick image is that the deployment takes less time than it would for a thin image. The disadvantage of a thick image is that you need to capture a new image each time you want to make a change to the operating system, apps, or other software in the image.
-
-### Select a method to initiate deployment
-
-The MDT deployment process is highly automated, requiring minimal information to deploy or upgrade Windows 10, but you must manually initiate the MDT deployment process. To do so, use the method listed in Table 8 that best meets the needs of your institution.
-
-*Table 8. Methods to initiate MDT deployment*
-
----
-| Method | Description and reason to select this method |
-| --- | --- |
-| **Windows Deployment Services** | This method:
- Uses diskless booting to initiate MDT deployment
- Works only with devices that support PXE boot.
- Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
-Deploys images more slowly than when using local media.
- Requires that you deploy a Windows Deployment Services server.
Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server. |
-| **Bootable media** | This method:
- Initiates MDT deployment by booting from local media, including from USB drives, DVD-ROM, or CD-ROM.
- Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
- Deploys images more slowly than when using local media.
- Requires no extra infrastructure.
Select this method when you want to deploy Windows over-the-network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media. |
-| **MDT deployment media** | This method:
- Initiates MDT deployment by booting from a local USB hard disk.
- Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
- Deploys images more quickly than network-based methods do.
- Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).
Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share, you must regenerate the MDT deployment media and update the USB hard disk. |
-
----
-
-### Summary
-
-At the end of this section, you should know the Windows 10 editions and processor architecture that you want to deploy (and will import later in the process). You also determined whether you want to use thin or thick images. Finally, you selected the method for initiating your LTI deployment. Now, you can prepare for Windows 10 deployment.
-
-## Prepare for deployment
-
-To deploy Windows 10 to devices, using the LTI deployment method in MDT. In this section, you prepare your MDT environment and Windows Deployment Services for Windows 10 deployment.
-
-### Configure the MDT deployment share
-
-The first step in preparation for Windows 10 deployment is to configure—that is, *populate*—the MDT deployment share. Table 9 lists the MDT deployment share configuration tasks that you must perform. Perform the tasks in the order represented in Table 9.
-
-*Table 9. Tasks to configure the MDT deployment share*
-
----
-| Task | Description |
-| --- | --- |
-| **1. Import operating systems** | Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportanOperatingSystemintotheDeploymentWorkbench). |
-| **2. Import device drives** | Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device can't play sounds; without the proper camera driver, the device can't take photos or use video chat.
Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench). |
-| **3. Create MDT applications for Microsoft Store apps** | Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.
Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you'll use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you'll need to obtain the .appx files from the app software vendor directly. If you're unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.
If you've Intune, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This method is the preferred one for deploying and managing Microsoft Store apps.
In addition, you must prepare your environment for sideloading (deploying) Microsoft Store apps. For more information about how to:
- Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10).
- Create an MDT application, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). |
-| **4. Create MDT applications for Windows desktop apps** | You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you've sufficient licenses for them.
To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source?f=255&MSPPError=-2147217396).
If you've Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This method is the preferred one for deploying and managing Windows desktop apps.
You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.
For more information about how to create an MDT application for Windows desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). |
-| **5. Create task sequences.** | You must create a separate task sequence for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in Step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education; (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education; or (3) if you want to run deployments and upgrades for both 32 bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:
- Deploy Windows 10 Education 64-bit to devices.
- Deploy Windows 10 Education 32-bit to devices.
- Upgrade existing devices to Windows 10 Education 64-bit.
- Upgrade existing devices to Windows 10 Education 32-bit.
Again, you'll create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench). |
-| **6. Update the deployment share.** | Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32 bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.
For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).|
-
----
-
-### Configure Windows Deployment Services for MDT
-
-You can use Windows Deployment Services with MDT to automatically initiate boot images on target computers. These boot images can be Windows PE images (which you generated in Step 6 in Table 9) or custom images that can deploy operating systems directly to the target computers.
-
-#### To configure Windows Deployment Services for MDT
-
-1. Set up and configure Windows Deployment Services.
-
- Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution. For more information about how to perform this step, see the following resources:
-
- - [Windows Deployment Services overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11))
- - The Windows Deployment Services Help file, included in Windows Deployment Services
- - [Windows Deployment Services Getting Started Guide for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj648426(v=ws.11))
-
-2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
-
- The LTI boot images (.wim files) that you'll add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](/mem/configmgr/mdt/use-the-mdt#AddLTIBootImagestoWindowsDeploymentServices).
-
-### Summary
-
-Now, Windows Deployment Services is ready to initiate the LTI deployment process in MDT. You've set up and configured Windows Deployment Services and added the LTI boot images, which you generated in the previous section, to Windows Deployment Services. Now, you’re ready to prepare to manage the devices in your institution.
-
-## Prepare for device management
-
-Before you deploy Windows 10 in your institution, you must prepare for device management. You'll deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
-
-### Select the management method
-
-If you've only one device to configure, manually configuring that one device is tedious but possible. When you've multiple classrooms of devices to configure, however, manually configuring each device becomes overwhelming. In addition, manually keeping an identical configuration on each device is difficult as the number of devices in the school increases.
-
-For a school, there are many ways to manage devices. Table 10 lists the methods that this guide describes and recommends. Use the information in Table 10 to determine which combination of management methods is right for your institution.
-
-*Table 10. School management methods*
-
----
-| Method | Description |
-| --- | --- |
-| **Group Policy** | Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows. Select this method when you:
- Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
- Want more granular control of device and user settings.
- Have an existing AD DS infrastructure.
- Typically manage on-premises devices.
- Can manage a required setting only by using Group Policy.
The advantages of this method include:
- No cost beyond the AD DS infrastructure.
- A larger number of settings.
The disadvantages of this method are:
- Can only manage domain-joined (institution-owned devices).
- Requires an AD DS infrastructure (if the institution doesn't have AD DS already).
- Typically manages on-premises devices (unless devices connect by using a VPN or DirectAccess). |
-| **Intune** | Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10 and other operating systems, such as iOS/iPadOS, macOS, and Android. Intune is a subscription-based cloud service that integrates with Microsoft 365 and Azure AD.
Select this method when you:
- Want to manage institution-owned and personal devices (doesn't require that the device be domain joined).
- Don’t require the level of granular control over device and user settings (compared to Group Policy).
- Don’t have an existing AD DS infrastructure.
- Need to manage devices regardless of where they are (on or off premises).
- Can manage a required setting only by using Intune.
The advantages of this method are:
- You can manage institution-owned and personal devices.
- It doesn’t require that devices be domain joined.
- It doesn’t require any on-premises infrastructure.
- It can manage devices regardless of their location (on or off premises).
The disadvantages of this method are:
- Carries an extra cost for subscription.
- Doesn’t have a granular level control over device and user settings (compared to Group Policy). |
-
----
-
-### Select Microsoft-recommended settings
-
-Microsoft has several recommended settings for educational institutions. Table 11 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 11 and evaluate their relevancy to your institution. Use the information to help you determine whether you need to configure the setting and which method you'll use to do so. At the end, you'll have a list of settings that you want to apply to the Windows 10 devices and know which management method you'll use to configure the settings.
-
-*Table 11. Recommended settings for educational institutions*
-
----
-| Recommendation | Description |
-| --- | --- |
-| **Use of Microsoft accounts** | You want faculty and students to use only Microsoft Entra accounts for institution-owned devices. For these devices, don't use Microsoft accounts or associate a Microsoft account with the Microsoft Entra accounts.
Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Microsoft Entra account on these devices.
**Group Policy**: Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)?amp;MSPPError=-2147217396&f=255) Group Policy setting to use the Users can’t add Microsoft accounts setting option.
**Intune**: Enable or disable Microsoft accounts by using the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy. |
-| **Restrict local administrator accounts on the devices** | Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.
**Group Policy**: Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732525(v=ws.11)).
**Intune**: Not available |
-| **Manage the built-in administrator account created during device deployment** | When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and optionally disable it.
**Group Policy**: Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-essentials-sbs/cc747484(v=ws.10)). You'll specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852165(v=ws.11)).
**Intune**: Not available. |
-| **Control Microsoft Store access** | You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.
**Group Policy**: You can disable the Microsoft Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](/previous-versions/windows/it-pro/windows-8.1-and-8/hh832040(v=ws.11)#BKMK_UseGP).
**Intune**: You can enable or disable the camera by using the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration** policy. |
-| **Use of Remote Desktop connections to devices** | Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.
**Group Policy**: You can enable or disable Remote Desktop connections to devices by using the **Allow Users to connect remotely using Remote Desktop setting** in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.
**Intune**: Not available. |
-| **Use of camera** | A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.
**Group Policy**: Not available.
**Intune**: You can enable or disable the camera by using the **Allow camera** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy. |
-| **Use of audio recording** | Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.
**Group Policy**: You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) and [Create Your AppLocker Policies](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791899(v=ws.11))
**Intune**: You can enable or disable the camera by using the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy. |
-| **Use of screen capture** | Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.
**Group Policy**: Not available.
**Intune**: You can enable or disable the camera by using the **Allow screen capture** policy setting in the **System** section of a **Windows 10 General Configuration** policy. |
-| **Use of location services** | Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.
**Group Policy**: You can enable or disable location services by using the **Turn off location** Group Policy setting in User Configuration\Windows Components\Location and Sensors.
**Intune**: You can enable or disable the camera by using the **Allow geolocation** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy. |
-| **Changing wallpaper** | Displaying a custom wallpaper can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or the device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on your devices.
**Group Policy**: You can configure the wallpaper by using the **Desktop WallPaper** setting in User Configuration\Administrative Templates\Desktop\Desktop.
**Intune**: Not available. |
-
----
-
-### Configure settings by using Group Policy
-
-Now, you’re ready to configure settings by using Group Policy. The steps in this section assume that you've an AD DS infrastructure. You'll configure the Group Policy settings you select in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
-
-For more information about Group Policy, see [Group Policy Planning and Deployment Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754948(v=ws.10)).
-
-#### To configure Group Policy settings
-
-1. Create a Group Policy object (GPO) that will contain the Group Policy settings by completing the steps in [Create a new Group Policy object](/previous-versions/windows/it-pro/windows-server-2003/cc738830(v=ws.10)).
-2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](/previous-versions/windows/it-pro/windows-server-2003/cc739902(v=ws.10)).
-3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](/previous-versions/windows/it-pro/windows-server-2003/cc738954(v=ws.10)).
-
-### Configure settings by using Intune
-
-Now, you’re ready to configure settings using Intune. The steps in this section assume that you've an Office 365 subscription. You'll configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
-
-For more information about Intune, see [Documentation for Microsoft Intune](/mem/intune/).
-
-#### To configure Intune settings
-
-1. Check your Intune licensing. If you've a Microsoft 365 subscription, you may already have Intune. For more information, see [Microsoft Intune licensing](/mem/intune/fundamentals/licenses).
-2. Enroll devices in Microsoft Intune. For more information on your enrollment options, see [Intune enrollment methods for Windows devices](/mem/intune/enrollment/windows-enrollment-methods).
-3. Configure the [compliance settings](/mem/intune/protect/device-compliance-get-started) and [configuration settings](/mem/intune/configuration/device-profiles) that meet your school system's needs.
-4. Use the reporting features in Intune to monitor devices. For more information, see [Intune reports](/mem/intune/fundamentals/reports).
-
-### Deploy apps by using Intune
-
-You can use Intune to deploy apps to Android, iOS/iPadOS, macOS, and Windows devices. You can manage app security and features on organization-owned devices and personal devices.
-
-For more information about how to configure Intune to manage your apps, see:
-
-- [What is Microsoft Intune app management?](/mem/intune/apps/app-management)
-- [App protection policies overview](/mem/intune/apps/app-protection-policy)
-
-### Summary
-
-In this section, you prepared your institution for device management. You determined whether you want to use Group Policy or Intune to manage your devices. You identified the configuration settings that you want to use to manage your users and devices. Finally, you configured the Group Policy and Intune settings in Group Policy and Intune, respectively.
-
-## Deploy Windows 10 to devices
-
-You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms and for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows to Windows 10.
-
-### Prepare for deployment
-
-Prior to deployment of Windows 10, ensure that you complete the tasks listed in Table 12. Most of these tasks are already complete, but use this step to make sure.
-
-*Table 12. Deployment preparation checklist*
-
----
-| Tasks |
-|-------|
-| The target devices have sufficient system resources to run Windows 10. |
-| Identify the necessary devices drivers, and import them to the MDT deployment share. |
-| Create an MDT application for each Microsoft Store and Windows desktop app. |
-| Notify the students and faculty about the deployment. |
-
----
-
-### Perform the deployment
-
-Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
-
-> [!NOTE]
-> To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](/mem/configmgr/mdt/samples-guide).
-
-In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
-
-#### To deploy Windows 10
-
-1. **Initiate the LTI deployment process**. Initiate the LTI deployment process booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
-2. **Complete the Deployment Wizard**. For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” topic in [Using the Microsoft Deployment Toolkit](/mem/configmgr/mdt/use-the-mdt#Running%20the%20Deployment%20Wizard).
-
-### Set up printers
-
-After you've deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to the [Verify deployment](#verify-deployment) section.
-
-> [!NOTE]
-> If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to the [Verify deployment](#verify-deployment) section.
-
-#### To set up printers
-
-1. Review the printer manufacturer’s instructions for installing the printer drivers.
-2. On the admin device, download the printer drivers.
-3. Copy the printer drivers to a USB drive.
-4. On a device, use the same account you used to set up Windows 10 in the [Perform the deployment](#perform-the-deployment) section to sign in to the device.
-5. Insert the USB drive in the device.
-6. Follow the printer manufacturer’s instructions to install the printer drivers from the USB drive.
-7. Verify that the printer drivers were installed correctly by printing a test page.
-8. Complete steps 1–8 for each printer.
-
-### Verify deployment
-
-As a final quality control step, verify the device configuration to ensure that all apps run. Microsoft recommends that you perform all the tasks that the user would perform. Specifically, verify the following requirements:
-
-- The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
-- Windows Update is active and current with software updates.
-- Windows Defender is active and current with malware Security intelligence.
-- Windows Defender SmartScreen is active.
-- All Microsoft Store apps are properly installed and updated.
-- All Windows desktop apps are properly installed and updated.
-- Printers are properly configured.
-
-When you've verified that the first device is properly configured, you can move to the next device and perform the same steps.
-
-### Summary
-
-You prepared the devices for deployment by verifying that they have adequate system resources and that the resources in the devices have corresponding Windows 10 device drivers. You performed device deployment over the network or by using local MDT media. Next, you configured the appropriate printers on the devices. Finally, you verified that the devices are properly configured and ready for use.
-
-## Maintain Windows devices and Office 365
-
-After the initial deployment, you'll need to perform certain tasks to maintain the Windows 10 devices and your Office 365 Education subscription. You should perform these tasks on the following schedule:
-
-- **Monthly.** These tasks help ensure that the devices are current with software updates and properly protected against viruses and malware.
-- **New semester or academic year.** Perform these tasks prior to the start of a new curriculum—for example, at the start of a new academic year or semester. These tasks help ensure that the classroom environments are ready for the next group of students.
-- **As required (ad hoc).** Perform these tasks as necessary in a classroom. For example, a new version of an app may be available, or a student may inadvertently corrupt a device so that you must restore it to the default configuration.
-
-Table 13 lists the school and individual classroom maintenance tasks, the resources for performing the tasks, and the schedule (or frequency) on which you should perform the tasks.
-
-*Table 13. School and individual classroom maintenance tasks, with resources and the schedule for performing them*
-
----
-| Task and resources | Monthly | New semester or academic year | As required |
-| --- | --- | --- | --- |
-| Verify that Windows Update is active and current with operating system and software updates.
For more information about completing this task, see:
- Intune: See [Keep Windows PCs up to date with software updates in Microsoft Intune](https://www.microsoft.com/en-us/insidetrack/keeping-windows-10-devices-up-to-date-with-microsoft-intune-and-windows-update-for-business)
- Group Policy: See [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)
- Windows Server Update Services (WSUS): See [Deploy Windows Server Update Services](/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services)
- Neither Intune, Group Policy, or WSUS: See [Update Windows](https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a). | ✔️ | ✔️ | ✔️ |
-| Verify that Windows Defender is active and current with malware Security intelligence.
For more information, see [Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune](/mem/intune/protect/advanced-threat-protection) and [Enable and configure Microsoft Defender Antivirus always-on protection in Group Policy](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)). | ✔️ | ✔️ | ✔️ |
-| Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.
For more information about completing this task, see [Protect my PC from viruses](https://support.microsoft.com/windows/protect-my-pc-from-viruses-b2025ed1-02d5-1e87-ba5f-71999008e026). | ✔️ | ✔️ | ✔️ |
-| Verify that you're using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).
For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options for updates and upgrades](/windows/deployment/update/). | | ✔️ | ✔️ |
-| Refresh the operating system and apps on devices.
For more information about completing this task, see the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section. | | ✔️ | ✔️ |
-| Install any new Windows desktop apps or update any Windows desktop apps that are used in the curriculum.
For more information, see the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. | | ✔️ | ✔️ |
-| Install new or update existing Microsoft Store apps that are used in the curriculum.
Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.
You can also deploy Microsoft Store apps directly to devices by using Intune. For more information, see the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. | | ✔️ | ✔️ |
-| Remove unnecessary user accounts (and corresponding licenses) from Office 365.
For more information, see:
- Remove unnecessary user accounts, see [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user).
- Unassign licenses, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). | | ✔️ | ✔️ |
-| Add new accounts (and corresponding licenses) to Office 365.
For more information, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users) and [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users). | | ✔️ | ✔️ |
-| Create or modify security groups and manage group membership in Office 365.
For more information, see:
- [Create a group in the Microsoft 365 admin center](/microsoft-365/admin/create-groups/create-groups)
- [Add or remove members from Microsoft 365 groups using the admin center](/microsoft-365/admin/create-groups/add-or-remove-members-from-groups) | | ✔️ | ✔️ |
-| Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.
For more information, see [Create and manage distribution list groups in Exchange Online](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) and [Create, edit, or delete a security group in the Microsoft 365 admin center](/microsoft-365/admin/email/create-edit-or-delete-a-security-group) | | ✔️ | ✔️ |
-| Install new student devices
Follow the same steps in the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section. | | | ✔️ |
-
----
-
-### Summary
-
-Now, you've identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your school configuration should match the typical school configuration that you saw in the [Plan a typical school configuration](#plan-a-typical-school-configuration) section. By running these maintenance tasks, you help ensure that your school stays secure and is configured as you specified.
-
-## Related resources
-
-- [Try it out: Windows 10 deployment (for educational institutions)](../index.yml)
-- [Try it out: Windows 10 in the classroom](../index.yml)
-- [Chromebook migration guide](/education/windows/chromebook-migration-guide)
diff --git a/education/windows/deploy-windows-10-overview.md b/education/windows/deploy-windows-10-overview.md
deleted file mode 100644
index bbe2d5fc6c..0000000000
--- a/education/windows/deploy-windows-10-overview.md
+++ /dev/null
@@ -1,92 +0,0 @@
----
-title: Windows 10 for Education
-description: Learn how to use Windows 10 in schools.
-ms.topic: how-to
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Windows 10 for Education
-
-## Learn
-
-**[Windows 10 editions for education customers](windows-editions-for-education-customers.md)**
-
-Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
-
-**[Compare each Windows edition](https://www.microsoft.com/WindowsForBusiness/Compare)**
-
-Find out more about the features and functionality we support in each edition of Windows.
-
-**[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)**
-
-When you've made your decision, find out how to buy Windows for your school.
-
-## Plan
-
-**[Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)**
-
-Provides guidance on ways to customize the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school.
-
-**[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)**
-
-Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
-
-**[Get Minecraft Education Edition](get-minecraft-for-education.md)**
-
-Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
-
-**[Take tests in Windows](take-tests-in-windows.md)**
-
-Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
-
-**[Chromebook migration guide](chromebook-migration-guide.md)**
-
-Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
-
-## Deploy
-
-**[Set up Windows devices for education](set-up-windows-10.md)**
-
-Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.
-
-**[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)**
-
-Get step-by-step guidance to help you deploy Windows 10 in a school environment.
-
-**[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)**
-
-Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
-
-**[Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md)**
-
-Test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
-
-## Switch
-
-**[Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)**
-
-If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.
-
-## Windows 8.1
-
-Follow these links to find step-by-step guidance on how to deploy Windows 8.1 in an academic environment.
-
-
Explore key considerations and questions that should be answered when planning for Windows 8.1 deployment.
Get an overview of Windows 8.1 deployment to PCs in an educational environment.
Explore Bring Your Own Device (BYOD) considerations, including device types, infrastructure, and deployment models.
Get step-by-step instructions on how to configure and deploy Windows RT devices (like Surface and other tablets) in educational environments.
Learn how to address challenges related to BYOD scenarios using Virtual Desktop Infrastructure (VDI).
Explore Microsoft Store app deployment strategies and considerations for educational institutions running Windows 8.1.
Learn about the benefits, limitations, and processes involved in deploying Windows To Go.
Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**|
|
Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**|
-Apply the provisioning package to the shared devices that require federated sign-in.
+Apply the provisioning package to the shared devices that require web sign-in.
> [!IMPORTANT]
> There was an issue affecting Windows 11, version 22H2 when using provisioning packages during OOBE. The issue was fixed with the KB5020044 update. If you plan to configure federated sign-in with a provisioning package during OOBE, ensure that the devices have the update installed. For more information, see [KB5020044][KB-1].
@@ -172,7 +177,7 @@ As users enter their username, they're redirected to the identity provider sign-
:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Screenshot of Windows 11 SE sign-in using federated sign-in through Clever and QR code badge, in a student assigned (1:1) device." border="false":::
> [!IMPORTANT]
-> For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing Ctrl+Alt+Delete to get back to the standard Windows sign-in screen.
+> For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the Federated sign-in flow by pressing Ctrl+Alt+Delete to get back to the standard Windows sign-in screen.
> The behavior is different for student shared devices, where the disambiguation page is always shown, unless preferred Microsoft Entra tenant name is configured.
## Important considerations
@@ -196,8 +201,6 @@ The following issues are known to affect student shared devices:
For student shared devices, it's recommended to configure the account management policies to automatically delete the user profiles after a certain period of inactivity or disk levels. For more information, see [Set up a shared or guest Windows device][WIN-3].
-
-
### Preferred Microsoft Entra tenant name
To improve the user experience, you can configure the *preferred Microsoft Entra tenant name* feature.\
@@ -205,8 +208,6 @@ When using preferred Microsoft Entra tenant name, the users bypass the disambigu
For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-4].
-
-
### Identity matching in Microsoft Entra ID
When a Microsoft Entra user is federated, the user's identity from the IdP must match an existing user object in Microsoft Entra ID.
diff --git a/education/windows/images/autopilot-reset-customlogin.png b/education/windows/images/autopilot-reset-customlogin.png
deleted file mode 100644
index d86cb57895..0000000000
Binary files a/education/windows/images/autopilot-reset-customlogin.png and /dev/null differ
diff --git a/education/windows/images/autopilot-reset-lockscreen.png b/education/windows/images/autopilot-reset-lockscreen.png
deleted file mode 100644
index f6fa6d3467..0000000000
Binary files a/education/windows/images/autopilot-reset-lockscreen.png and /dev/null differ
diff --git a/education/windows/images/autopilot-reset-provisioningcomplete.png b/education/windows/images/autopilot-reset-provisioningcomplete.png
deleted file mode 100644
index dd62db8c72..0000000000
Binary files a/education/windows/images/autopilot-reset-provisioningcomplete.png and /dev/null differ
diff --git a/education/windows/images/chromebook-fig1-googleadmin.png b/education/windows/images/chromebook-fig1-googleadmin.png
deleted file mode 100644
index b3d42e5ff2..0000000000
Binary files a/education/windows/images/chromebook-fig1-googleadmin.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure1.png b/education/windows/images/deploy-win-10-school-figure1.png
deleted file mode 100644
index 66113dcce1..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure1.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure2.png b/education/windows/images/deploy-win-10-school-figure2.png
deleted file mode 100644
index 0227f8dbaa..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure2.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure3.png b/education/windows/images/deploy-win-10-school-figure3.png
deleted file mode 100644
index 1b39b5cc14..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure3.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure4.png b/education/windows/images/deploy-win-10-school-figure4.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure4.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure5.png b/education/windows/images/deploy-win-10-school-figure5.png
deleted file mode 100644
index 550386f1ce..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure5.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure6.png b/education/windows/images/deploy-win-10-school-figure6.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure6.png and /dev/null differ
diff --git a/education/windows/images/deploy-win-10-school-figure7.png b/education/windows/images/deploy-win-10-school-figure7.png
deleted file mode 100644
index 8e7581007a..0000000000
Binary files a/education/windows/images/deploy-win-10-school-figure7.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig1.png b/education/windows/images/edu-districtdeploy-fig1.png
deleted file mode 100644
index 9e9cd6c238..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig1.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig2.png b/education/windows/images/edu-districtdeploy-fig2.png
deleted file mode 100644
index dfa00a0132..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig2.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig3.png b/education/windows/images/edu-districtdeploy-fig3.png
deleted file mode 100644
index 0227f8dbaa..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig3.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig4.png b/education/windows/images/edu-districtdeploy-fig4.png
deleted file mode 100644
index ca07e5a968..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig4.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig5.png b/education/windows/images/edu-districtdeploy-fig5.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig5.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig6.png b/education/windows/images/edu-districtdeploy-fig6.png
deleted file mode 100644
index 550386f1ce..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig6.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig7.png b/education/windows/images/edu-districtdeploy-fig7.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig7.png and /dev/null differ
diff --git a/education/windows/images/edu-districtdeploy-fig8.png b/education/windows/images/edu-districtdeploy-fig8.png
deleted file mode 100644
index 8e7581007a..0000000000
Binary files a/education/windows/images/edu-districtdeploy-fig8.png and /dev/null differ
diff --git a/education/windows/images/fig2-locallyconfig.png b/education/windows/images/fig2-locallyconfig.png
deleted file mode 100644
index d2fe9820da..0000000000
Binary files a/education/windows/images/fig2-locallyconfig.png and /dev/null differ
diff --git a/education/windows/images/i4e_editionupgrade.png b/education/windows/images/i4e_editionupgrade.png
deleted file mode 100644
index ed5b281086..0000000000
Binary files a/education/windows/images/i4e_editionupgrade.png and /dev/null differ
diff --git a/education/windows/images/msfe_manage_benefits_checktoconfirm.png b/education/windows/images/msfe_manage_benefits_checktoconfirm.png
deleted file mode 100644
index 90df941e00..0000000000
Binary files a/education/windows/images/msfe_manage_benefits_checktoconfirm.png and /dev/null differ
diff --git a/education/windows/images/msfe_manage_reverttowin10pro.png b/education/windows/images/msfe_manage_reverttowin10pro.png
deleted file mode 100644
index 30d0313f9b..0000000000
Binary files a/education/windows/images/msfe_manage_reverttowin10pro.png and /dev/null differ
diff --git a/education/windows/images/setedupolicies_omauri.PNG b/education/windows/images/setedupolicies_omauri.png
similarity index 100%
rename from education/windows/images/setedupolicies_omauri.PNG
rename to education/windows/images/setedupolicies_omauri.png
diff --git a/education/windows/images/settings_connectedtoazuread_3.png b/education/windows/images/settings_connectedtoazuread_3.png
deleted file mode 100644
index 7311392405..0000000000
Binary files a/education/windows/images/settings_connectedtoazuread_3.png and /dev/null differ
diff --git a/education/windows/images/settings_setupworkorschoolaccount_2.png b/education/windows/images/settings_setupworkorschoolaccount_2.png
deleted file mode 100644
index 78237cfa31..0000000000
Binary files a/education/windows/images/settings_setupworkorschoolaccount_2.png and /dev/null differ
diff --git a/education/windows/images/settings_workorschool_1.png b/education/windows/images/settings_workorschool_1.png
deleted file mode 100644
index 4c53e6b3e2..0000000000
Binary files a/education/windows/images/settings_workorschool_1.png and /dev/null differ
diff --git a/education/windows/images/suspcs/1812_Add_Apps_SUSPC.png b/education/windows/images/suspcs/1812_Add_Apps_SUSPC.png
deleted file mode 100644
index b494aea2dd..0000000000
Binary files a/education/windows/images/suspcs/1812_Add_Apps_SUSPC.png and /dev/null differ
diff --git a/education/windows/images/suspcs/2023-02-16_13-02-37.png b/education/windows/images/suspcs/2023-02-16_13-02-37.png
deleted file mode 100644
index dc396099bf..0000000000
Binary files a/education/windows/images/suspcs/2023-02-16_13-02-37.png and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_configure_pc2.jpg b/education/windows/images/suspcs/suspc_configure_pc2.jpg
deleted file mode 100644
index 68c0080b22..0000000000
Binary files a/education/windows/images/suspcs/suspc_configure_pc2.jpg and /dev/null differ
diff --git a/education/windows/images/suspcs/suspc_getstarted_050817.PNG b/education/windows/images/suspcs/suspc_getstarted_050817.png
similarity index 100%
rename from education/windows/images/suspcs/suspc_getstarted_050817.PNG
rename to education/windows/images/suspcs/suspc_getstarted_050817.png
diff --git a/education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG b/education/windows/images/suspcs/suspc_runpackage_getpcsready.png
similarity index 100%
rename from education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_runpackage_getpcsready.png
diff --git a/education/windows/images/wcd/setedupolicies.PNG b/education/windows/images/wcd/setedupolicies.png
similarity index 100%
rename from education/windows/images/wcd/setedupolicies.PNG
rename to education/windows/images/wcd/setedupolicies.png
diff --git a/education/windows/images/wcd/wcd_productkey.png b/education/windows/images/wcd/wcd_productkey.png
deleted file mode 100644
index fbbfda7eb9..0000000000
Binary files a/education/windows/images/wcd/wcd_productkey.png and /dev/null differ
diff --git a/education/windows/images/wcd/wcd_settings_assignedaccess.PNG b/education/windows/images/wcd/wcd_settings_assignedaccess.png
similarity index 100%
rename from education/windows/images/wcd/wcd_settings_assignedaccess.PNG
rename to education/windows/images/wcd/wcd_settings_assignedaccess.png
diff --git a/education/windows/images/win-10-pro-edu-activated-subscription-active.png b/education/windows/images/win-10-pro-edu-activated-subscription-active.png
deleted file mode 100644
index d29fa0e0e5..0000000000
Binary files a/education/windows/images/win-10-pro-edu-activated-subscription-active.png and /dev/null differ
diff --git a/education/windows/images/win-10-pro-edu-not-activated-subscription-active.PNG b/education/windows/images/win-10-pro-edu-not-activated-subscription-active.PNG
deleted file mode 100644
index 8e9242c0ba..0000000000
Binary files a/education/windows/images/win-10-pro-edu-not-activated-subscription-active.PNG and /dev/null differ
diff --git a/education/windows/index.yml b/education/windows/index.yml
index a78beaa537..d14d00dd63 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -6,16 +6,14 @@ brand: windows
metadata:
ms.topic: hub-page
- ms.prod: windows-client
- ms.technology: itpro-edu
ms.collection:
- education
- - highpri
- tier1
+ - essentials-navigation
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
- ms.date: 08/07/2023
+ ms.date: 10/30/2023
highlightedContent:
items:
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
deleted file mode 100644
index 27bffd9a4e..0000000000
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-title: Microsoft Entra join with Set up School PCs app
-description: Learn how Microsoft Entra join is configured in the Set up School PCs app.
-ms.topic: reference
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Microsoft Entra join for school PCs
-
-> [!NOTE]
-> Set up School PCs app uses Microsoft Entra join to configure PCs. The app is helpful if you use the cloud based directory, Microsoft Entra ID. If your organization uses Active Directory or requires no account to connect, install and use [Windows Configuration
-> Designer](set-up-students-pcs-to-join-domain.md) to
-> join your PCs to your school's domain.
-
-Set up School PCs lets you create a provisioning package that automates Microsoft Entra ID
-Join on your devices. This feature eliminates the need to manually:
-
-- Connect to your school's network.
-- Join your organization's domain.
-
-## Automated connection to school domain
-
-During initial device setup, Microsoft Entra join automatically connects your PCs to your school's Microsoft Entra domain. You can skip all of the Windows setup experience that is typically a part of the out-of-the-box-experience (OOBE). Devices that are managed by a mobile device manager, such as Intune, are automatically enrolled with the provider upon initial device startup.
-
-Students who sign in to their PCs with their Microsoft Entra credentials get access to on-premises apps and the following cloud apps:
-* Office 365
-* OneDrive
-* OneNote
-
-
-
-## Enable Microsoft Entra join
-
-Learn how to enable Microsoft Entra join for your school. After you configure this setting, you'll be able to request an automated Microsoft Entra bulk token, which you need to create a provisioning package.
-
-1. Sign in to the Azure portal with your organization's credentials.
-2. Go to **Azure
-Active Directory** \> **Devices** \> **Device settings**.
-3. Enable the setting
-for Microsoft Entra ID by selecting **All** or **Selected**. If you choose the latter
-option, select the teachers and IT staff to allow them to connect to Microsoft Entra ID.
-
-
-
-You can also create an account that holds the exclusive rights to join devices. When a student PC has to be set up, provide the account credentials to the appropriate teachers or staff.
-
-## All Device Settings
-
-The following table describes each setting within **Device Settings**.
-
-| Setting | Description |
-|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Users may join devices to Microsoft Entra ID | Choose the scope of people in your organization that are allowed to join devices to Microsoft Entra ID. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Microsoft Entra ID. |
-| More local administrators on Microsoft Entra joined devices | Only applicable to Microsoft Entra ID P1 or P2 tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. |
-| Users may register their devices with Microsoft Entra ID | Allow all or none of your users to register their devices with Microsoft Entra ID (Workplace Join). If you're enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you. |
-| Require Multi-Factor Authentication to join devices | Recommended when adding devices to Microsoft Entra ID. When set to **Yes**, users that are setting up devices must enter a second method of authentication. |
-| Maximum number of devices per user | Set the maximum number of devices a user is allowed to have in Microsoft Entra ID. If the maximum is exceeded, the user must remove one or more existing devices before more devices are added. |
-| Users may sync settings and enterprise app data | Allow all or none of your users to sync settings and app data across multiple devices. Tenants with Microsoft Entra ID P1 or P2 are permitted to select specific users to allow. |
-
-
-
-## Clear Microsoft Entra tokens
-
-Your Intune tenant can only have 500 active Microsoft Entra tokens, or packages, at a time. You'll receive a notification in the Intune portal when you reach 500 active tokens.
-
-To reduce your inventory, clear out all unnecessary and inactive tokens.
-1. Go to **Microsoft Entra ID** > **Users** > **All users**
-2. In the **User Name** column, select and delete all accounts with a **package\ _**
-prefix. These accounts are created at a 1:1 ratio for every token and are safe
-to delete.
-3. Select and delete inactive and expired user accounts.
-
-### How do I know if my package expired?
-Automated Microsoft Entra tokens expire after 180 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.
-
-
-
-## Next steps
-Learn more about setting up devices with the Set up School PCs app.
-* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
-* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
-* [Set up Windows 10 devices for education](set-up-windows-10.md)
-
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 0396303749..6086d0f017 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -5,7 +5,7 @@ ms.date: 06/02/2023
ms.topic: reference
appliesto:
- ✅ Windows 10
----
+---
# What's in my provisioning package?
@@ -48,7 +48,7 @@ For a more detailed look at the policies, see the Windows article [Set up shared
This section lists only the MDM and local group policies that are configured uniquely for the Set up School PCs app.
-For a more detailed look of each policy listed, see [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.
+For a more detailed look of each policy listed, see [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.
| Policy name | Default value | Description |
|--|--|--|
@@ -81,10 +81,10 @@ For a more detailed look of each policy listed, see [Policy CSP](/windows/client
## Apps uninstalled from Windows devices
-Set up School PCs app uses the Universal app uninstall policy. The policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device. The apps uninstalled from Windows devices are:
+Set up School PCs app uses the Universal app uninstall policy. The policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device. The apps uninstalled from Windows devices are:
- Mixed Reality Viewer
-- Weather
+- Weather
- Desktop App Installer
- Tips
- Messaging
@@ -106,11 +106,11 @@ Set up School PCs uses the Universal app install policy to install school-releva
## Provisioning time estimates
-The time it takes to install a package on a device depends on the:
+The time it takes to install a package on a device depends on the:
- Strength of network connection
- Number of policies and apps within the package
-- Other configurations made to the device
+- Other configurations made to the device
Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes preinstalled apps, through CleanPC, will take much longer to provision.
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 8dd635d04e..213c75c26f 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -2,7 +2,7 @@
title: Set up School PCs app technical reference overview
description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
ms.topic: overview
-ms.date: 08/10/2022
+ms.date: 01/16/2024
appliesto:
- ✅ Windows 10
---
@@ -14,47 +14,36 @@ The **Set up School PCs** app helps you configure new Windows 10 PCs for school
If your school uses Microsoft Entra ID or Office 365, the Set up
School PCs app will create a setup file. This file joins the PC to your Microsoft Entra tenant. The app also helps set up PCs for use with or without Internet connectivity.
-
+## Join devices to Microsoft Entra ID
-## Join PC to Microsoft Entra ID
-If your school uses Microsoft Entra ID or Office 365, the Set up
-School PCs app creates a setup file that joins your PC to your Azure Active
-Directory tenant.
+If your school uses Microsoft Entra ID or Office 365, the Set up School PCs app creates a setup file that joins your PC to your Microsoft Entra ID tenant.
The app also helps set up PCs for use with or without Internet connectivity.
## List of Set up School PCs features
+
The following table describes the Set up School PCs app features and lists each type of Intune subscription. An X indicates that the feature is available with the specific subscription.
-| Feature | No Internet | Microsoft Entra ID | Office 365 | Microsoft Entra ID P1 or P2 |
-|--------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------|
-| **Fast sign-in** | X | X | X | X |
-| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | |
-| **Custom Start experience** | X | X | X | X |
-| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | |
-| **Guest account, no sign-in required** | X | X | X | X |
-| Set up computers for use by anyone with or without an account. | | | | |
-| **School policies** | X | X | X | X |
-| Settings create a relevant, useful learning environment and optimal computer performance. | | | | |
-| **Microsoft Entra join** | | X | X | X |
-| Computers join with your existing Microsoft Entra ID or Office 365 subscription for centralized management. | | | | |
-| **Single sign-on to Office 365** | | | X | X |
-| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | |
-| **Take a Test app** | | | | X |
-| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | |
-| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Microsoft Entra ID** | | | | X |
-| Synchronize student and application data across devices for a personalized experience. | | | | |
+| Feature | No Internet | Microsoft Entra ID | Office 365 | Microsoft Entra ID P1 or P2 |
+|--|--|--|--|--|
+| **Fast sign-in** | X | X | X | X |
+| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | |
+| **Custom Start experience** | X | X | X | X |
+| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | |
+| **Guest account, no sign-in required** | X | X | X | X |
+| Set up computers for use by anyone with or without an account. | | | | |
+| **School policies** | X | X | X | X |
+| Settings create a relevant, useful learning environment and optimal computer performance. | | | | |
+| **Microsoft Entra join** | | X | X | X |
+| Computers join with your existing Microsoft Entra ID or Office 365 subscription for centralized management. | | | | |
+| **Single sign-on to Office 365** | | | X | X |
+| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | |
+| **Take a Test app** | | | | X |
+| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | |
+| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Microsoft Entra ID** | | | | X |
+| Synchronize student and application data across devices for a personalized experience. | | | | |
-> [!NOTE]
-> If your school uses Active Directory, use [Windows Configuration
-> Designer](set-up-students-pcs-to-join-domain.md)
-> to configure your PCs to join the domain. You can only use the Set up School
-> PCs app to set up PCs that are connected to Microsoft Entra ID.
-
-## Next steps
-Learn more about setting up devices with the Set up School PCs app.
-* [Microsoft Entra join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
-* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
-* [Set up Windows 10 devices for education](set-up-windows-10.md)
+>[!NOTE]
+>You can only use the Set up School PCs app to set up PCs that are connected to Microsoft Entra ID.
When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
deleted file mode 100644
index 97988171bf..0000000000
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-title: What's new in the Windows Set up School PCs app
-description: Find out about app updates and new features in Set up School PCs.
-ms.topic: whats-new
-ms.date: 08/10/2022
----
-
-# What's new in Set up School PCs
-Learn what's new with the Set up School PCs app each week. Find out about new app features and functionality, see updated screenshots, and find information about past releases.
-
-## Week of August 24, 2020
-
-### Longer device names supported in app
-You can now give devices running Windows 10, version 2004 and later a name that's up to 53 characters long.
-
-## Week of September 23, 2019
-
-### Easier way to deploy Office 365 to your classroom devices
- Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Microsoft 365 Apps for enterprise. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.
-
-## Week of June 24, 2019
-
-### Resumed support for Windows 10, version 1903 and later
-The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app.
-
-### Device rename made optional for Azure AD-joined devices
-When you set up your Azure AD join devices in the app, you no longer need to rename your devices. You can keep existing device names.
-
-## Week of May 23, 2019
-
-### Suspended support for Windows 10, version 1903 and later
-Due to a provisioning problem, Set up School PCs has temporarily stopped support for Windows 10, version 1903 and later. All settings in the app that were for Windows 10, version 1903 and later have been removed. When the problem is resolved, support will resume again.
-
-### Mandatory device rename for Azure AD-joined devices
-If you configure Azure AD Join, you're now required to rename your devices during setup. You can't keep existing device names.
-
-## Week of April 15, 2019
-
-### Support for Minecraft Education Edition upgrade
- Set up School PCs only adds apps to the provisioning package that meet the minimum supported version for Windows 10. For example, Minecraft is the most recent store app to upgrade; it's only installed on devices running Windows 10, version 1709 and later. If you select an earlier version of Windows, Minecraft won't be included in the provisioning package.
-
-## Week of April 8, 2019
-
-### Apps configured as non-removeable
-Apps that you deploy with Set up School PCs are configured as non-removable apps. This feature prevents students from unpinning or uninstalling the apps they need.
-
-### Domain name automatically added during sign-in
-Specify your preferred Azure Active Directory tenant domain name to automatically append it to the username on the sign-in screen. With this setting, students don't need to type out long school domain names. To sign in, they type only their unique usernames.
-
-### Set up devices with hidden Wi-Fi network
-Set up devices so that they connect to a hidden Wi-Fi network. To configure a hidden network, open the app. When you get to **Wireless network**, choose **Add a Wi-Fi network**. Enter in your Wi-Fi information and select **Hidden network**.
-
-
-## Week of December 31, 2018
-
-### Add Microsoft Whiteboard to provisioning package
-Microsoft Whiteboard is now a Microsoft-recommended app for schools. Whiteboard is a freeform digital canvas where ideas, content, and people come together; students can create and collaborate in real time in the classroom. Add the app to your provisioning package on the **Add apps** page. For more information, see [Use Set up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package).
-
-## Week of November 5, 2018
-
-### Sync school app inventory from Microsoft Store
-During setup, you can now add apps from your school's Microsoft Store inventory. After you sign in with your school's Office 365 account, Set up School PCs will sync the apps from Microsoft Store, and make them visible on the **Add apps** page. For more information about adding apps, see [Use Set Up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package).
-
-
-## Week of October 15, 2018
-
-The Set up School PCs app was updated with the following changes:
-
-### Three new setup screens added to the app
-The following screens and functionality were added to the setup workflow. Select a screen name to view the relevant steps and screenshots in the Set Up School PCs docs.
-
-* [**Package name**](use-set-up-school-pcs-app.md#package-name): Customize a package name to make it easy to recognize it from your school's other packages. Azure Active Directory generates the name. It appears as the filename, and as the token name in Azure AD in the Azure portal.
-
-* [**Product key**](use-set-up-school-pcs-app.md#product-key): Enter a product key to upgrade your current edition of Windows 10, or change the existing product key.
-
-* [**Personalization**](use-set-up-school-pcs-app.md#personalization): Upload images from your computer to customize how the lock screen and background appears on student devices.
-
-### Azure AD token expiration extended to 180 days
-Packages now expire 180 days from the date you create them.
-
-### Updated apps with more helpful, descriptive text
-The **Skip** buttons in the app now communicate the intent of each action. An **Exit** button also appears on the last page of the app.
-
-### Option to keep existing device names
-The [**Name these devices** screen](use-set-up-school-pcs-app.md#device-names) now gives you the option to keep the original or existing names of your student devices.
-
-### Skype and Messaging apps to be removed from student PCs by default
-The Skype and Messaging apps are part of a selection of apps that are, by default, removed from student devices.
-
-
-## Next steps
-Learn how to create provisioning packages and set up devices in the app.
-* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
-* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
-* [Set up Windows 10 devices for education](set-up-windows-10.md)
-
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
\ No newline at end of file
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
deleted file mode 100644
index 91f2ad28d1..0000000000
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Set up student PCs to join domain
-description: Learn how to use Windows Configuration Designer to provision student devices to join Active Directory.
-ms.topic: how-to
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Set up student PCs to join domain
-
-If your school uses Active Directory, use the Windows Configuration Designer tool to create a provisioning package that will configure a PC for student use that is joined to the Active Directory domain.
-
-## Install Windows Configuration Designer
-Follow the instructions in [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-
-## Create the provisioning package
-Follow the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment). However, make a note of these steps to further customize the provisioning package for use in a school that will join a student PC to a domain:
-
-1. In the **Account Management** step:
-
- > [!WARNING]
- > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you'll have to reimage the device and start over. As a best practice, we recommend:
- > - Use a least-privileged domain account to join the device to the domain.
- > - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
- > - [Use Group Policy to delete the temporary administrator account](/archive/blogs/canitpro/group-policy-creating-a-standard-local-admin-account) after the device is enrolled in Active Directory.
-
-2. After you're done with the wizard, don't click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**.
-3. Find the **SharedPC** settings group.
- - Set **EnableSharedPCMode** to **TRUE** to configure the PC for shared use.
-4. (Optional) To configure the PC for secure testing, follow these steps.
- 1. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
- 2. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
-
- **Figure 7** - Add the account to use for test-taking
-
- 
-
- The account can be in one of the following formats:
- - username
- - domain\username
- - computer name\\username
- - username@tenant.com
-
- 3. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
- 1. In **LaunchURI**, enter the assessment URL.
- 2. In **TesterAccount**, enter the test account you entered in the previous step.
-
-5. To configure other settings to make Windows education ready, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) and follow the guidance on what settings you can set using Windows Configuration Designer.
-
-6. Follow the steps to [build a package](/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
- - You'll see the file path for your provisioning package. By default, this path is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name).
- - Copy the provisioning package to a USB drive.
-
- > [!IMPORTANT]
- > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-## Apply package
-Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created.
\ No newline at end of file
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
deleted file mode 100644
index 669dc2484c..0000000000
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Provision student PCs with apps
-description: Learn how to use Windows Configuration Designer to easily provision student devices to join Active Directory.
-ms.topic: how-to
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-# Provision student PCs with apps
-
-To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
-
-Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
-
-You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
-
-- If you want to [provision a school PC to join a domain](set-up-students-pcs-to-join-domain.md) and add apps in the same provisioning package, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
-
-- If you want to provision a school PC to join Microsoft Entra ID, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package.
-
-## Learn more
-
--[Develop Universal Windows Education apps](/windows/uwp/apps-for-education/)
-
-- [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
deleted file mode 100644
index 784d5978ac..0000000000
--- a/education/windows/set-up-windows-10.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Set up Windows devices for education
-description: Decide which option for setting up Windows 10 is right for you.
-ms.topic: overview
-ms.date: 08/10/2022
-appliesto:
- - ✅ Windows 10
----
-
-# Set up Windows devices for education
-
-You have two tools to choose from to set up PCs for your classroom:
-
-- Set up School PCs
-- Windows Configuration Designer
-
-Choose the tool that is appropriate for how your students will sign in (Active Directory, Microsoft Entra ID, or no account).
-
-You can use the following diagram to compare the tools.
-
-
-
-## In this section
-
-- [Use the Set up School PCs app](use-set-up-school-pcs-app.md)
-- [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
-- [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
-- [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
-
-## Related topics
-
-[Take tests in Windows](take-tests-in-windows.md)
-[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)S
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index da1540090d..f7c44f77e7 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -1,7 +1,7 @@
---
title: Take a Test app technical reference
description: List of policies and settings applied by the Take a Test app.
-ms.date: 03/31/2023
+ms.date: 11/02/2023
ms.topic: reference
---
@@ -11,11 +11,11 @@ Take a Test is an application that locks down a device and displays an online as
Whether you're a teacher or IT administrator, you can configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment. This environment means that students taking the tests that don't have copy/paste privileges, can't access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher's preferred assessment website to deliver digital assessments.
-Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](/windows/uwp/apps-for-education/take-a-test-api).
+Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test JavaScript API](/windows/uwp/apps-for-education/take-a-test-api).
## PC lock-down for assessment
- When the assessment page initiates lock-down, the student's desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
+ When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
When running above the lock screen:
@@ -25,7 +25,7 @@ When running above the lock screen:
- System clipboard is cleared
- Web apps can query the processes currently running in the user's device
- Extended display shows up as black
-- Auto-fill is disabled
+- Autofill is disabled
## Mobile device management (MDM) policies
@@ -36,7 +36,7 @@ When Take a Test is running, the following MDM policies are applied to lock down
| AllowToasts | Disables toast notifications from being shown | 0 |
| AllowAppStoreAutoUpdate | Disables automatic updates for Store apps that are installed on the PC | 0 |
| AllowDeviceDiscovery | Disables UI for screen sharing | 0 |
-| AllowInput Panel | Disables the onscreen keyboard, which will disable auto-fill | 0 |
+| AllowInput Panel | Disables the onscreen keyboard, which disables autofill | 0 |
| AllowCortana | Disables Cortana functionality | 0 |
| AllowAutoupdate | Disables Windows Update from starting OS updates | 5 |
@@ -61,7 +61,7 @@ When Take a Test is running, the following functionality is available to student
- Magnifier is available through Win++
- The student can press Alt+Tab when locked down. This key press results in the student being able to switch between the following elements:
- Take a Test
- - Assistive technology that may be running
+ - Assistive technology that might be running
- Lock screen (not available if student is using a dedicated test account)
> [!NOTE]
@@ -77,22 +77,22 @@ When permissive mode is triggered in lock-down mode, Take a Test transitions fro
When running tests in this mode, keep the following points in mind:
- Permissive mode isn't supported in kiosk mode (dedicated test account)
-- Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it will launch in permissive mode
+- Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it launches in permissive mode
## Troubleshoot Take a Test with the event viewer
-You can use the Event Viewer to view Take a Test events and errors. Take a Test logs events when a lock-down request has been received, device enrollment has succeeded, lock-down policies were successfully applied, and more.
+You can use the Event Viewer to view Take a Test events and errors. Take a Test logs events when it receives a lock-down request, device enrollment completes, lock-down policies are successfully applied, and more.
To enable viewing events in the Event Viewer:
-1. Open the `Event Viewer`
-1. Navigate to `Applications and Services Logs > Microsoft > Windows > Management-SecureAssessment`
-1. Select `Operational` > `Enable Log`
+1. Open the Event Viewer
+1. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **Management-SecureAssessment**
+1. Select **Operational** > **Enable Log**
To save the event logs:
-1. Select `Operational` > `Save All Events As…`
+1. Select **Operational** > **Save All Events As…**
## Learn more
-[Take a Test API](/windows/uwp/apps-for-education/take-a-test-api)
\ No newline at end of file
+[Take a Test API](/windows/uwp/apps-for-education/take-a-test-api)
diff --git a/education/windows/toc.yml b/education/windows/toc.yml
index 708fd96a30..667c2ddc07 100644
--- a/education/windows/toc.yml
+++ b/education/windows/toc.yml
@@ -9,7 +9,7 @@ items:
- name: Deploy applications to Windows 11 SE
href: tutorial-deploy-apps-winse/toc.yml
- name: Concepts
- items:
+ items:
- name: Windows 11 SE
items:
- name: Overview
@@ -26,8 +26,6 @@ items:
href: /windows/deployment/windows-10-pro-in-s-mode?context=/education/context/context
- name: Deploy Win32 apps to S Mode devices
href: /windows/security/threat-protection/windows-defender-application-control/lob-win32-apps-on-s?context=/education/context/context
- - name: Windows 10 editions for education customers
- href: windows-editions-for-education-customers.md
- name: Considerations for shared and guest devices
href: /windows/configuration/shared-devices-concepts?context=/education/context/context
- name: Windows 10 configuration recommendations for education customers
@@ -49,39 +47,13 @@ items:
- name: Configure federation between Google Workspace and Microsoft Entra ID
href: configure-aad-google-trust.md
- name: Configure Shared PC
- href: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
+ href: /windows/configuration/shared-pc/set-up-shared-or-guest-pc?context=/education/context/context
- name: Get and deploy Minecraft Education
href: get-minecraft-for-education.md
- name: Use the Set up School PCs app
href: use-set-up-school-pcs-app.md
- name: Upgrade Windows Home to Windows Education on student-owned devices
href: change-home-to-edu.md
- - name: Migrate from Chromebook to Windows
- items:
- - name: Chromebook migration guide
- href: chromebook-migration-guide.md
- - name: Deploy Windows 10 devices in a school
- items:
- - name: Overview
- href: deploy-windows-10-overview.md
- - name: Deploy Windows 10 in a school
- href: deploy-windows-10-in-a-school.md
- - name: Deploy Windows 10 in a school district
- href: deploy-windows-10-in-a-school-district.md
- - name: Deployment recommendations for school IT administrators
- href: edu-deployment-recommendations.md
- - name: Set up Windows devices for education
- items:
- - name: Overview
- href: set-up-windows-10.md
- - name: Microsoft Entra join for school PCs
- href: set-up-school-pcs-azure-ad-join.md
- - name: Active Directory join for school PCs
- href: set-up-students-pcs-to-join-domain.md
- - name: Provision student PCs with apps
- href: set-up-students-pcs-with-apps.md
- - name: Reset devices with Autopilot Reset
- href: autopilot-reset.md
- name: Reference
items:
- name: Set up School PCs
@@ -90,11 +62,9 @@ items:
href: set-up-school-pcs-technical.md
- name: Provisioning package settings
href: set-up-school-pcs-provisioning-package.md
- - name: What's new in Set up School PCs
- href: set-up-school-pcs-whats-new.md
- name: Take a Test technical reference
href: take-a-test-app-technical.md
- name: Shared PC technical reference
- href: /windows/configuration/shared-pc-technical?context=/education/context/context
+ href: /windows/configuration/shared-pc/shared-pc-technical?context=/education/context/context
+
-
diff --git a/education/windows/tutorial-school-deployment/configure-device-apps.md b/education/windows/tutorial-school-deployment/configure-device-apps.md
index ef1e695396..25171ff770 100644
--- a/education/windows/tutorial-school-deployment/configure-device-apps.md
+++ b/education/windows/tutorial-school-deployment/configure-device-apps.md
@@ -1,7 +1,7 @@
---
title: Configure applications with Microsoft Intune
description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
-ms.date: 03/08/2023
+ms.date: 01/16/2024
ms.topic: tutorial
---
@@ -14,11 +14,12 @@ Applications can be assigned to groups:
- If you target apps to a **group of users**, the apps will be installed on any managed devices that the users sign into
- If you target apps to a **group of devices**, the apps will be installed on those devices and available to any user who signs in
-In this section you will:
> [!div class="checklist"]
-> * Add apps to Intune for Education
-> * Assign apps to groups
-> * Review some considerations for Windows 11 SE devices
+>In this section you will:
+>
+> - Add apps to Intune for Education
+> - Assign apps to groups
+> - Review some considerations for Windows 11 SE devices
## Add apps to Intune for Education
diff --git a/education/windows/tutorial-school-deployment/configure-device-settings.md b/education/windows/tutorial-school-deployment/configure-device-settings.md
index f9d1d2046f..5733d483e9 100644
--- a/education/windows/tutorial-school-deployment/configure-device-settings.md
+++ b/education/windows/tutorial-school-deployment/configure-device-settings.md
@@ -1,8 +1,9 @@
---
title: Configure and secure devices with Microsoft Intune
description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
-ms.date: 08/31/2022
+ms.date: 01/16/2024
ms.topic: tutorial
+ms.collection: essentials-manage
---
# Configure and secure devices with Microsoft Intune
@@ -23,12 +24,14 @@ There are two ways to manage settings in Intune for Education:
> [!NOTE]
> Express Configuration is ideal when you are getting started. Settings are pre-configured to Microsoft-recommended values, but can be changed to fit your school's needs. It is recommended to use Express Configuration to initially set up your Windows devices.
-In this section you will:
+
> [!div class="checklist"]
-> * Configure settings with Express Configuration
-> * Configure group settings
-> * Create Windows Update policies
-> * Configure security policies
+>In this section you will:
+>
+> - Configure settings with Express Configuration
+> - Configure group settings
+> - Create Windows Update policies
+> - Configure security policies
## Configure settings with Express Configuration
@@ -88,7 +91,7 @@ To create a security policy:
- Windows SmartScreen
For more information, see [Security][INT-4].
-
+
> [!NOTE]
> If you require more sophisticated security policies, you can create them in Microsoft Intune. For more information:
> - [Antivirus][MEM-2]
@@ -98,7 +101,7 @@ For more information, see [Security][INT-4].
> - [Attack surface reduction][MEM-6]
> - [Account protection][MEM-7]
-________________________________________________________
+---
## Next steps
diff --git a/education/windows/tutorial-school-deployment/configure-devices-overview.md b/education/windows/tutorial-school-deployment/configure-devices-overview.md
index 667695adba..27ad5f3a8d 100644
--- a/education/windows/tutorial-school-deployment/configure-devices-overview.md
+++ b/education/windows/tutorial-school-deployment/configure-devices-overview.md
@@ -1,8 +1,9 @@
---
title: Configure devices with Microsoft Intune
description: Learn how to configure policies and applications in preparation for device deployment.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
+ms.collection: essentials-manage
---
# Configure settings and applications with Microsoft Intune
@@ -11,11 +12,13 @@ Before distributing devices to your users, you must ensure that the devices will
Microsoft Intune uses Microsoft Entra groups to assign policies and applications to devices.
With Microsoft Intune for Education, you can conveniently create groups and assign policies and applications to them.
-In this section you will:
+
> [!div class="checklist"]
-> * Create groups
-> * Create and assign policies to groups
-> * Create and assign applications to groups
+>In this section you will:
+>
+> - Create groups
+> - Create and assign policies to groups
+> - Create and assign applications to groups
## Create groups
diff --git a/education/windows/tutorial-school-deployment/enroll-autopilot.md b/education/windows/tutorial-school-deployment/enroll-autopilot.md
index 26300b5115..23985289cf 100644
--- a/education/windows/tutorial-school-deployment/enroll-autopilot.md
+++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md
@@ -1,7 +1,7 @@
---
title: Enrollment in Intune with Windows Autopilot
description: Learn how to join Microsoft Entra ID and enroll in Intune using Windows Autopilot.
-ms.date: 03/08/2023
+ms.date: 01/16/2024
ms.topic: tutorial
---
@@ -61,8 +61,9 @@ More advanced dynamic membership rules can be created from Microsoft Intune admi
For Autopilot devices to offer a customized OOBE experience, you must create **Windows Autopilot deployment profiles** and assign them to a group containing the devices.
A deployment profile is a collection of settings that determine the behavior of the device during OOBE. Among other settings, a deployment profile specifies a **deployment mode**, which can either be:
+
1. **User-driven:** devices with this profile are associated with the user enrolling the device. User credentials are required to complete the Microsoft Entra join process during OOBE
-1. **Self-deploying:** devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to complete the Microsoft Entra join process. Rather, the device is joined automatically and, for this reason, specific hardware requirements must be met to use this mode.
+1. **Self-deploying:** devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to complete the Microsoft Entra join process. Rather, the device is joined automatically and, for this reason, specific hardware requirements must be met to use this mode
To create an Autopilot deployment profile:
@@ -142,8 +143,6 @@ With the devices joined to Microsoft Entra tenant and managed by Intune, you can
[M365-1]: https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
-[EDU-1]: /education/windows/windows-11-se-overview
-[EDU-2]: /intune-education/windows-11-se-overview#windows-autopilot
[EDU-3]: ../tutorial-deploy-apps-winse/considerations.md#enrollment-status-page
[SURF-1]: /surface/surface-autopilot-registration-support
diff --git a/education/windows/tutorial-school-deployment/enroll-aadj.md b/education/windows/tutorial-school-deployment/enroll-entra-join.md
similarity index 95%
rename from education/windows/tutorial-school-deployment/enroll-aadj.md
rename to education/windows/tutorial-school-deployment/enroll-entra-join.md
index 9cb7370124..e599fca7ac 100644
--- a/education/windows/tutorial-school-deployment/enroll-aadj.md
+++ b/education/windows/tutorial-school-deployment/enroll-entra-join.md
@@ -1,9 +1,10 @@
---
title: Enrollment in Intune with standard out-of-box experience (OOBE)
description: Learn how to join devices to Microsoft Entra ID from OOBE and automatically get them enrolled in Intune.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
---
+
# Automatic Intune enrollment via Microsoft Entra join
If you're setting up a Windows device individually, you can use the out-of-box experience to join it to your school's Microsoft Entra tenant, and automatically enroll it in Intune.
@@ -21,7 +22,8 @@ With this process, no advance preparation is needed:
:::image type="content" source="./images/win11-login-screen.png" alt-text="Windows 11 login screen" border="false":::
-________________________________________________________
+---
+
## Next steps
With the devices joined to Microsoft Entra tenant and managed by Intune, you can use Intune to maintain them and report on their status.
diff --git a/education/windows/tutorial-school-deployment/enroll-overview.md b/education/windows/tutorial-school-deployment/enroll-overview.md
index fa0b05840b..8410be0db9 100644
--- a/education/windows/tutorial-school-deployment/enroll-overview.md
+++ b/education/windows/tutorial-school-deployment/enroll-overview.md
@@ -1,7 +1,7 @@
---
title: Device enrollment overview
description: Learn about the different options to enroll Windows devices in Microsoft Intune
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: overview
---
@@ -22,9 +22,9 @@ This [table][INT-1] describes the ideal scenarios for using either option. It's
Select one of the following options to learn the next steps about the enrollment method you chose:
> [!div class="op_single_selector"]
-> - [Automatic Intune enrollment via Microsoft Entra join](enroll-aadj.md)
+> - [Automatic Intune enrollment via Microsoft Entra join](enroll-entra-join.md)
> - [Bulk enrollment with provisioning packages](enroll-package.md)
-> - [Enroll devices with Windows Autopilot ](enroll-autopilot.md)
+> - [Enroll devices with Windows Autopilot](enroll-autopilot.md)
diff --git a/education/windows/tutorial-school-deployment/enroll-package.md b/education/windows/tutorial-school-deployment/enroll-package.md
index 0223d55bd5..22f7c70443 100644
--- a/education/windows/tutorial-school-deployment/enroll-package.md
+++ b/education/windows/tutorial-school-deployment/enroll-package.md
@@ -1,7 +1,7 @@
---
title: Enrollment of Windows devices with provisioning packages
description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
---
@@ -49,7 +49,8 @@ All settings defined in the package and in Intune will be applied to the device,
:::image type="content" source="./images/win11-oobe-ppkg.gif" alt-text="Windows 11 OOBE - enrollment with provisioning package animation." border="false":::
-________________________________________________________
+---
+
## Next steps
With the devices joined to Microsoft Entra tenant and managed by Intune, you can use Intune to maintain them and report on their status.
diff --git a/education/windows/tutorial-school-deployment/index.md b/education/windows/tutorial-school-deployment/index.md
index a5a1998f71..c72273b7aa 100644
--- a/education/windows/tutorial-school-deployment/index.md
+++ b/education/windows/tutorial-school-deployment/index.md
@@ -1,8 +1,9 @@
---
title: Introduction to the tutorial deploy and manage Windows devices in a school
description: Introduction to deployment and management of Windows devices in education environments.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
+ms.collection: essentials-get-started
---
# Tutorial: deploy and manage Windows devices in a school
@@ -60,13 +61,14 @@ In the remainder of this document, we'll discuss the key concepts and benefits o
- **Device enrollment:** Setting up Windows devices for deployment and enrolling them in Intune for Education
- **Device reset:** Resetting managed devices with Intune for Education
-________________________________________________________
+---
+
## Next steps
Let's begin with the creation and configuration of your Microsoft Entra tenant and Intune environment.
> [!div class="nextstepaction"]
-> [Next: Set up Microsoft Entra ID >](set-up-azure-ad.md)
+> [Next: Set up Microsoft Entra ID >](set-up-microsoft-entra-id.md)
diff --git a/education/windows/tutorial-school-deployment/manage-overview.md b/education/windows/tutorial-school-deployment/manage-overview.md
index ff0997fad9..0a51b174b9 100644
--- a/education/windows/tutorial-school-deployment/manage-overview.md
+++ b/education/windows/tutorial-school-deployment/manage-overview.md
@@ -1,7 +1,7 @@
---
title: Manage devices with Microsoft Intune
description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
---
diff --git a/education/windows/tutorial-school-deployment/manage-surface-devices.md b/education/windows/tutorial-school-deployment/manage-surface-devices.md
index 94efd0d46b..028dc739c7 100644
--- a/education/windows/tutorial-school-deployment/manage-surface-devices.md
+++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md
@@ -1,7 +1,7 @@
---
title: Management functionalities for Surface devices
description: Learn about the management capabilities offered to Surface devices, including firmware management and the Surface Management Portal.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
appliesto:
- ✅ Surface devices
@@ -9,7 +9,7 @@ appliesto:
# Management functionalities for Surface devices
-Microsoft Surface devices offer many advanced management functionalities, including the possibility to manage firmware settings and a web portal designed for them.
+Microsoft Surface devices offer advanced management functionalities, including the possibility to manage firmware settings and a web portal designed for them.
## Manage device firmware for Surface devices
@@ -27,20 +27,18 @@ When Surface devices are enrolled in cloud management and users sign in for the
To access and use the Surface Management Portal:
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **All services** > **Surface Management Portal**
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
+1. Select **All services** > **Surface Management Portal**
:::image type="content" source="./images/surface-management-portal.png" alt-text="Surface Management Portal within Microsoft Intune" lightbox="./images/surface-management-portal-expanded.png" border="true":::
-3. To obtain insights for all your Surface devices, select **Monitor**
+1. To obtain insights for all your Surface devices, select **Monitor**
- Devices that are out of compliance or not registered, have critically low storage, require updates, or are currently inactive, are listed here
-4. To obtain details on each insights category, select **View report**
+1. To obtain details on each insights category, select **View report**
- This dashboard displays diagnostic information that you can customize and export
-5. To obtain the device's warranty information, select **Device warranty and coverage**
-6. To review a list of support requests and their status, select **Support requests**
+1. To obtain the device's warranty information, select **Device warranty and coverage**
+1. To review a list of support requests and their status, select **Support requests**
[INT-1]: /intune/configuration/device-firmware-configuration-interface-windows
-
[MEM-1]: /mem/autopilot/dfci-management
-
[SURF-1]: /surface/surface-manage-dfci-guide
diff --git a/education/windows/tutorial-school-deployment/reset-wipe.md b/education/windows/tutorial-school-deployment/reset-wipe.md
index 1d0edf123a..9646537bac 100644
--- a/education/windows/tutorial-school-deployment/reset-wipe.md
+++ b/education/windows/tutorial-school-deployment/reset-wipe.md
@@ -1,7 +1,7 @@
---
title: Reset and wipe Windows devices
description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
---
@@ -104,6 +104,7 @@ Repairing Autopilot-enrolled devices can be complex, as OEM requirements must be
For more information, see [Autopilot motherboard replacement scenario guidance][MEM-4].
+
[MEM-1]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
[MEM-2]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
[MEM-3]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-azure-active-directory-portal
diff --git a/education/windows/tutorial-school-deployment/set-up-azure-ad.md b/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id.md
similarity index 96%
rename from education/windows/tutorial-school-deployment/set-up-azure-ad.md
rename to education/windows/tutorial-school-deployment/set-up-microsoft-entra-id.md
index cbfcfae2b5..845d66a892 100644
--- a/education/windows/tutorial-school-deployment/set-up-azure-ad.md
+++ b/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id.md
@@ -1,7 +1,7 @@
---
title: Set up Microsoft Entra ID
description: Learn how to create and prepare your Microsoft Entra tenant for an education environment.
-ms.date: 08/31/2022
+ms.date: 01/16/2024
ms.topic: tutorial
appliesto:
---
@@ -12,12 +12,13 @@ The Microsoft platform for education simplifies the management of Windows device
Microsoft Entra ID, which is included with the Microsoft 365 Education subscription, provides authentication and authorization to any Microsoft cloud services. Identity objects are defined in Microsoft Entra ID for human identities, like students and teachers, as well as non-human identities, like devices, services, and applications. Once users get Microsoft 365 licenses assigned, they'll be able to consume services and access resources within the tenant. With Microsoft 365 Education, you can manage identities for your teachers and students, assign licenses to devices and users, and create groups for the classrooms.
-In this section you will:
> [!div class="checklist"]
-> * Set up a Microsoft 365 Education tenant
-> * Add users, create groups, and assign licenses
-> * Configure school branding
-> * Enable bulk enrollment
+>In this section you will:
+>
+> - Set up a Microsoft 365 Education tenant
+> - Add users, create groups, and assign licenses
+> - Configure school branding
+> - Enable bulk enrollment
## Create a Microsoft 365 tenant
@@ -45,7 +46,7 @@ For more information, see [Overview of the Microsoft 365 admin center][M365-2].
With the Microsoft 365 tenant in place, it's time to add users, create groups, and assign licenses. All students and teachers need a user account before they can sign in and access the different Microsoft 365 services. There are multiple ways to do this, including using School Data Sync (SDS), synchronizing an on-premises Active Directory, manually, or a combination of the above.
> [!NOTE]
-> Synchronizing your Student Information System (SIS) with School Data Sync is the preferred way to create students and teachers as users in a Microsoft 365 Education tenant. However, if you want to integrate an on-premises directory and synchronize accounts to the cloud, skip to [Azure Active Directory Sync](#azure-active-directory-sync) below.
+> Synchronizing your Student Information System (SIS) with School Data Sync is the preferred way to create students and teachers as users in a Microsoft 365 Education tenant. However, if you want to integrate an on-premises directory and synchronize accounts to the cloud, skip to [Microsoft Entra Connect Sync](#microsoft-entra-connect-sync) below.
### School Data Sync
@@ -61,7 +62,7 @@ For more information, see [Overview of School Data Sync][SDS-1].
>
> Remember that you should typically deploy test SDS data (users, groups, and so on) in a separate test tenant, not your school production environment.
-### Azure Active Directory Sync
+### Microsoft Entra Connect Sync
To integrate an on-premises directory with Microsoft Entra ID, you can use **Microsoft Entra Connect** to synchronize users, groups, and other objects. Microsoft Entra Connect lets you configure the authentication method appropriate for your school, including:
@@ -86,6 +87,7 @@ There are two options for adding users manually, either individually or in bulk:
- Select **Microsoft Entra ID** > **Users** > **All users** > **Bulk operations** > **Bulk create**
For more information, see [Add multiple users in the Microsoft 365 admin center][M365-4].
+
### Create groups
Creating groups is important to simplify multiple tasks, like assigning licenses, delegating administration, deploy settings, applications or to distribute assignments to students. To create groups:
@@ -143,7 +145,7 @@ To allow provisioning packages to complete the Microsoft Entra join process:
1. Select Save
:::image type="content" source="images/entra-device-settings.png" alt-text="Configure device settings from Microsoft Entra admin center." lightbox="images/entra-device-settings.png":::
-________________________________________________________
+---
## Next steps
diff --git a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
index f55a5262c3..1ee9608b0c 100644
--- a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
+++ b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
@@ -1,7 +1,7 @@
---
title: Set up device management
description: Learn how to configure the Intune service and set up the environment for education.
-ms.date: 08/31/2022
+ms.date: 01/16/2024
ms.topic: tutorial
appliesto:
---
@@ -18,10 +18,11 @@ The Microsoft Intune service can be managed in different ways, and one of them i
For more information, see [Intune for Education documentation][INT-1].
-In this section you will:
> [!div class="checklist"]
-> * Review Intune's licensing prerequisites
-> * Configure the Intune service for education devices
+>In this section you will:
+>
+> - Review Intune's licensing prerequisites
+> - Configure the Intune service for education devices
## Prerequisites
@@ -74,7 +75,7 @@ To disable Windows Hello for Business at the tenant level:
For more information how to enable Windows Hello for Business on specific devices, see [Create a Windows Hello for Business policy][MEM-4].
-________________________________________________________
+---
## Next steps
diff --git a/education/windows/tutorial-school-deployment/toc.yml b/education/windows/tutorial-school-deployment/toc.yml
index a332eb8656..8abc013f68 100644
--- a/education/windows/tutorial-school-deployment/toc.yml
+++ b/education/windows/tutorial-school-deployment/toc.yml
@@ -4,7 +4,7 @@ items:
- name: 1. Prepare your tenant
items:
- name: Set up Microsoft Entra ID
- href: set-up-azure-ad.md
+ href: set-up-microsoft-entra-id.md
- name: Set up Microsoft Intune
href: set-up-microsoft-intune.md
- name: 2. Configure settings and applications
@@ -20,7 +20,7 @@ items:
- name: Overview
href: enroll-overview.md
- name: Enroll devices via Microsoft Entra join
- href: enroll-aadj.md
+ href: enroll-entra-join.md
- name: Enroll devices with provisioning packages
href: enroll-package.md
- name: Enroll devices with Windows Autopilot
diff --git a/education/windows/tutorial-school-deployment/troubleshoot-overview.md b/education/windows/tutorial-school-deployment/troubleshoot-overview.md
index 5e27915802..0d59f1af56 100644
--- a/education/windows/tutorial-school-deployment/troubleshoot-overview.md
+++ b/education/windows/tutorial-school-deployment/troubleshoot-overview.md
@@ -1,7 +1,7 @@
---
title: Troubleshoot Windows devices
description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other services.
-ms.date: 08/31/2022
+ms.date: 11/09/2023
ms.topic: tutorial
---
@@ -25,10 +25,9 @@ Here's a collection of resources to help you troubleshoot Windows devices manage
Microsoft provides global technical, pre-sales, billing, and subscription support for cloud-based device management services. This support includes Microsoft Intune, Configuration Manager, Windows 365, and Microsoft Managed Desktop.
-Follow these steps to obtain support in Microsoft Intune provides many tools that can help you troubleshoot Windows devices.
-:
+Follow these steps to obtain support in Microsoft Intune provides many tools that can help you troubleshoot Windows devices:
-- Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+- Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
- Select **Troubleshooting + support** > **Help and support**
:::image type="content" source="images/advanced-support.png" alt-text="Screenshot that shows how to obtain support from Microsoft Intune." lightbox="images/advanced-support.png":::
- Select the required support scenario: Configuration Manager, Intune, Co-management, or Windows 365
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index f9a55de678..d6b1fa3e62 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -2,88 +2,90 @@
title: Use Set up School PCs app
description: Learn how to use the Set up School PCs app and apply the provisioning package.
ms.topic: how-to
-ms.date: 08/10/2022
+ms.date: 11/09/2023
appliesto:
- ✅ Windows 10
---
+
# Use the Set up School PCs app
-IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings the app configures through the MDM.
+IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows devices for students. The app configures devices with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student device in Microsoft Intune. You can then manage all the settings the app configures through Intune.
-Set up School PCs also:
-* Joins each student PC to your organization's Office 365 and Microsoft Entra tenant.
-* Enables the optional Autopilot Reset feature, to return devices to a fully configured or known IT-approved state.
-* Utilizes Windows Update and maintenance hours to keep student PCs up-to-date, without interfering with class time.
-* Locks down the student PC to prevent activity that isn't beneficial to their education.
+With Set up School PCs you can:
-This article describes how to fill out your school's information in the Set up School PCs app. To learn more about the app's functionality, start with the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).
+- Joins student devices to your organization's Microsoft Entra tenant
+- Enable the optional Autopilot Reset feature, to return devices to a fully configured or known IT-approved state
+- Use Windows Update and maintenance hours to keep student devices up-to-date, without interfering with class time
+- Lock down student devices to prevent activity that aren't beneficial to their education
-## Requirements
-Before you begin, make sure that you, your computer, and your school's network are configured with the following requirements.
+This article describes how to use the Set up School PCs app. To learn more about the app's functionality, review the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).
-* Office 365 and Microsoft Entra ID
-* [Latest Set up School PCs app](https://www.microsoft.com/store/apps/9nblggh4ls40)
-* A NTFS-formatted USB drive that is at least 1 GB, if not installing Office; and at least 8 GB, if installing Office
-* Student PCs must either:
- * Be within range of the Wi-Fi network that you configured in the app.
- * Have a wired Ethernet connection when you set them up.
+## Requirements
-### Configure USB drive for additional space
-USB drives are, by default, FAT32-formatted, and are unable to save more than 4 GB of data. If you plan to install several apps, or large apps like Microsoft Office, you'll need more space. To create more space on the USB drive, reformat it to NTFS.
-1. Insert the USB drive into your computer.
-2. Go to the **Start** > **This PC**.
-3. In the **Devices and drives** section, find your USB drive. Right-click to see its options.
-4. Select **Format** from the list to bring up the **Format drive name** window.
-5. Set **File system** to **NTFS**.
-6. Click **Start** to format the drive.
+Before you begin, make sure that your devices and your school's network are configured with the following requirements:
-### Prepare existing PC account for new setup
-Apply new packages to factory reset or new PCs. If you apply it to a PC that's already set up, you may lose the accounts and data.
+- Microsoft Entra ID and Microsoft 365 licenses
+- [Latest Set up School PCs app](https://apps.microsoft.com/detail/9NBLGGH4LS40)
+- A NTFS-formatted USB drive that is at least 1 GB
+- Student devices must either:
+ - Be within range of the Wi-Fi network that you configured in the app
+ - Have a wired Ethernet connection when you set them up
-If a PC has already been set up, and you want to apply a new package, reset the PC to a clean state.
+### Prepare existing PC account for new setup
-To begin, go to the **Settings** app on the appropriate PC.
-1. Click **Update & Security** > **Recovery**.
-2. In the **Reset this PC** section, click **Get started**.
-3. Click **Remove everything**.
+Apply new packages to factory reset or new devices. If you apply it to a device that's already set up, you may lose the accounts and data.
-You can also go to **Start** > **Power** icon. Hold down the Shift key and click **Restart** to load the Windows boot user experience. From there, follow these steps:
-1. Click **Troubleshoot** and then choose **Reset this PC**.
-2. Select **Remove everything**.
-3. If the option appears, select **Only the drive where Windows is installed**.
-4. Click **Just remove my files**.
-5. Click **Reset**.
+If a device is already set up, and you want to apply a new package, reset the device to a clean state. To reset a device, follow these steps:
-## Recommendations
-This section offers recommendations to prepare you for the best possible setup experience.
-### Run the same Windows 10 build on the admin device and the student PCs
-We recommend you run the IT administrator or technical teacher's device on the same Windows 10 build as the student PCs.
+1. Open the **Settings** app on target device
+1. Select **Update & Security** > **Recovery**
+1. In the **Reset this PC** section, select **Get started**
+1. Select **Remove everything**
-### Student PCs should meet OS requirements for the app
-Check the OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows 10 images on the student PCs.
+Alternatively, you can also select **Start** > **Power** icon. Hold down Shift while selecting **Restart** to load the Windows boot user experience:
-To check the app's OS requirements, go to the Microsoft Store and locate the Set up School PCs app. In the app's description, go to **System Requirements > OS**.
+1. Select **Troubleshoot** > **Reset this PC**
+1. Select **Remove everything**
+1. If the option appears, select **Only the drive where Windows is installed**
+1. Select **Just remove my files**
+1. Select **Reset**
+
+## Recommendations
+
+This section offers recommendations to prepare you for the best possible setup experience.
+
+### Run the same Windows build on the admin device and the student devices
+
+We recommend you run the IT administrator or technical teacher's device on the same Windows build as the student devices.
+
+### Student devices must meet OS requirements for the app
+
+Check the OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows images on the student devices.
+
+To check the app's OS requirements, go to the Microsoft Store and locate the Set up School PCs app. In the app's description, go to **System Requirements** > **OS**.
### Use app on a PC that is connected to your school's network
-We recommend that you run the Set up School PCs app on a computer that's connected to your school's network. That way the app can gather accurate information about your school's wireless networks and cloud subscriptions. If it's not connected, you'll need to enter the information manually.
- > [!NOTE]
- > Don't use the **Set up Schools PCs** app for PCs that must connect to:
- >* Enterprise networks that require the user to accept Terms of Use.
- >* Open Wi-Fi networks that require the user to accept Terms of Use.
+We recommend that you run the Set up School PCs app on a computer that's connected to your school's network. That way the app can gather accurate information about your school's wireless networks and cloud subscriptions. If it's not connected, you need to enter the information manually.
+
+>[!NOTE]
+>Don't use the **Set up Schools PCs** app for devices that must connect to enterprise or open Wi-Fi networds that require the user to accept Terms of Use.
### Run app on an open network or network that requires a basic password
-Don't use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. If you need to set up many devices over Wi-Fi, make sure that your network configuration can support it.
-We recommend that you:
-* Configure your DHCP so at least 200 IP addresses are available for your devices. Having available IP addresses will allow you to set up many devices simultaneously.
-* Configure your IP addresses to expire after a short time--about 30 minutes. IP addresses will free up quickly so you can continue to set up devices without network issues.
+Don't use Set up School PCs over a certificate-based network, or one where you have to enter credentials in a browser. If you need to set up many devices over Wi-Fi, make sure that your network configuration can support it.
-> > [!WARNING]
-> > Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.
+We recommend that you:
-### Use an additional USB drive
-To set up more than one PC at the same time, save the provisioning package to additional USB drives. Then plug the USBs in at the same time during setup.
+- Configure your DHCP so at least 200 IP addresses are available for your devices. Having available IP addresses allow you to set up many devices simultaneously
+- Configure your IP addresses to expire after a short time, for example 30 minutes. IP addresses free up quickly so you can continue to set up devices without network issues.
+
+>[!WARNING]
+>Only use the provisioning package on devices that you want to configure and lock down for students. After you apply the provisioning package to a student device, the PC must be reset to remove the settings.
+
+### Use an additional USB drive
+
+To set up more than one PC at the same time, save the provisioning package to additional USB drives. Then plug the USBs in at the same time during setup.
### Limit changes to school-optimized settings
@@ -91,191 +93,172 @@ We strongly recommend that you avoid changing preset policies. Changes can slow
## Create the provisioning package
-The **Set up School PCs** app guides you through the configuration choices for the student PCs. To begin, open the app on your PC and click **Get started**.
-
- 
+The **Set up School PCs** app guides you through the configuration choices for the student PCs. To begin, open the app on your device and select **Get started**.
+
+
+
+### Package name
-### Package name
Type a unique name to help distinguish your school's provisioning packages. The name appears:
-* On the local package folder
-* In your tenant's Microsoft Entra account in the Azure portal
+- On the local package folder
+- In your tenant's Microsoft Entra account in the Azure portal
-A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 4-16-2019)*. The expiration date is 180 days after you create your package.
+A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 1-1-2024)*. The expiration date is 180 days after you create your package.
-After you click **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.
-
-To change an existing package's name, right-click the package folder on your device and select **Rename**. This action does not change the name in Microsoft Entra ID. If you have Global Admin permissions, you can go to Microsoft Entra ID in the Azure portal, and rename the package there.
+After you select **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.
+To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. If you have Global Admin permissions, you can go to Microsoft Entra ID in the Azure portal, and rename the package there.
### Sign in
-1. Select how you want to sign in.
- a. (Recommended) To enable student PCs to automatically be connect to Office 365, Microsoft Entra ID, and management services like Intune for Education, click **Sign-in**. Then go to step 3.
- b. To complete setup without signing in, click **Continue without account**. Student PCs won't be connected to your school's cloud services and managing them will be more difficult later. Continue to [Wireless network](#wireless-network).
-2. In the new window, select the account you want to use throughout setup.
+1. Select how you want to sign in
+ 1. (Recommended) To enable student device to automatically connect and authenticate to Microsoft Entra ID, and management services like Microsoft Intune, select **Sign-in**. Then go to step 3
+ 1. To complete setup without signing in, select **Continue without account**. Student devices won't connect to your school's cloud services and their management will be more difficult later. Continue to [Wireless network](#wireless-network)
+1. In the new window, select the account you want to use throughout setup.
To add an account not listed:
- a. Click **Work or school account** > **Continue**.
- b. Type in the account username and click **Next**.
- c. Verify the user account and password, if prompted.
+ 1. Select **Work or school account** > **Continue**.
+ 1. Type in the account username and select **Next**.
+ 1. Verify the user account and password, if prompted.
-
-3. Click **Accept** to allow Set up School PCs to access your account throughout setup.
-2. When your account name appears on the page, as shown in the image below, click **Next.**
+1. Select **Accept** to allow Set up School PCs to access your account throughout setup
+1. When your account name appears on the page, select **Next**
### Wireless network
-Add and save the wireless network profile that you want student PCs to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.
-Select your school's Wi-Fi network from the list of available wireless networks, or click **Add a wireless network** to manually configure it. Then click **Next.**
+Add and save the wireless network profile that you want student devices to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.
+
+Select your organization's Wi-Fi network from the list of available wireless networks, or select **Add a wireless network** to manually configure it. Then select **Next**
### Device names
-Create a short name to add as a prefix to each PC. This name will help you recognize and manage this specific group of devices in your mobile device manager. The name must be five (5) characters or less.
-To make sure all device names are unique, Set up School PCs automatically appends `_%SERIAL%` to the name. For example, if you add *Math4* as the prefix, the device names will appear as *Math4* followed by a random string of letters and numbers.
+Create a name to add as a prefix to each device. This name helps you recognize and manage this group of devices in Intune.
-To keep the default name for your devices, click **Continue with existing names**.
+To make sure all device names are unique, Set up School PCs automatically appends `_%SERIAL%` to the name. For example, if you add *MATH4* as the prefix, the device names appear as *MATH4* followed by the device serial number.
+
+To keep the default name for your devices, select **Continue with existing names**.
-
-
### Settings
-Select additional settings to include in the provisioning package. To begin, select the operating system on your student PCs.
+
+Select more settings to include in the provisioning package. To begin, select the operating system on your student PCs.
-Setting selections vary based on the OS version you select. The example screenshot below shows the settings that become available when you select **Windows 10 version 1703**. The option to **Enable Autopilot Reset** is not available for this version of Windows 10.
-
+Setting selections vary based on the OS version you select.
+The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
-> [!NOTE]
-> The [**Time zone** setting](use-set-up-school-pcs-app.md#time-zone), shown in the sidebar of the screenshot above, is not made available to versions of Windows 10 in S mode. If you select a version in S mode, **Time zone** will become disabled.
+| Setting | What happens if I select it? | Note |
+|--|--|--|
+| Remove apps preinstalled by the device manufacturer | Uninstalls apps that came loaded on the computer by the device's manufacturer. | Adds about 30 minutes to the provisioning process. |
+| Allow local storage (not recommended for shared devices) | Lets students save files to the Desktop and Documents folder on the Student PC. | Not recommended if the device are shared between different students. |
+| Optimize device for a single student, instead of a shared cart or lab | Optimizes the device for use by a single student, rather than many students. | Recommended if the device are shared between different students. Single-optimized accounts are set to expire, and require a sign-in, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
+| Let guests sign in to these PCs | Allows guests to use student PCs without a school account. | Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to. |
+| Enable Autopilot Reset | Lets you remotely reset a student's PC from the lock screen, apply the device's original settings, and enroll it in device management (Microsoft Entra ID and MDM). | WinRE must be enabled on the device. |
+| Lock screen background | Change the default screen lock background to a custom image. | Select **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png. |
-The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column.
-
-|Setting |1703|1709|1803|1809|What happens if I select it? |Note|
-|---------|---------|---------|---------|---------|---------|---------|
-|Remove apps pre-installed by the device manufacturer |X|X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
-|Allow local storage (not recommended for shared devices) |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be shared between different students.|
-|Optimize device for a single student, instead of a shared cart or lab |X|X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended if the device will be shared between different students. Single-optimized accounts are set to expire, and require a sign-in, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
-|Let guests sign in to these PCs |X|X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
-|Enable Autopilot Reset |Not available|X|X|X|Lets you remotely reset a student's PC from the lock screen, apply the device's original settings, and enroll it in device management (Microsoft Entra ID and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
-|Lock screen background|X|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|
-
-After you've made your selections, click **Next**.
+After you've made your selections, select **Next**.
### Time zone
> [!WARNING]
> If you are using the Autounattend.xml file to reimage your school PCs, do not specify a time zone in the file. If you set the time zone in the file *and* in this app, you will encounter an error.
-Choose the time zone where your school's PCs are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, click **Next**.
+Choose the time zone where your school's devices are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, select **Next**.
-### Product key
-Optionally, type in a 25-digit product key to:
-* Upgrade your current edition of Windows. For example, if you want to upgrade from Windows 10 Education to Windows 10 Education Pro, enter the product key for the Pro edition.
-* Change the product key. If you want to associate student devices with a new or different Windows 10 product key, enter it now.
+### Product key
+
+Optionally, type in a 25-digit product key to upgrade or change the edition of Windows on your student devices. If you don't have a product key, select **Continue without change**.
-### Take a Test
-Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device.
+### Take a Test
-1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs.
+Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student devices so that students can't access anything else on the device.
- 
+1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' devices
-2. Select from the advanced settings. Available settings include:
- * Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the PC's keyboard.
- * Allow teachers to monitor online tests: Enables screen capture in the Take a Test app.
-3. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to click or enter the link to view the assessment.
-4. Click **Next**.
+ 
-### Add apps
-Choose from Microsoft recommended apps and your school's own Microsoft Store inventory. The apps you select here are added to the provisioning package and installed on student PCs. After they're assigned, apps are pinned to the device's Start menu.
+1. Select from the advanced settings. Available settings include:
+ - Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the device's keyboard
+ - Allow teachers to monitor online tests: Enables screen capture in the Take a Test app
+1. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to select or enter the link to view the assessment
+1. Select **Next**
-If there aren't any apps in your Microsoft Store inventory, or you don't have the permissions to add apps, you'll need to contact your school admin for help. If you receive a message that you can't add the selected apps, click **Continue without apps**. Contact your school admin to get these apps later.
+### Personalization
-After you've made your selections, click **Next**.
+Upload custom images to replace the student devices' default desktop and lock screen backgrounds. Select **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.
+If you don't want to upload custom images or use the images that appear in the app, select **Continue without personalization**. This option doesn't apply any customizations, and instead uses the devices' default or preset images.
- 
+
-The following table lists the recommended apps you'll see.
+### Summary
-|App |Note |
-|---------|---------|
-|Office 365 for Windows 10 in S mode (Education Preview) | Setup is only successful on student PCs that run Windows 10 in S mode. The PC you running the Set up School PCs app is not required to have Windows 10 in S mode. |
-|Microsoft Whiteboard | None|
-|Minecraft: Education Edition | Free trial|
+Review all of the settings for accuracy and completeness
+1. To make changes now, select any page along the left side of the window
+2. When finished, select **Accept**
+
-### Personalization
-Upload custom images to replace the student devices' default desktop and lock screen backgrounds. Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.
-
-If you don't want to upload custom images or use the images that appear in the app, click **Continue without personalization**. This option does not apply any customizations, and instead uses the devices' default or preset images.
-
- 
-
-
-### Summary
-Review all of the settings for accuracy and completeness. Check carefully. To make changes to a saved package, you have to start over.
-1. To make changes now, click any page along the left side of the window.
-2. When finished, click **Accept**.
-
- 
+> [!NOTE]
+> To make changes to a saved package, you have to start over.
### Insert USB
-1. Insert a USB drive. The **Save** button will light up when your computer detects the USB.
-2. Choose your USB drive from the list and click **Save**.
- 
+1. Insert a USB drive. The **Save** button lights up when your computer detects the USB
+1. Choose your USB drive from the list and select **Save**
-3. When the package is ready, you'll see the filename and package expiration date. You can also click **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and click **Next**.
+ 
- 
+1. When the package is ready, you see the filename and package expiration date. You can also select **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and select **Next**
-## Run package - Get PCs ready
-Complete each step on the **Get PCs ready** page to prepare student PCs for set-up. Then click **Next**.
-
- 
+
+
+## Run package - Get PCs ready
+
+Complete each step on the **Get PCs ready** page to prepare student devices for set-up. Then select **Next**.
+
+
## Run package - Install package on PC
-The provisioning package on your USB drive is named SetupSchoolPCs_<*devicename*>(Expires <*expiration date*>.ppkg. A provisioning package applies settings to Windows 10 without reimaging the device.
+The provisioning package on your USB drive is named SetupSchoolPCs_<*devicename*>(Expires <*expiration date*>.ppkg. A provisioning package applies settings to Windows without reimaging the device.
-When used in context of the Set up School PCs app, the word *package* refers to your provisioning package. The word *provisioning* refers to the act of installing the package on the student PC. This section describes how to apply the settings to a PC in your school.
+When used in context of the Set up School PCs app, the word *package* refers to your provisioning package. The word *provisioning* refers to the act of installing the package on the student device. This section describes how to apply the settings to a device in your school.
> [!IMPORTANT]
-> The PC must have a new or reset Windows 10 image and must not already have been through first-run setup (also referred to as OOBE). For instructions about how to reset a computer's image, see [Prepare existing PC account for new setup](use-set-up-school-pcs-app.md#prepare-existing-pc-account-for-new-setup).
+> The devices must have a new or reset Windows image and must not already have been through first-run setup experience (which is referred to as *OOBE*). For instructions about how to reset a devices's image, see [Prepare existing PC account for new setup](use-set-up-school-pcs-app.md#prepare-existing-pc-account-for-new-setup).
-1. Start with the student PC turned off or with the PC on the first-run setup screen. In Windows 10 version 1803, the first-run setup screen reads, **Let's start with region. Is this right?**
+1. Start with the student device turned off or with the device on the first-run setup screen. If the device is past the account setup screen, reset the device to start over. To reset the it, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**
- If the PC has gone past the account setup screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
-
- 
+ 
-2. Insert the USB drive. Windows automatically recognizes and installs the package.
-
- 
-3. When you receive the message that it's okay to remove the USB drive, remove it from the PC. If there are more PCs to set up, insert the USB drive into the next PC.
+1. Insert the USB drive. Windows automatically recognizes and installs the package
+
+ 
+
+1. When you receive the message that it's okay to remove the USB drive, remove it from the device. If there are more devices to set up, insert the USB drive into the next one
-4. If you didn't set up the package with Microsoft Entra join, continue the Windows device setup experience. If you did configure the package with Microsoft Entra join, the computer is ready for use and no further configurations are required.
+1. If you didn't set up the package with Microsoft Entra join, continue the Windows device setup experience. If you did configure the package with Microsoft Entra join, the device is ready for use and no further configurations are required
- If successful, you'll see a setup complete message. The PCs start up on the lock screen, with your school's custom background. Upon first use, students and teachers can connect to your school's network and resources.
+If successful, you'll see a setup complete message. The PCs start up on the lock screen, with your school's custom background. Upon first use, students and teachers can connect to your school's network and resources.
diff --git a/education/windows/windows-11-se-faq.yml b/education/windows/windows-11-se-faq.yml
index 52fa4c5d69..4a9b022c07 100644
--- a/education/windows/windows-11-se-faq.yml
+++ b/education/windows/windows-11-se-faq.yml
@@ -3,7 +3,7 @@ metadata:
title: Windows 11 SE Frequently Asked Questions (FAQ)
description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE.
ms.topic: faq
- ms.date: 03/09/2023
+ ms.date: 01/16/2024
appliesto:
- ✅ Windows 11 SE
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 85683ac20e..eec8f909f1 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -2,18 +2,17 @@
title: Windows 11 SE Overview
description: Learn about Windows 11 SE, and the apps that are included with the operating system.
ms.topic: overview
-ms.date: 08/03/2023
+ms.date: 01/09/2024
appliesto:
- ✅ Windows 11 SE
ms.collection:
- - highpri
- education
- tier1
---
# Windows 11 SE Overview
-Windows 11 SE is an edition of Windows that's designed for education. Windows SE runs on web-first devices that use essential education apps, and it comes with Microsoft Office 365 preinstalled (subscription sold separately).
+Windows 11 SE is an edition of Windows designed for education. Windows SE runs on web-first devices that use essential education apps, and it comes with Microsoft Office 365 preinstalled (subscription sold separately).
For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
@@ -35,8 +34,8 @@ The following table lists the different application types available in Windows o
| --- | --- | :---: | ---|
|Progressive Web Apps (PWAs) | PWAs are web-based applications that can run in a browser and that can be installed as standalone apps. |✅|PWAs are enabled by default in Windows 11 SE.|
| Web apps | Web apps are web-based applications that run in a browser. | ✅ | Web apps are enabled by default in Windows 11 SE. |
-|`Win32`| `Win32` applications are Windows classic applications that may require installation |⛔| If users try to install or execute `Win32` applications that haven't been allowed to run, they fail.|
-|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they fail.|
+|`Win32`| `Win32` applications are Windows classic applications that might require installation |⛔| If users try to install or execute `Win32` applications that aren't allowed to run, they fail.|
+|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and might require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they fail.|
> [!IMPORTANT]
> If there are specific `Win32` or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications).
@@ -48,33 +47,33 @@ The following table lists all the applications included in Windows 11 SE and the
| App name | App type | Pinned to Start? | Pinned to taskbar? |
|:-----------------------------|:--------:|:----------------:|:------------------:|
| Alarm & Clock | UWP | | |
-| Calculator | UWP | ✅ | |
-| Camera | UWP | ✅ | |
-| Microsoft Edge | `Win32` | ✅ | ✅ |
-| Excel | `Win32` | ✅ | |
+| Calculator | UWP | ✅ | |
+| Camera | UWP | ✅ | |
+| Microsoft Edge | `Win32` | ✅ | ✅ |
+| Excel | `Win32` | ✅ | |
| Feedback Hub | UWP | | |
-| File Explorer | `Win32` | | ✅ |
+| File Explorer | `Win32` | | ✅ |
| FlipGrid | PWA | | |
| Get Help | UWP | | |
-| Media Player | UWP | ✅ | |
+| Media Player | UWP | ✅ | |
| Maps | UWP | | |
| Minecraft: Education Edition | UWP | | |
| Movies & TV | UWP | | |
| News | UWP | | |
-| Notepad | `Win32` | | |
-| OneDrive | `Win32` | | |
-| OneNote | `Win32` | ✅ | |
-| Outlook | PWA | ✅ | |
-| Paint | `Win32` | ✅ | |
+| Notepad | `Win32` | | |
+| OneDrive | `Win32` | | |
+| OneNote | `Win32` | ✅ | |
+| Outlook | PWA | ✅ | |
+| Paint | `Win32` | ✅ | |
| Photos | UWP | | |
-| PowerPoint | `Win32` | ✅ | |
-| Settings | UWP | ✅ | |
+| PowerPoint | `Win32` | ✅ | |
+| Settings | UWP | ✅ | |
| Snip & Sketch | UWP | | |
| Sticky Notes | UWP | | |
-| Teams | `Win32` | ✅ | |
+| Teams | `Win32` | ✅ | |
| To Do | UWP | | |
-| Whiteboard | UWP | ✅ | |
-| Word | `Win32` | ✅ | |
+| Whiteboard | UWP | ✅ | |
+| Word | `Win32` | ✅ | |
## Available applications
@@ -89,6 +88,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `AristotleK12 Borderless Classroom ` | 3.0.11. | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Analytics ` | 10.0.6 | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Network filter` | 3.1.10 | `Win32` | `Sergeant Laboratories` |
+| `Bluebook` | 0.9.203 | `Win32` | `Collegeboard` |
| `Brave Browser` | 106.0.5249.119 | `Win32` | `Brave` |
| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` |
| `CA Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
@@ -102,8 +102,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` |
| `DigiExam` | 14.1.0 | `Win32` | `Digiexam` |
| `Digital Secure testing browser` | 15.0.0 | `Win32` | `Digiexam` |
+| `Dolphin Guide Connect` | 1.25 | `Win32` | `Dolphin Guide Connect` |
| `Dragon Professional Individual` | 15.00.100 | `Win32` | `Nuance Communications` |
-| `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` |
+| `DRC INSIGHT Online Assessments` | 14.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | `Win32` | `Cisco` |
| `Dyknow` | 7.9.13.7 | `Win32` | `Dyknow` |
| `e-Speaking Voice and Speech recognition` | 4.4.0.11 | `Win32` | `e-speaking` |
@@ -126,9 +127,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Impero Backdrop Client` | 5.0.151 | `Win32` | `Impero Software` |
| `IMT Lazarus` | 2.86.0 | `Win32` | `IMTLazarus` |
| `Inspiration 10` | 10.11 | `Win32` | `TechEdology Ltd` |
-| `JAWS for Windows` | 2022.2112.24 | `Win32` | `Freedom Scientific` |
+| `JAWS for Windows` | 2023.2307.37 | `Win32` | `Freedom Scientific` |
| `Kite Student Portal` | 9.0.0.0 | `Win32` | `Dynamic Learning Maps` |
-| `Keyman` | 16.0.141 | `Win32` | `SIL International` |
+| `Keyman` | 16.0.142 | `Win32` | `SIL International` |
| `Kortext` | 2.3.433.0 | `Store` | `Kortext` |
| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | `Win32` | `Kurzweil Educational Systems` |
| `LanSchool Classic` | 9.1.0.46 | `Win32` | `Stoneware, Inc.` |
@@ -136,10 +137,13 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Lexibar` | 3.07.02 | `Win32` | `Lexibar` |
| `LGfL HomeProtect` | 8.3.44.11 | `Win32` | `LGFL` |
| `Lightspeed Smart Agent` | 1.9.1 | `Win32` | `Lightspeed Systems` |
-| `Lightspeed Filter Agent` | 2.3.4 | `Win32` | `Lightspeed Systems` |
+| `Lightspeed Classroom` | 3.4.5.0 | `Win32` | `Lightspeed Systems` |
+| `Lightspeed Filter Agent` | 2.5.2 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Digital` | 3.12.3.11 | `Win32` | `Lightspeed Systems` |
+| `Linewize Authentication agent ` |1.4.1 | `Win32` | `Linewize` |
| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
+| `Mind+ Desktop` | 1.8.0 | `Win32` | `Mind+Desktop` |
| `Mozilla Firefox` | 116.0.2 | `Win32` | `Mozilla` |
| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
| `Musescore` | 4.1.1.232071203 | `Win32` | `Musescore` |
@@ -158,19 +162,20 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `PaperCut` | 22.0.6 | `Win32` | `PaperCut Software International Pty Ltd` |
| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
| `Project Monarch Outlook` | 1.2023.831.400 | `Store` | `Microsoft` |
-| `Questar Secure Browser` | 5.0.1.456 | `Win32` | `Questar, Inc` |
+| `Questar Secure Browser` | 5.0.5.536 | `Win32` | `Questar, Inc` |
| `ReadAndWriteForWindows` | 12.0.78 | `Win32` | `Texthelp Ltd.` |
| `Remote Desktop client (MSRDC)` | 1.2.4487.0 | `Win32` | `Microsoft` |
-| `Remote Help` | 4.0.1.13 | `Win32` | `Microsoft` |
+| `Remote Help` | 5.0.1311.0 | `Win32` | `Microsoft` |
| `Respondus Lockdown Browser` | 2.0.9.03 | `Win32` | `Respondus` |
| `Safe Exam Browser` | 3.5.0.544 | `Win32` | `Safe Exam Browser` |
-|`SchoolYear` | 3.5.4 | `Win32` |`SchoolYear` |
-|`School Manager` | 3.6.8.1109 | `Win32` |`School Manager` |
+|`SchoolYear` | 3.5.4 | `Win32` |`SchoolYear` |
+|`School Manager` | 3.6.10-1149 | `Win32` |`Linewize` |
+|`Schoolnet Secure Tester` | 2.1.0 | `Win32` |`School Net` |
|`Scratch` | 3.0 | `Win32` |`MIT` |
-| `Senso.Cloud` | 2021.11.15.0 | `Win32` | `Senso.Cloud` |
+| `Senso.Cloud` |2021.11.15.0 | `Win32` | `Senso.Cloud` |
| `Skoolnext` | 2.19 | `Win32` | `Skool.net` |
| `Smoothwall Monitor` | 2.9.2 | `Win32` | `Smoothwall Ltd` |
-| `SuperNova Magnifier & Screen Reader` | 22.02 | `Win32` | `Dolphin Computer Access` |
+| `SuperNova Magnifier & Screen Reader` | 22.03 | `Win32` | `Dolphin Computer Access` |
| `SuperNova Magnifier & Speech` | 21.03 | `Win32` | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | `Win32` | `VitalSource Technologies Inc` |
@@ -219,4 +224,4 @@ For more information on Intune requirements for adding education apps, see [Conf
[EDUWIN-1]: /education/windows/tutorial-school-deployment/configure-device-apps
[EDUWIN-2]: /education/windows/tutorial-school-deployment/
-[WIN-1]: /windows/whats-new/windows-11-requirements
+[WIN-1]: /windows/whats-new/windows-11-requirements
\ No newline at end of file
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
deleted file mode 100644
index 7c6ecca23b..0000000000
--- a/education/windows/windows-editions-for-education-customers.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Windows 10 editions for education customers
-description: Learn about the two Windows 10 editions that are designed for the needs of education institutions.
-ms.topic: overview
-ms.date: 07/25/2023
-appliesto:
- - ✅ Windows 10
----
-
-# Windows 10 editions for education customers
-
-Windows 10 offers various new features and functionalities, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
-
-Windows 10 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
-
-## Windows 10 Pro Education
-
-Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
-
-Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 or newer versions that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
-
-Existing devices running Windows 10 Pro, currently activated with the original OEM digital product key and purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future), will upgrade automatically to Windows 10 Pro Education as part of the Windows 10, version 1607 installation.
-
-Customers with Academic Volume Licensing agreements with rights for Windows can get Windows 10 Pro Education through the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-
-Customers who deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
-
-## Windows 10 Education
-
-Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
-
-Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you don't have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
-
-Customers who deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
-
-For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
-
-## Related topics
-
-- [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
-- [Windows deployment for education](./index.yml)
-- [Windows 10 upgrade paths](/windows/deployment/upgrade/windows-10-upgrade-paths)
-- [Volume Activation for Windows 10](/windows/deployment/volume-activation/volume-activation-windows-10)
-- [Plan for volume activation](/windows/deployment/volume-activation/plan-for-volume-activation-client)
-- [Windows 10 subscription activation](/windows/deployment/windows-10-subscription-activation)
--
\ No newline at end of file
diff --git a/images/group-policy.svg b/images/group-policy.svg
index ace95add6b..95957a5914 100644
--- a/images/group-policy.svg
+++ b/images/group-policy.svg
@@ -1,3 +1,9 @@
-
\ No newline at end of file
+
diff --git a/includes/ai-disclaimer-generic.md b/includes/ai-disclaimer-generic.md
deleted file mode 100644
index 0e190e0e38..0000000000
--- a/includes/ai-disclaimer-generic.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-author: aczechowski
-ms.author: aaroncz
-ms.date: 03/31/2023
-ms.topic: include
-ms.prod: windows-client
----
-
-> [!NOTE]
-> This article was partially created with the help of artificial intelligence. Before publishing, an author reviewed and revised the content as needed. For more information, see [Our principles for using AI-generated content in Microsoft Learn](/azure/principles-for-ai-generated-content).
diff --git a/includes/configure/gpo-settings-1.md b/includes/configure/gpo-settings-1.md
index d30e2cc685..296a1025d2 100644
--- a/includes/configure/gpo-settings-1.md
+++ b/includes/configure/gpo-settings-1.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
-To configure devices using group policy, [create a group policy object (GPO)](/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object) and use the following settings:
\ No newline at end of file
+To configure a device with group policy, use the [Local Group Policy Editor](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731745(v=ws.10)). To configure multiple devices joined to Active Directory, [create or edit](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754740(v=ws.11)) a group policy object (GPO) and use the following settings:
diff --git a/includes/configure/gpo-settings-2.md b/includes/configure/gpo-settings-2.md
index bf8ee52309..fa200244ae 100644
--- a/includes/configure/gpo-settings-2.md
+++ b/includes/configure/gpo-settings-2.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
-The policy settings can be configured locally by using the Local Group Policy Editor (`gpedit.msc`), linked to the domain or organizational units, and filtered to security groups.
\ No newline at end of file
+Group policies can be [linked](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732979(v=ws.10)) to domains or organizational units, [filtered using security groups](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc752992(v=ws.10)), or [filtered using WMI filters](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717288(v=ws.11)).
diff --git a/includes/configure/intune-custom-settings-1.md b/includes/configure/intune-custom-settings-1.md
index 60125a46d1..05f77b0843 100644
--- a/includes/configure/intune-custom-settings-1.md
+++ b/includes/configure/intune-custom-settings-1.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
To configure devices with Microsoft Intune, use a custom policy:
diff --git a/includes/configure/intune-custom-settings-2.md b/includes/configure/intune-custom-settings-2.md
index 03977b7a0d..92dc4bf22d 100644
--- a/includes/configure/intune-custom-settings-2.md
+++ b/includes/configure/intune-custom-settings-2.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
7. Select **Next**
diff --git a/includes/configure/intune-custom-settings-info.md b/includes/configure/intune-custom-settings-info.md
index 8f406cf058..fc2277cecb 100644
--- a/includes/configure/intune-custom-settings-info.md
+++ b/includes/configure/intune-custom-settings-info.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).
\ No newline at end of file
diff --git a/includes/configure/intune-settings-catalog-1.md b/includes/configure/intune-settings-catalog-1.md
index d0b87a5b78..6afcc21dab 100644
--- a/includes/configure/intune-settings-catalog-1.md
+++ b/includes/configure/intune-settings-catalog-1.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
-To configure devices using Microsoft Intune, [create a Settings catalog policy](/mem/intune/configuration/settings-catalog) and use the following settings:
\ No newline at end of file
+To configure devices with Microsoft Intune, [create a Settings catalog policy](/mem/intune/configuration/settings-catalog) and use the following settings:
\ No newline at end of file
diff --git a/includes/configure/intune-settings-catalog-2.md b/includes/configure/intune-settings-catalog-2.md
index 287d5ebbf1..66b5ceae1d 100644
--- a/includes/configure/intune-settings-catalog-2.md
+++ b/includes/configure/intune-settings-catalog-2.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
Assign the policy to a group that contains as members the devices or users that you want to configure.
\ No newline at end of file
diff --git a/includes/configure/provisioning-package-1.md b/includes/configure/provisioning-package-1.md
index 951ca428e3..62543ac656 100644
--- a/includes/configure/provisioning-package-1.md
+++ b/includes/configure/provisioning-package-1.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 09/12/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
Use the following settings to [create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package):
diff --git a/includes/configure/provisioning-package-2.md b/includes/configure/provisioning-package-2.md
index b600e58e47..8915e7aebd 100644
--- a/includes/configure/provisioning-package-2.md
+++ b/includes/configure/provisioning-package-2.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 09/12/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
[Apply the provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to the devices that you want to configure.
diff --git a/includes/configure/registry.md b/includes/configure/registry.md
new file mode 100644
index 0000000000..6c76a6b9b1
--- /dev/null
+++ b/includes/configure/registry.md
@@ -0,0 +1,9 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
+ms.topic: include
+ms.service: windows-client
+---
+
+To configure devices with the [Registry Editor](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc755256(v=ws.11)), use the following settings:
\ No newline at end of file
diff --git a/includes/configure/tab-intro.md b/includes/configure/tab-intro.md
index a818e4df8b..c9c293a8c5 100644
--- a/includes/configure/tab-intro.md
+++ b/includes/configure/tab-intro.md
@@ -3,7 +3,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.date: 08/15/2023
ms.topic: include
-ms.prod: windows-client
+ms.service: windows-client
---
The following instructions provide details how to configure your devices. Select the option that best suits your needs.
\ No newline at end of file
diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index e68a87a3a6..9810ebe8bf 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -81,7 +81,7 @@ ms.topic: include
|**[Windows Autopilot](/autopilot/)**|Yes|Yes|Yes|Yes|
|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
-|**[Windows Firewall](/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/operating-system-security/network-security/windows-firewall)**|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business/)**|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 780ba51ff0..022cbf278b 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 09/18/2023
+ms.date: 11/02/2023
ms.topic: include
---
@@ -30,7 +30,7 @@ ms.topic: include
|**[Enhanced phishing protection with SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection)**|Yes|Yes|Yes|Yes|Yes|
|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/security-foundations/certification/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|Yes|Yes|❌|❌|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
|**[FIDO2 security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes|
|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
@@ -81,7 +81,7 @@ ms.topic: include
|**[Windows Autopilot](/autopilot/)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Firewall](/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/operating-system-security/network-security/windows-firewall)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business/)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 701d2a3bde..35e8f24701 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -17,6 +17,6 @@ Federated sign-in license entitlements are granted by the following licenses:
|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|No|No|
+|Yes|No|No|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/system-guard.md
similarity index 75%
rename from includes/licensing/windows-defender-system-guard.md
rename to includes/licensing/system-guard.md
index cecce5edd5..0c165234b4 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/system-guard.md
@@ -7,13 +7,13 @@ ms.topic: include
## Windows edition and licensing requirements
-The following table lists the Windows editions that support Windows Defender System Guard:
+The following table lists the Windows editions that support System Guard:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
-Windows Defender System Guard license entitlements are granted by the following licenses:
+System Guard license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index ba3d25fe32..8fd22d16a4 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -69,7 +69,6 @@
"v-stsavell",
"beccarobins",
"Stacyrch140",
- "v-stsavell",
"American-Dipper"
]
},
diff --git a/store-for-business/images/msfb-add-collection.PNG b/store-for-business/images/msfb-add-collection.png
similarity index 100%
rename from store-for-business/images/msfb-add-collection.PNG
rename to store-for-business/images/msfb-add-collection.png
diff --git a/store-for-business/images/wsfb-private-store-gpo.PNG b/store-for-business/images/wsfb-private-store-gpo.png
similarity index 100%
rename from store-for-business/images/wsfb-private-store-gpo.PNG
rename to store-for-business/images/wsfb-private-store-gpo.png
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index 2cd07840b0..cc4aa9686d 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -9,7 +9,7 @@ author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
-ms.custom: has-azure-ad-ps-ref
+ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.date: 05/24/2023
ms.reviewer:
---
@@ -36,7 +36,7 @@ You can use the PowerShell module to:
- Perform bulk operations with .csv files - automates license management for customers with larger numbers of licenses
>[!NOTE]
->Assigning apps to groups is not supported via this module. Instead, we recommend leveraging the Microsoft Entra ID Or MSOnline Modules to save members of a group to a CSV file and follow instructions below on how to use CSV file to manage assignments.
+>Assigning apps to groups is not supported via this module. Instead, we recommend leveraging the Microsoft Entra ID or [Microsoft Graph PowerShell](/powershell/microsoftgraph/overview) Modules to save members of a group to a CSV file and follow instructions below on how to use CSV file to manage assignments.
## Requirements
To use the Microsoft Store for Business and Education PowerShell module, you'll need:
@@ -77,7 +77,7 @@ To authorize the PowerShell module, run this command. You'll need to sign-in wit
Grant-MSStoreClientAppAccess
```
-You will be prompted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Azure PowerShell cmdlets are loaded and ready to be used.
+You will be prompted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Microsoft Graph PowerShell cmdlets are loaded and ready to be used.
## View items in Products and Services
Service management should encounter no breaking changes as a result of the separation of Azure Service Management and **Microsoft Store for Business and Education PowerShell** preview.
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index bb6d16110b..c0e3db882e 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -334,7 +334,7 @@ Customers in these markets can use Microsoft Store for Business and Education to
- Aremenia
- Azerbaijan
- Belarus
-- Bosnia
+- Bosnia and Herzegovina
- Brazil
- Georgia
- India
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index 15adb1f6c8..368df86b94 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -8,7 +8,7 @@ ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 01/11/2024
ms.reviewer:
---
@@ -22,9 +22,17 @@ Because Microsoft Store for Business and Education will be retired, we no longer
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
+## January 2024
+
+**Removal of private store capability from Microsoft Store for Business and Education**
+
+The private store tab and associated functionality was removed from the Microsoft Store for Business and Education portal. This includes the ability to add apps to private groups and to download and install apps from the private store.
+
+We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
+
## May 2023
-### Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs
+**Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs**
The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
@@ -45,33 +53,41 @@ We recommend that you add your apps through the new Microsoft Store app experien
Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
## April 2023
+
- **Tab removed from Microsoft Store apps on Windows 11 PCs** – The Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. [Get more info](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed)
## October 2018
+
- **Use security groups with Private store apps** - On the details page for apps in your private store, you can set Private store availability. This allows you to choose which security groups can see an app in the private store. [Get more info](app-inventory-management-microsoft-store-for-business.md)
## September 2018
+
- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](/microsoft-store/manage-private-store-settings#private-store-performance)
## August 2018
- **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](./acquire-apps-microsoft-store-for-business.md#allow-app-requests)
## July 2018
+
- Bug fixes and performance improvements.
## June 2018
-- **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection.
+
+- **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection.
- **Performance improvements in private store** - We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. [Get more info](./manage-private-store-settings.md#private-store-performance)
## May 2018
+
- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.
## April 2018
+
- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We'll figure out who's in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we'll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.
- **Office 365 subscription management** - We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
## March 2018
+
- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](./manage-private-store-settings.md#private-store-performance)
- **Private store collection updates** - We've made it easier to find apps when creating private store collections – now you can search and filter results.
[Get more info](./manage-private-store-settings.md#private-store-collections)
@@ -79,19 +95,23 @@ Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess)
- **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.
## January and February 2018
+
- **One place for apps, software, and subscriptions** - The new **Products & services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services.
- **Create collections of apps in your private store** - Use **collections** to customize your private store. Collections allow you to create groups of apps that are commonly used in your organization or school -- you might create a collection for a Finance department, or a 6th-grade class. [Get more info](./manage-private-store-settings.md#private-store-collections)
- **Upgrade Office 365 trial subscription** - Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal.
- **Supporting Microsoft Product and Services Agreement customers** - If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details.
-- **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role.
+- **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role.
## December 2017
+
- Bug fixes and performance improvements.
## November 2017
+
- **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
## October 2017
+
- Bug fixes and performance improvements.
## September 2017
@@ -102,4 +122,4 @@ Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess)
- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redeeming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
- **Manage Office 365 subscriptions acquired by partners** - Office 365 subscriptions purchased for your organization by a partner or reseller can be managed in Microsoft Store for Business. Admins can assign and manage licenses for these subscriptions.
- **Edge extensions in Microsoft Store** - Edge Extensions are now available from Microsoft Store! You can acquire and distribute them from Microsoft Store for Business just like any other app.
-- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.
\ No newline at end of file
+- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index 8ab993b759..964efc7788 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -8,7 +8,7 @@ ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 01/11/2024
ms.reviewer:
---
@@ -20,40 +20,19 @@ ms.reviewer:
## Latest updates for Store for Business and Education
-**May 2023**
+**January 2024**
-**Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs**
+**Removal of private store capability from Microsoft Store for Business and Education**
-The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
+The private store tab and associated functionality was removed from the Microsoft Store for Business and Education portal. This includes the ability to add apps to private groups and to download and install apps from the private store.
-Users on Windows 10 PCs can no longer do the following tasks:
-
-- see Line of Business (LOB) products listed in the Microsoft Store for Business tab
-- acquire or install [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps)
-- assign licenses for existing [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) using the Store for Business portal or Store for Business app
-
-[Offline app](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) distribution and licensing scenarios aren't impacted by this change.
-
-We recommend that you add your apps through the new Microsoft Store app experience in Intune. If an app isn’t available in the Microsoft Store, you must retrieve an app package from the vendor and install it as an LOB app or Win32 app. For instructions, read the following articles:
-
-- [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
-- [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
-- [Add, assign, and monitor a Win32 app in Microsoft Intune](/mem/intune/apps/apps-win32-add)
-
-Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
-
-
+We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
## Previous releases and updates
+[May 2023](release-history-microsoft-store-business-education.md#may-2023)
+- Tab removed from Microsoft Store apps on Windows 10 PCs.
+
[April 2023](release-history-microsoft-store-business-education.md#april-2023)
- Tab removed from Microsoft Store apps on Windows 11 PCs.
diff --git a/template.md b/template.md
index c9529e25a3..c114acd13f 100644
--- a/template.md
+++ b/template.md
@@ -2,8 +2,8 @@
title: # ARTICLE TITLE in 55 chars or less, most important for SEO. Best to match H1 and TOC, but doesn't have to.
description: # A summary of the content. 75-300 characters. Used in site search. Sometimes used on a search engine results page for improved SEO. Always end with period.
ms.date: mm/dd/yyyy
-ms.prod: windows-client
-ms.technology: itpro-fundamentals # itpro-deploy itpro-updates itpro-apps itpro-manage itpro-configure itpro-security itpro-privacy itpro-edu
+ms.service: windows-client
+ms.subservice: itpro-fundamentals # itpro-deploy itpro-updates itpro-apps itpro-manage itpro-configure itpro-security itpro-privacy itpro-edu
ms.topic: conceptual #reference troubleshooting how-to end-user-help overview (more in contrib guide)
ms.localizationpriority: medium #high null
author: # GitHub username (aczechowski)
@@ -13,6 +13,7 @@ manager: # MS alias of manager (dougeby/aaroncz)
ms.collection: # optional
- # highpri - high priority, strategic, important, current, etc. articles (confirm with manager prior to use)
- # education - part of M365 for Education vertical
+- # tier1 tier2 tier3
---
# Metadata and Markdown Template
diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index db4571a9c6..534e26d426 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -6,8 +6,8 @@ ms.author: aaroncz
manager: aaroncz
ms.date: 08/18/2023
ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-apps
+ms.service: windows-client
+ms.subservice: itpro-apps
ms.localizationpriority: medium
ms.collection: tier2
appliesto:
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index 4fc8997a6e..94c799e8af 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -2,14 +2,14 @@
title: What's new in App-V for Windows 10, version 1703 and earlier (Windows 10)
description: Information about what's new in App-V for Windows 10, version 1703 and earlier.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# What's new in App-V for Windows 10, version 1703 and earlier
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 040eda052e..21175a8da7 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to Add or Remove an Administrator by Using the Management Console (Windows 10/11)
description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to add or remove an administrator by using the Management Console
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index b11acc20a7..ee6544a181 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to Add or Upgrade Packages by Using the Management Console (Windows 10/11)
description: Add or upgrade packages on the Microsoft Application Virtualization (App-V) server by using the Management Console.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to add or upgrade packages by using the Management Console
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index ec381c1293..9260eaa159 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -2,14 +2,14 @@
title: Administering App-V by using Windows PowerShell (Windows 10/11)
description: Administer App-V by using Windows PowerShell and learn where to find more information about PowerShell for App-V.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Administering App-V by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index cf6f1e8a76..3ae0ecc41f 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -2,14 +2,14 @@
title: Administering App-V Virtual Applications by using the Management Console (Windows 10/11)
description: Administering App-V Virtual Applications by using the Management Console
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Administering App-V Virtual Applications by using the Management Console
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index a02875375a..24ab5d46a1 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -2,14 +2,14 @@
title: Only Allow Admins to Enable Connection Groups (Windows 10/11)
description: Configure the App-V client so that only administrators, not users, can enable or disable connection groups.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to allow only administrators to enable connection groups
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 025efdca77..363bf2e7ec 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -2,14 +2,14 @@
title: Application Publishing and Client Interaction (Windows 10/11)
description: Learn technical information about common App-V Client operations and their integration with the local operating system.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Application publishing and client interaction
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index 24903fe377..310cac6312 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -2,14 +2,14 @@
title: Apply deployment config file via Windows PowerShell (Windows 10/11)
description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10/11.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to apply the deployment configuration file by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index 9d78748d49..cb64552879 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -2,14 +2,14 @@
title: How to apply the user configuration file by using Windows PowerShell (Windows 10/11)
description: How to apply the user configuration file by using Windows PowerShell (Windows 10/11).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to apply the user configuration file by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index c8a8e980b5..415ade7895 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -2,14 +2,14 @@
title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: How to automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 42e883d6c6..4b2246bee4 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -2,14 +2,14 @@
title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: How to automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index f73f89ee26..d56ea57fc8 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -2,14 +2,14 @@
title: Auto-remove unpublished packages on App-V client (Windows 10/11)
description: How to automatically clean up any unpublished packages on your App-V client devices.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Automatically clean up unpublished packages on the App-V client
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 0f09ca265b..50e6dd4a87 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -2,14 +2,14 @@
title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: How to automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) PowerShell cmdlet or the user interface.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index e869fd86fb..32afb3de6b 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -2,14 +2,14 @@
title: Available Mobile Device Management (MDM) settings for App-V (Windows 10/11)
description: Learn the available Mobile Device Management (MDM) settings you can use to configure App-V on Windows 10.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Available Mobile Device Management (MDM) settings for App-V
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 2b7edc6c54..5d052067c5 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -2,14 +2,14 @@
title: App-V Capacity Planning (Windows 10/11)
description: Use these recommendations as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V Capacity Planning
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index d87457a13f..c7b029ac7a 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -2,14 +2,14 @@
title: About Client Configuration Settings (Windows 10/11)
description: Learn about the App-V client configuration settings and how to use Windows PowerShell to modify the client configuration settings.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# About Client Configuration Settings
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index ab350e2a83..23f43e8cb3 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to configure access to packages by using the Management Console (Windows 10/11)
description: How to configure access to packages by using the App-V Management Console.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to configure access to packages by using the Management Console
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 9e7f90b5a1..9524c2d447 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -2,14 +2,14 @@
title: How to make a connection group ignore the package version (Windows 10/11)
description: Learn how to make a connection group ignore the package version with the App-V Server Management Console.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to make a connection group ignore the package version
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 687c339a07..c8e45c8af1 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -2,14 +2,14 @@
title: How to configure the client to receive package and connection groups updates from the publishing server (Windows 10/11)
description: How to configure the client to receive package and connection groups updates from the publishing server.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to configure the client to receive package and connection groups updates from the publishing server
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index 95ec5914c4..50ed9fd433 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -2,14 +2,14 @@
title: How to connect to the Management Console (Windows 10/11)
description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to connect to the Management Console
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index df85debbf2..bfad2cc36f 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -2,14 +2,14 @@
title: About the connection group file (Windows 10/11)
description: A summary of what the connection group file is and how to configure it.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# About the connection group file
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index 26f5a073a8..d84704a33f 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -2,14 +2,14 @@
title: About the connection group virtual environment (Windows 10/11)
description: Learn how the connection group virtual environment works and how package priority is determined.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# About the connection group virtual environment
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 3a2f20cbb5..e12fd39cb0 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -2,14 +2,14 @@
title: How to convert a package created in a previous version of App-V (Windows 10/11)
description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to convert a package created in a previous version of App-V
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 09a658895f..e602397d30 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -2,14 +2,14 @@
title: How to create a connection croup with user-published and globally published packages (Windows 10/11)
description: How to create a connection croup with user-published and globally published packages.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to create a connection croup with user-published and globally published packages
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 18a61bee6e..a78ae6f6cd 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -2,14 +2,14 @@
title: How to create a connection group (Windows 10/11)
description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to create a connection group
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index 0dd4402170..ead8b2f662 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to create a custom configuration file by using the App-V Management Console (Windows 10/11)
description: How to create a custom configuration file by using the App-V Management Console.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to create a custom configuration file by using the App-V Management Console
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 30cddc907d..cbe79ac2df 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -2,14 +2,14 @@
title: How to create a package accelerator by using Windows PowerShell (Windows 10/11)
description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to create a package accelerator by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index 93333681f5..e1500e3807 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -2,14 +2,14 @@
title: How to create a package accelerator (Windows 10/11)
description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to create a package accelerator
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index 162c56efbc..2ee8100f3e 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -2,14 +2,14 @@
title: How to create a virtual application package using an App-V Package Accelerator (Windows 10/11)
description: How to create a virtual application package using an App-V Package Accelerator.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to create a virtual application package using an App-V Package Accelerator
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 9420f67b5f..a37682809c 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -2,14 +2,14 @@
title: Create and apply an App-V project template to a sequenced App-V package (Windows 10/11)
description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Create and apply an App-V project template to a sequenced App-V package
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 4616ec336f..ef0e7deee1 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -2,14 +2,14 @@
title: Creating and managing App-V virtualized applications (Windows 10/11)
description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Creating and managing App-V virtualized applications
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 117cbd91bd..bbb9594d7c 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10/11)
description: How to customize virtual application extensions for a specific AD group by using the Management Console.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to customize virtual applications extensions for a specific AD group by using the Management Console
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 55dc6b0ec7..88af78ee9f 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -2,14 +2,14 @@
title: How to delete a connection group (Windows 10/11)
description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to delete a connection group
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index 1917d768e9..2bd65704c0 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to delete a package in the Management Console (Windows 10/11)
description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to delete a package in the Management Console
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index 3fac560518..af21f7aff4 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -2,14 +2,14 @@
title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10/11)
description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to deploy the App-V databases by using SQL scripts
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index cbaf3e7123..a085662790 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -2,14 +2,14 @@
title: How to deploy App-V packages using electronic software distribution (Windows 10/11)
description: Learn how to use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to deploy App-V packages using electronic software distribution
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 19e48512a0..d0e531b234 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -2,14 +2,14 @@
title: How to Deploy the App-V Server Using a Script (Windows 10/11)
description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to deploy the App-V server using a script
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 4a9f49f03b..ccd4d5e8c2 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -2,14 +2,14 @@
title: How to Deploy the App-V Server (Windows 10/11)
description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10/11.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Deploy the App-V Server (new installation)
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index d1d23d6d74..57ec089771 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -2,14 +2,14 @@
title: Deploying App-V (Windows 10/11)
description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying App-V for Windows client
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 02924fde4f..e68c95f230 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -2,14 +2,14 @@
title: Deploying Microsoft Office 2010 by Using App-V
description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying Microsoft Office 2010 by Using App-V
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 0cb31fa36f..8b8c6ca547 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -2,14 +2,14 @@
title: Deploying Microsoft Office 2013 by Using App-V (Windows 10/11)
description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying Microsoft Office 2013 by Using App-V
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index ee4cbe5751..e76a52b47d 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -2,14 +2,14 @@
title: Deploying Microsoft Office 2016 by using App-V (Windows 10/11)
description: Use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying Microsoft Office 2016 by using App-V
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 20e131feb1..f9ba5b9a57 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -2,14 +2,14 @@
title: Deploying App-V packages by using electronic software distribution (ESD)
description: Deploying App-V packages by using electronic software distribution (ESD)
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying App-V packages by using electronic software distribution (ESD)
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index e2fd60d1e8..d9f2150218 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -2,14 +2,14 @@
title: Deploying the App-V Sequencer and configuring the client (Windows 10/11)
description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying the App-V Sequencer and configuring the client
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 2b08876aed..35e22a1400 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -2,14 +2,14 @@
title: Deploying the App-V Server (Windows 10/11)
description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10/11 by using different deployment configurations described in this article.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Deploying the App-V server
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index fd90b055be..0b06042ae1 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -2,14 +2,14 @@
title: App-V Deployment Checklist (Windows 10/11)
description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V Deployment Checklist
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 03ba41c6d2..d6073f10c0 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -2,14 +2,14 @@
title: About App-V Dynamic Configuration (Windows 10/11)
description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# About App-V dynamic configuration
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 9c19cab0aa..39c355141c 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -2,8 +2,8 @@
title: How to enable only administrators to publish packages by using an ESD
description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
author: aczechowski
-ms.prod: windows-client
-ms.technology: itpro-apps
+ms.service: windows-client
+ms.subservice: itpro-apps
ms.date: 05/02/2022
ms.reviewer:
manager: aaroncz
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index cc71b17cb7..757e57fbf2 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -2,14 +2,14 @@
title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10/11)
description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Enable Reporting on the App-V Client by Using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 5b65a93ac1..7622c5c8dd 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -2,14 +2,14 @@
title: Enable the App-V in-box client (Windows 10/11)
description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10/11.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Enable the App-V in-box client
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 6874ebc260..78f237a692 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -2,13 +2,13 @@
title: Evaluating App-V (Windows 10/11)
description: Learn how to evaluate App-V for Windows 10/11 in a lab environment before deploying into a production environment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Evaluating App-V
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index ecb4183907..b2ded1f268 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -2,14 +2,14 @@
title: Application Virtualization (App-V) (Windows 10/11)
description: See various articles that can help you administer Application Virtualization (App-V) and its components.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Application Virtualization (App-V) for Windows client overview
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index f851ca2a85..aab10ec1a4 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -2,14 +2,14 @@
title: Getting Started with App-V (Windows 10/11)
description: Get started with Microsoft Application Virtualization (App-V) for Windows 10/11. App-V for Windows client devices delivers Win32 applications to users as virtual applications.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Getting started with App-V for Windows client
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 437b20eeb1..1757dca790 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -2,14 +2,14 @@
title: High-level architecture for App-V (Windows 10/11)
description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# High-level architecture for App-V
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index acc244a595..4f706ec7eb 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -2,13 +2,13 @@
title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10/11)
description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index ae2e2b56c3..ba5480496d 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -2,14 +2,14 @@
title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10/11)
description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index 5b258437f3..a9263f3cba 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -2,14 +2,14 @@
title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10/11)
description: How to install the Management Server on a Standalone Computer and Connect it to the Database
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to install the Management Server on a Standalone Computer and Connect it to the Database
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 7457b54f82..b25c54796c 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -2,14 +2,14 @@
title: Install the Publishing Server on a Remote Computer (Windows 10/11)
description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to install the publishing server on a remote computer
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index f5335dd5f0..39075f56f3 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -2,14 +2,14 @@
title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10/11)
description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to install the reporting server on a standalone computer and connect it to the database
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 2fdd2ec28d..2f756b549e 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -2,14 +2,14 @@
title: Install the App-V Sequencer (Windows 10/11)
description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Install the App-V Sequencer
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index 2170f1e25b..9ce856129d 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -2,14 +2,14 @@
title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10/11)
description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to load the Windows PowerShell cmdlets for App-V and get cmdlet help
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index fb3a0ccc4e..0b04a038f5 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -2,14 +2,14 @@
title: Maintaining App-V (Windows 10/11)
description: After you have deployed App-V for Windows 10/11, you can use the following information to maintain the App-V infrastructure.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Maintaining App-V
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index e125255c83..55a855d2eb 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -5,14 +5,14 @@ author: aczechowski
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/24/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to manage App-V packages running on a stand-alone computer by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index c870425b03..1a6a1de125 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -2,13 +2,13 @@
title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10/11)
description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index d65f100109..e985d4a918 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -2,13 +2,13 @@
title: Managing Connection Groups (Windows 10/11)
description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Managing Connection Groups
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index b5ca6b5e48..c42f3ed0f6 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -2,13 +2,13 @@
title: Migrating to App-V from a Previous Version (Windows 10/11)
description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10/11 from a previous version.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Migrating to App-V from previous versions
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index db81d9833c..b9d7da75f0 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -2,13 +2,13 @@
title: How to Modify an Existing Virtual Application Package (Windows 10/11)
description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Modify an Existing Virtual Application Package
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 6e0950dbf8..24187f7a7d 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -2,13 +2,13 @@
title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10/11)
description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Modify Client Configuration by Using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 4b844f29a5..9aa55c680d 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -2,13 +2,13 @@
title: How to Move the App-V Server to Another Computer (Windows 10/11)
description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to move the App-V server to another computer
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 7b2ef74380..8af6d33a4d 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -2,14 +2,14 @@
title: Operations for App-V (Windows 10/11)
description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Operations for App-V
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index cb7e615a02..d05eec841b 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -2,13 +2,13 @@
title: Performance Guidance for Application Virtualization
description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Performance Guidance for Application Virtualization
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index c391399dd5..76f89eae1f 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -2,14 +2,14 @@
title: App-V Planning Checklist (Windows 10/11)
description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V Planning Checklist
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 04e30a407c..1045a49e6e 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -2,14 +2,14 @@
title: Planning to Use Folder Redirection with App-V (Windows 10/11)
description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning to Use Folder Redirection with App-V
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 6d1dfd402c..9d934729e0 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -2,14 +2,14 @@
title: Planning for the App-V Server Deployment (Windows 10/11)
description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for the App-V server deployment
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index e0bf768b4b..e4fcf0c5ad 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -2,14 +2,14 @@
title: Planning for App-V (Windows 10/11)
description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for App-V
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 3f800f36de..cb1db35d6e 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -2,14 +2,14 @@
title: Planning for High Availability with App-V Server
description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for high availability with App-V Server
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 61f49df9b6..2ba0a00feb 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -2,14 +2,14 @@
title: Planning for the App-V Sequencer and Client Deployment (Windows 10/11)
description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for the App-V Sequencer and Client Deployment
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index 02914cd55b..6bdba43ddf 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -2,14 +2,14 @@
title: Planning for Deploying App-V with Office (Windows 10/11)
description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning for deploying App-V with Office
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 478b1f8523..0649249186 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -2,14 +2,14 @@
title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10/11)
description: Planning to Deploy App-V with an Electronic Software Distribution System
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning to Deploy App-V with an electronic software distribution system
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 5cfdf7b332..64468df388 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -2,14 +2,14 @@
title: Planning to Deploy App-V (Windows 10/11)
description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Planning to Deploy App-V for Windows client
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index 95fad14736..3268e9610e 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -1,7 +1,7 @@
---
title: Preparing Your Environment for App-V (Windows 10/11)
description: Use this info to prepare for deployment configurations and prerequisites for Microsoft Application Virtualization (App-V).
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
author: aczechowski
@@ -9,7 +9,7 @@ manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Preparing your environment for App-V
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 9df6ba5e4c..38af8e2364 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -2,14 +2,14 @@
title: App-V Prerequisites (Windows 10/11)
description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V for Windows client prerequisites
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 2a86b56aff..de2ecd3c81 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -2,14 +2,14 @@
title: How to Publish a Connection Group (Windows 10/11)
description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Publish a Connection Group
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index 8d1b3b7041..0d5526bb14 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -2,14 +2,14 @@
title: How to publish a package by using the Management console (Windows 10/11)
description: Learn how the Management console in App-V can help you enable admin controls as well as publish App-V packages.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to publish a package by using the Management console
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 2c82592252..0af2304c46 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -2,13 +2,13 @@
title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10/11)
description: How to Register and Unregister a Publishing Server by Using the Management Console
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Register and Unregister a Publishing Server by Using the Management Console
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index f2df77ee92..68b2efeb3a 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -2,13 +2,13 @@
title: Release Notes for App-V for Windows 10 version 1703 (Windows 10/11)
description: A list of known issues and workarounds for App-V running on Windows 10 version 1703 and Windows 11.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Release Notes for App-V for Windows 10 version 1703 and later
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 00fd89be8c..e9f6d97139 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -2,13 +2,13 @@
title: Release Notes for App-V for Windows 10, version 1607 (Windows 10)
description: A list of known issues and workarounds for App-V running on Windows 10, version 1607.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Release Notes for App-V for Windows 10, version 1607
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index 0108207c9e..2e05013ad9 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -2,14 +2,14 @@
title: About App-V Reporting (Windows 10/11)
description: Learn how the App-V reporting feature collects information about computers running the App-V client and virtual application package usage.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/16/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# About App-V reporting
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index ce0c73c061..f37849f3a0 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -2,13 +2,13 @@
title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10/11)
description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 03/08/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index 5c13af93a6..77bc48c66f 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -2,14 +2,14 @@
title: App-V Security Considerations (Windows 10/11)
description: Learn about accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/16/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V security considerations
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index a19c89cc1c..1af6a22f42 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -2,14 +2,14 @@
title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: Learn how to manually sequence a new app by using the App-V Sequencer that's included with the Windows ADK.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/16/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 1b289057fe..9754332e13 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -2,13 +2,13 @@
title: How to sequence a package by using Windows PowerShell (Windows 10/11)
description: Learn how to sequence a new Microsoft Application Virtualization (App-V) package by using Windows PowerShell.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Sequence a Package by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index 059ef24c65..f96111505d 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -2,14 +2,14 @@
title: App-V Supported Configurations (Windows 10/11)
description: Learn the requirements to install and run App-V supported configurations in your Windows 10/11 environment.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/16/2018
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
ms.topic: article
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# App-V Supported Configurations
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index 5feee6e5a9..ec23d191b4 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -2,13 +2,13 @@
title: Technical Reference for App-V (Windows 10/11)
description: Learn strategy and context for many performance optimization practices in this technical reference for Application Virtualization (App-V).
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Technical Reference for App-V
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 6ad489e6d0..1a4d09cc2f 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -2,13 +2,13 @@
title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10/11)
description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index 8e916937ed..020e46ea24 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -2,13 +2,13 @@
title: Troubleshooting App-V (Windows 10/11)
description: Learn how to find information about troubleshooting Application Virtualization (App-V) and information about other App-V articles.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Troubleshooting App-V
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index d9769d9ac3..48842df8a4 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -2,13 +2,13 @@
title: Upgrading to App-V for Windows 10/11 from an existing installation (Windows 10/11)
description: Learn about upgrading to Application Virtualization (App-V) for Windows 10/11 from an existing installation.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Upgrading to App-V for Windows client from an existing installation
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 3cdd99110d..84af8ed135 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -2,13 +2,13 @@
title: Using the App-V Client Management Console (Windows 10/11)
description: Learn how to use the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Using the App-V Client Management Console
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index 92b64eb2ec..82665691aa 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -2,13 +2,13 @@
title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10/11)
description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index ed8de7183d..c2d47380bf 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -2,13 +2,13 @@
title: Viewing App-V Server Publishing Metadata (Windows 10/11)
description: Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues.
author: aczechowski
-ms.prod: windows-client
+ms.service: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: aaroncz
ms.author: aaroncz
ms.collection: must-keep
-ms.technology: itpro-apps
+ms.subservice: itpro-apps
---
# Viewing App-V Server Publishing Metadata
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 8b50896c5a..f9544bebe7 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -40,11 +40,11 @@
"tier2"
],
"uhfHeaderId": "MSDocsHeader-Windows",
- "ms.technology": "itpro-apps",
+ "ms.service": "windows-client",
+ "ms.subservice": "itpro-apps",
"ms.topic": "article",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
+ "feedback_system": "Standard",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-app-management",
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 1ed95c362a..2a00963aef 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -6,8 +6,8 @@ ms.author: aaroncz
manager: aaroncz
ms.date: 10/03/2017
ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-apps
+ms.service: windows-client
+ms.subservice: itpro-apps
ms.localizationpriority: medium
ms.collection: tier2
ms.reviewer:
diff --git a/windows/application-management/images/insider.png b/windows/application-management/images/insider.png
new file mode 100644
index 0000000000..dbe00408cb
Binary files /dev/null and b/windows/application-management/images/insider.png differ
diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md
index f9844e71b1..932390fc2d 100644
--- a/windows/application-management/includes/app-v-end-life-statement.md
+++ b/windows/application-management/includes/app-v-end-life-statement.md
@@ -4,9 +4,7 @@ ms.author: aaroncz
manager: aaroncz
ms.date: 09/20/2021
ms.topic: include
-ms.prod: w10
-ms.collection: tier1
-ms.reviewer:
+ms.service: windows-client
---
Application Virtualization will be [end of life in April 2026](/lifecycle/announcements/mdop-extended). We recommend looking at Azure Virtual Desktop with MSIX app attach. For more information, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview) and [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal).
diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md
index 35084641c6..f4b2934ded 100644
--- a/windows/application-management/includes/applies-to-windows-client-versions.md
+++ b/windows/application-management/includes/applies-to-windows-client-versions.md
@@ -5,8 +5,8 @@ manager: aaroncz
ms.date: 09/28/2021
manager: aaroncz
ms.topic: include
-ms.prod: windows-client
-ms.technology: itpro-apps
+ms.service: windows-client
+ms.subservice: itpro-apps
ms.localizationpriortiy: medium
ms.collection: tier1
ms.reviewer:
diff --git a/windows/application-management/includes/insider-note.md b/windows/application-management/includes/insider-note.md
new file mode 100644
index 0000000000..a1160f8047
--- /dev/null
+++ b/windows/application-management/includes/insider-note.md
@@ -0,0 +1,16 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.topic: include
+ms.date: 01/11/2024
+---
+
+:::row:::
+:::column span="1":::
+:::image type="content" source="../images/insider.png" alt-text="Logo of Windows Insider." border="false":::
+:::column-end:::
+:::column span="3":::
+> [!IMPORTANT]
+>This article describes features or settings that are under development and only applicable to [Windows Insider Preview builds](/windows-insider/). The content is subject to change and may have dependencies on other features or services in preview.
+:::column-end:::
+:::row-end:::
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index b08cd77d57..371bc58a37 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -11,10 +11,10 @@ metadata:
manager: aaroncz
ms.date: 08/18/2023
ms.topic: landing-page
- ms.prod: windows-client
+ ms.service: windows-client
+ ms.subservice: itpro-apps
ms.collection:
- tier1
- - highpri
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | tutorial | overview | quickstart | reference | sample | tutorial | video | whats-new
@@ -41,7 +41,7 @@ landingContent:
- text: Changes to Service Host grouping in Windows 10
url: svchost-service-refactoring.md
- - title: Application Virtualization (App-V)
+ - title: Application Virtualization (App-V)
linkLists:
- linkListType: overview
links:
diff --git a/windows/application-management/overview-windows-apps.md b/windows/application-management/overview-windows-apps.md
index 135c557b56..ab58f88f99 100644
--- a/windows/application-management/overview-windows-apps.md
+++ b/windows/application-management/overview-windows-apps.md
@@ -6,8 +6,8 @@ ms.author: aaroncz
manager: aaroncz
ms.date: 08/28/2023
ms.topic: overview
-ms.prod: windows-client
-ms.technology: itpro-apps
+ms.service: windows-client
+ms.subservice: itpro-apps
ms.localizationpriority: medium
ms.collection: tier2
appliesto:
@@ -92,7 +92,7 @@ When you use an MDM provider like Microsoft Intune, you can create shortcuts to
## Android™️ apps
-Starting with Windows 11, you can install Android™️ apps. This feature uses the Windows Subsystem for Android, and allows users to interact with mobile apps just like others apps.
+Starting with Windows 11, you can install Android™️ apps. This feature uses the Windows Subsystem for Android, and allows users to interact with mobile apps just like other apps.
For more information, see the following articles:
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 200ea7e859..9e6cefb8ae 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -1,81 +1,152 @@
---
title: Per-user services
-description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
+description: Learn about per-user services, how to change the template service startup type, and manage per-user services through group policy and security templates.
author: aczechowski
ms.author: aaroncz
manager: aaroncz
-ms.date: 09/14/2017
+ms.date: 12/22/2023
ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-apps
+ms.service: windows-client
+ms.subservice: itpro-apps
ms.localizationpriority: medium
ms.collection: tier2
appliesto:
+ - ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server
---
# Per-user services in Windows
-Per-user services are services that are created when a user signs into Windows or Windows Server and are stopped and deleted when that user signs out. These services run in the security context of the user account - this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks.
+When a user signs in to Windows, the OS creates *per-user services*. When the user signs out, these services are stopped and deleted. They run in the security context of the user account instead of a built-in security principal. This behavior provides better resource management than the previous approach of running these services associated with a preconfigured account or as tasks.
> [!NOTE]
-> Per-user services are only in available in Windows Server if you have installed the Desktop Experience. If you are running a Server Core or Nano Server installation, you won't see these services.
+> Per-user services are only available in Windows Server if you install the Desktop Experience. For more information, see [Server Core vs Server with Desktop Experience install options](/windows-server/get-started/install-options-server-core-desktop-experience).
-You can set the template service's **Startup Type** to **Disabled** to create per-user services in a stopped and disabled state.
+Windows creates these per-user services based on templates defined in the registry. If you need to manage or control behaviors of these services, you can adjust the template. For example, you can set a template service's startup type to **Disabled**. In this example, Windows creates the per-user service in a stopped and disabled state.
> [!IMPORTANT]
-> Carefully test any changes to the template service's Startup Type before deploying to a production environment.
+> Carefully test any changes to the template service's configuration before you broadly deploy them to a production environment.
-Use the following information to understand per-user services, change the template service Startup Type, and manage per-user services through Group Policy and security templates.
-For more information about disabling system services for Windows Server, see [Guidance on disabling system services on Windows Server with Desktop Experience](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server).
+Use the information in this article to understand per-user services, configure user service templates, and manage per-user services through group policy and security templates.
-## Per-user services
+## List of per-user services
-The following table lists per-user services and when they were added to Windows 10 and Windows Server with the Desktop Experience. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
+The following table lists per-user services in the current version of Windows. Other versions of Windows 10/11 might not have the same services available.
-Before you disable any of these services, review the **Description** column in this table to understand the implications, including dependent apps that will no longer work correctly.
+Before you reconfigure any of these services, review this information to understand the implications. For example, if you disable the per-user service, there might be dependent apps that don't work correctly.
-| Windows version | Key name | Display name | Default start type | Dependencies | Description |
-|-----------------|------------------------|-----------------------------------------|--------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 1803 | BcastDVRUserService | GameDVR and Broadcast User Service | Manual | | Used for Game Recordings and Live Broadcasts |
-| 1803 | BluetoothUserService | Bluetooth User Support Service | Manual | | Supports proper functionality of Bluetooth features relevant to each user session |
-| 1803 | CaptureService | CaptureService | Manual | | OneCore Capture Service |
-| 1607 | CDPUserSvc | CDPUserSvc | Auto | - Network Connection Broker- Remote Procedure Call (RPC)- TCP/IP Protocol Driver | Used for Connected Devices Platform scenarios |
-| 1803 | DevicePickerUserSvc | DevicePicker | Manual | | Device Picker |
-| 1703 | DevicesFlowUserSvc | DevicesFlow | Manual | | Device Discovery and Connecting |
-| 1703 | MessagingService | MessagingService | Manual | | Service supporting text messaging and related functionality |
-| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service isn't running. |
-| 1607 | PimIndexMaintenanceSvc | Contact Data | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts. |
-| 1709 | PrintWorkflowUserSvc | PrintWorkflow | Manual | | Print Workflow |
-| 1607 | UnistoreSvc | User Data Storage | Manual | | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. |
-| 1607 | UserDataSvc | User Data Access | Manual | UnistoreSvc | Provides apps access to structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. |
-| 1607 | WpnUserService | Windows Push Notifications User Service | Manual | | Hosts Windows notification platform, which provides support for local and push notifications. Supported notifications are tile, toast, and raw. |
+| Display name | Service name | Default start type | Dependencies | Description |
+|--|--|--|--|--|
+| **Agent Activation Runtime** | AarSvc | Manual | | Runtime for activating conversational agent applications. |
+| **Bluetooth User Support Service** | BluetoothUserService | Manual | | Supports proper functionality of Bluetooth features relevant to each user session. |
+| **OneCore Capture Service** | CaptureService | Manual | | Enables optional screen capture functionality for applications that call [screen capture](/windows/uwp/audio-video-camera/screen-capture) APIs of the [Windows.Graphics.Capture](/uwp/api/windows.graphics.capture) namespace. |
+| **Clipboard User Service** | cbdhsvc | Automated (Delayed Start) | | Windows uses this user service for clipboard scenarios. For example, clipboard history or sync across devices. For more information, see [Clipboard in Windows](https://support.microsoft.com/windows/clipboard-in-windows-c436501e-985d-1c8d-97ea-fe46ddf338c6). |
+| **Cloud Backup and Restore Service** | CloudBackupRestoreSvc | Manual | | Monitors the system for changes in application and setting states. When required, this service does cloud backup and restore operations. |
+| **Connected Devices Platform User Service** | CDPUserSvc | Automatic | - Network Connection Broker - Remote Procedure Call (RPC) - TCP/IP Protocol Driver | This service allows the user to connect, manage, and control connected devices. These connected devices include mobile, Xbox, HoloLens, or smart/IoT devices. For one specific example, see [Share things with nearby devices in Windows](https://support.microsoft.com/windows/share-things-with-nearby-devices-in-windows-0efbfe40-e3e2-581b-13f4-1a0e9936c2d9). |
+| **Consent UX User Service** | ConsentUxUserSvc | Manual | | Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location. |
+| **Contact Data** | PimIndexMaintenanceSvc | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. |
+| **Credential Enrollment Manager** | CredentialEnrollmentManagerUserSvc | Manual | | This service supports the secure storage and retrieval of user credentials. For example, tokens for web sites, remote desktop connections, or other apps. |
+| **Device Association Broker** | DeviceAssociationBrokerSvc | Manual | - DevicePicker - Shell Pairing UX | Supports in-app pairing and access checks for new device scenarios. |
+| **Device Picker** | DevicePickerUserSvc | Manual | | Windows uses this user service to manage Miracast, Digital Living Network Alliance (DLNA), and Discovery and Launch (DIAL) experiences. |
+| **Devices Flow** | DevicesFlowUserSvc | Manual | | Allows the Connect user interface and Settings app to connect and pair with WiFi displays and Bluetooth devices. |
+| **Game DVR and Broadcast User Service** | BcastDVRUserService | Manual | | Windows uses this user service for game recordings and live broadcasts. |
+| **Messaging Service** | MessagingService | Manual | | This service supports text messaging and related functionality. |
+| **Now Playing Session Manager** | NPSMSvc | Manual | | The *now playing session manager* (NPSM) service manages media sessions running on the device. |
+| **Plan 9 Redirector Service** | P9RdrService | Manual | | Enables trigger-starting plan9 file servers, which are supported by [Windows Subsystem for Linux](/windows/wsl/). For more information, see [Plan 9 from Bell Labs](https://wikipedia.org/wiki/Plan_9_from_Bell_Labs). |
+| **Pen Service** | PenService | Manual | | When you press the tail button on a pen input device, this service responds to those actions. It can launch applications or take another action that you customize in Settings. For more information, see user documentation on [How to use your Surface Pen](https://support.microsoft.com/surface/how-to-use-your-surface-pen-8a403519-cd1f-15b2-c9df-faa5aa924e98) or hardware developer documentation on [Pen devices](/windows-hardware/design/component-guidelines/pen-devices). |
+| **Print Workflow** | PrintWorkflowUserSvc | Manual | | Provides support for [Print Workflow](/windows/uwp/devices-sensors/print-workflow-customize) applications. If you turn off this service, some printing functions might not work successfully. |
+| **Sync Host** | OneSyncSvc | Automated (Delayed Start) | | This service synchronizes mail, contacts, calendar, and other user data. When this service is stopped, mail and other applications dependent on this functionality don't work properly. |
+| **UDK User Service** | UdkUserSvc | Manual | | Windows uses this service to coordinate between shell experiences. |
+| **User Data Access** | UserDataSvc | Manual | UnistoreSvc | Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. |
+| **User Data Storage** | UnistoreSvc | Manual | | Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. |
+| **Web Threat Defense User Service** | webthreatdefusersvc | Automatic | | This service helps protect your computer by warning the user when unauthorized entities attempt to gain access to their credentials. |
+| **Windows Push Notifications User Service** | WpnUserService | Automatic | | This service hosts the [Windows push notification services](/windows/apps/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview) (WNS) platform, which provides support for local and push notifications. Supported notifications are tile, toast, and raw. |
-## Disable per-user services
+## View per-user services
-The template service isn't displayed in the Services console (services.msc) so you need to edit the registry directly, either with Group Policy or a scripted solution, to disable a per-user service.
+You can't view the user service templates outside of the Windows Registry, but you can see the user-specific per-user services. Windows displays these services with the following format: `
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
+
+
+
+```Device
+./Vendor/MSFT/ApplicationControl/Policies/{Policy GUID}/PolicyInfo/BasePolicyId
+```
+
+
+
+
+The BasePolicyId of the Policy Indicated by the Policy GUID.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
##### Policies/{Policy GUID}/PolicyInfo/FriendlyName
@@ -453,6 +487,45 @@ TRUE/FALSE if the Policy is a System Policy, that's a policy managed by Microsof
+
+##### Policies/{Policy GUID}/PolicyInfo/PolicyOptions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
+
+
+
+```Device
+./Vendor/MSFT/ApplicationControl/Policies/{Policy GUID}/PolicyInfo/PolicyOptions
+```
+
+
+
+
+The PolicyOptions of the Policy Indicated by the Policy GUID.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
##### Policies/{Policy GUID}/PolicyInfo/Status
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index e7b2417319..b7c198fd13 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -1,14 +1,7 @@
---
title: AppLocker CSP
description: Learn more about the AppLocker CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 9ffbf897b8..11f10bf906 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,14 +1,7 @@
---
title: AppLocker DDF file
description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/BitLocker/AllowSuspensionOfBitLockerProtection
-```
-
-
-
-
-This policy setting allows suspending protection for BitLocker Drive Encryption when enabled and prevents suspending protection when disabled.
-
-> [!WARNING]
-> When policy is disabled, some scenarios will be blocked and prevent those scenarios from behaving normally.
-
-The expected values for this policy are:
-
-0 = Prevent BitLocker Drive Encryption protection from being suspended.
-
-1 = This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 1 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 | Prevent BitLocker Drive Encryption protection from being suspended. |
-| 1 (Default) | This is the default, when the policy isn't set. Allows suspending BitLocker Drive Encryption protection. |
-
-
-
-
-
-
-
-
## AllowWarningForOtherDiskEncryption
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index c6d82985f8..5f89c0bace 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,14 +1,7 @@
---
title: BitLocker DDF file
description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the B
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
@@ -499,7 +492,7 @@ The PFX isn't exportable when it's installed to TPM.
| Format | `bool` |
| Access Type | Add, Get, Replace |
| Default Value | true |
-| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
@@ -1975,7 +1968,7 @@ When a value of "2" is contained in PFXCertPasswordEncryptionType, specify the s
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Get, Replace |
-| Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [EncryptionTypeDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/PFXCertPasswordEncryptionType`
Dependency Allowed Value: `[2]`
Dependency Allowed Value Type: `Range`
|
@@ -2073,7 +2066,7 @@ Optional. Used to specify if the private key installed is exportable (can be exp
| Format | `bool` |
| Access Type | Add, Get, Replace |
| Default Value | true |
-| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [KeyLocationDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall/[UniqueID]/KeyLocation`
Dependency Allowed Value: `[3]`
Dependency Allowed Value Type: `Range`
|
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index c5b24365ff..7648af9a26 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,14 +1,7 @@
---
title: ClientCertificateInstall DDF file
description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the C
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/CloudDesktop/BootToCloudPCEnhanced
+```
+
+
+
+
+This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Dedicated Mode (Cloud only): Dedicated mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.
+
+
+
+
+> [!IMPORTANT]
+> If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not Configured. |
+| 1 | Enable Boot to Cloud Shared PC Mode. |
+| 2 | Enable Boot to Cloud Dedicated Mode (Cloud only). |
+
+
+
+
+
+
+
+
## EnableBootToCloudSharedPCMode
+> [!NOTE]
+> This policy is deprecated and may be removed in a future release.
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.22631.2050] |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -51,6 +100,8 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
+> [!IMPORTANT]
+> If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.
@@ -80,66 +131,88 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
-## EnableBootToCloudSharedPCMode technical reference
+## BootToCloudPCEnhanced technical reference
-EnableBootToCloudSharedPCMode setting is used to configure **Boot to Cloud** feature for shared user mode. When you enable this setting, multiple policies are applied to achieve the intended behavior.
+BootToCloudPCEnhanced is the setting used to configure **Boot to Cloud** feature either for shared mode or dedicated mode. When you enable this setting, multiple policies are applied to achieve the intended behavior. If you wish to customize the **Boot to Cloud** experience, you can utilize the [BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) policy, which provides the flexibility to tailor the experience according to your requirements.
> [!NOTE]
-> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared user mode.
+> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared and dedicated mode.
-### MDM Policies
+### Boot to Cloud Shared PC Mode
-When this mode is enabled, these MDM policies are applied for the Device scope (all users):
+When the Shared PC mode is enabled by setting BootToCloudPCEnhanced value to 1:
-| Setting | Value | Value Description |
-|----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
-| [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) | 1 | Enable Boot to Cloud Desktop |
-| [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram) | 1 | Apply Lightweight Shell |
-| [ADMX_CredentialProviders/DefaultCredentialProvider](policy-csp-admx-credentialproviders.md#defaultcredentialprovider) | Enabled | Configures default credential provider to password provider |
-| [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2) | Enabled | Don't process the computer legacy run list |
-| [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1 | When no keyboard is attached |
+- Following MDM policies are applied for the Device scope (all users):
-### Group Policies
+ | Setting | Value | Value Description |
+ |----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
+ | [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) | 1 | Enable Boot to Cloud Desktop |
+ | [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram) | 1 | Apply Lightweight Shell |
+ | [ADMX_CredentialProviders/DefaultCredentialProvider](policy-csp-admx-credentialproviders.md#defaultcredentialprovider) | Enabled | Configures default credential provider to password provider |
+ | [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2) | Enabled | Don't process the computer legacy run list |
+ | [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1 | When no keyboard is attached |
-When this mode is enabled, these local group policies are configured for all users:
+- Following local group policies are configured for all users:
-| Policy setting | Status |
-|------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
-| Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
-| Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in | Enabled |
-| Control Panel/Personalization/Prevent enabling lock screen slide show | Enabled |
-| System/Logon/Block user from showing account details on sign-in | Enabled |
-| System/Logon/Enumerate local users on domain-joined computers | Disabled |
-| System/Logon/Hide entry points for Fast User Switching | Enabled |
-| System/Logon/Show first sign-in animation | Disabled |
-| System/Logon/Turn off app notifications on the lock screen | Enabled |
-| System/Logon/Turn off picture password sign-in | Enabled |
-| System/Logon/Turn on convenience PIN sign-in | Disabled |
-| Windows Components/App Package Deployment/Allow a Windows app to share application data between users | Enabled |
-| Windows Components/Biometrics/Allow the use of biometrics | Disabled |
-| Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
-| Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
-| Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
-| Windows Components/File History/Turn off File History | Enabled |
-| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage | Enabled |
-| Windows Components/Windows Hello for Business/Use biometrics | Disabled |
-| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
-| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
-| Windows Components/Microsoft Passport for Work | Disabled |
-| System/Ctrl+Alt+Del Options/Remove Task Manager | Enabled |
-| System/Ctrl+Alt+Del Options/Remove Change Password | Enabled |
-| Start Menu and Taskbar/Notifications/Turn off toast notifications | Enabled |
-| Start Menu and Taskbar/Notifications/Remove Notifications and Action Center | Enabled |
-| System/Logon/Do not process the legacy run list | Enabled |
+ | Policy setting | Status |
+ |------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
+ | Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
+ | Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in | Enabled |
+ | Control Panel/Personalization/Prevent enabling lock screen slide show | Enabled |
+ | System/Logon/Block user from showing account details on sign-in | Enabled |
+ | System/Logon/Enumerate local users on domain-joined computers | Disabled |
+ | System/Logon/Hide entry points for Fast User Switching | Enabled |
+ | System/Logon/Show first sign-in animation | Disabled |
+ | System/Logon/Turn off app notifications on the lock screen | Enabled |
+ | System/Logon/Turn off picture password sign-in | Enabled |
+ | System/Logon/Turn on convenience PIN sign-in | Disabled |
+ | Windows Components/App Package Deployment/Allow a Windows app to share application data between users | Enabled |
+ | Windows Components/Biometrics/Allow the use of biometrics | Disabled |
+ | Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
+ | Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
+ | Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
+ | Windows Components/File History/Turn off File History | Enabled |
+ | Windows Components/OneDrive/Prevent the usage of OneDrive for file storage | Enabled |
+ | Windows Components/Windows Hello for Business/Use biometrics | Disabled |
+ | Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
+ | Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
+ | Windows Components/Microsoft Passport for Work | Disabled |
+ | System/Ctrl+Alt+Del Options/Remove Task Manager | Enabled |
+ | System/Ctrl+Alt+Del Options/Remove Change Password | Enabled |
+ | Start Menu and Taskbar/Notifications/Turn off toast notifications | Enabled |
+ | Start Menu and Taskbar/Notifications/Remove Notifications and Action Center | Enabled |
+ | System/Logon/Do not process the legacy run list | Enabled |
+ | Windows Components/Windows Copilot/Turn off Windows Copilot | Enabled |
-### Registry
+- Following registry changes are performed:
-When this mode is enabled, these registry changes are performed:
+ | Registry setting | Status |
+ |----------------------------------------------------------------------------------------------|--------|
+ | Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
+ | Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work) | 0 |
-| Registry setting | Status |
-|----------------------------------------------------------------------------------------------|--------|
-| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
-| Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work) | 0 |
+### Boot to Cloud Dedicated Mode
+
+When the Dedicated mode is enabled by setting BootToCloudPCEnhanced value to 2:
+
+- Following MDM policies are applied for the Device scope (all users):
+
+ | Setting | Value | Value Description |
+ |----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
+ | [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) | 1 | Enable Boot to Cloud Desktop |
+ | [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram) | 1 | Apply Lightweight Shell |
+ | [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2) | Enabled | Don't process the computer legacy run list |
+ | [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1 | When no keyboard is attached |
+
+- Following local group policies are configured for all users:
+
+ | Policy setting | Status |
+ |------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
+ | System/Ctrl+Alt+Del Options/Remove Change Password | Enabled |
+ | Start Menu and Taskbar/Notifications/Turn off toast notifications | Enabled |
+ | Start Menu and Taskbar/Notifications/Remove Notifications and Action Center | Enabled |
+ | System/Logon/Do not process the legacy run list | Enabled |
+ | Windows Components/Windows Copilot/Turn off Windows Copilot | Enabled |
diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md
index 8128e3e6e5..60be060ee6 100644
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@@ -1,14 +1,7 @@
---
title: CloudDesktop DDF file
description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/29/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -45,11 +38,55 @@ The following XML file contains the device description framework (DDF) for the C
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ArchiveMaxDepth
+```
+
+
+
+
+Specify the maximum folder depth to extract from archive files for scanning. If this configuration is off or not set, the default value (0) is applied, and all archives are extracted up to the deepest folder for scanning.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
+
+### Configuration/ArchiveMaxSize
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ArchiveMaxSize
+```
+
+
+
+
+Specify the maximum size, in KB, of archive files to be extracted and scanned. If this configuration is off or not set, the default value (0) is applied, and all archives are extracted and scanned regardless of size.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
### Configuration/ASROnlyPerRuleExclusions
@@ -396,6 +490,485 @@ Apply ASR only per rule exclusions.
+
+### Configuration/BehavioralNetworkBlocks
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### Configuration/BehavioralNetworkBlocks/BruteForceProtection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionAggressiveness
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionAggressiveness
+```
+
+
+
+
+Set the criteria for when Brute-Force Protection blocks IP addresses.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Low: Only IP addresses that are 100% confidence malicious (default). |
+| 1 | Medium: Use cloud aggregation to block IP addresses that are over 99% likely malicious. |
+| 2 | High: Block IP addresses identified using client intelligence and context to block IP addresses that are over 90% likely malicious. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionConfiguredState
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionConfiguredState
+```
+
+
+
+
+Brute-Force Protection in Microsoft Defender Antivirus detects and blocks attempts to forcibly sign in and initiate sessions.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured: Apply defaults set by the antivirus engine and platform. |
+| 1 | Block: Prevent suspicious and malicious behaviors. |
+| 2 | Audit: Generate EDR detections without blocking. |
+| 4 | Off: Feature is disabled with no performance impact. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionExclusions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionExclusions
+```
+
+
+
+
+Specify IP addresses, subnets, or workstation names to exclude from being blocked by Brute-Force Protection. Note that attackers can spoof excluded addresses and names to bypass protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionMaxBlockTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionMaxBlockTime
+```
+
+
+
+
+Set the maximum time an IP address is blocked by Brute-Force Protection. After this time, blocked IP addresses will be able to sign-in and initiate sessions. If set to 0, internal feature logic will determine blocking time.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
+
+#### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionAggressiveness
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionAggressiveness
+```
+
+
+
+
+Set the criteria for when Remote Encryption Protection blocks IP addresses.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Low: Block only when confidence level is 100% (Default). |
+| 1 | Medium: Use cloud aggregation and block when confidence level is above 99%. |
+| 2 | High: Use cloud intel and context, and block when confidence level is above 90%. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionConfiguredState
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionConfiguredState
+```
+
+
+
+
+Remote Encryption Protection in Microsoft Defender Antivirus detects and blocks attempts to replace local files with encrypted versions from another device.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured: Apply defaults set for the antivirus engine and platform. |
+| 1 | Block: Prevent suspicious and malicious behaviors. |
+| 2 | Audit: Generate EDR detections without blocking. |
+| 4 | Off: Feature is off with no performance impact. |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionExclusions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionExclusions
+```
+
+
+
+
+Specify IP addresses, subnets, or workstation names to exclude from being blocked by Remote Encryption Protection. Note that attackers can spoof excluded addresses and names to bypass protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
+
+##### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionMaxBlockTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection/RemoteEncryptionProtectionMaxBlockTime
+```
+
+
+
+
+Set the maximum time an IP address is blocked by Remote Encryption Protection. After this time, blocked IP addresses will be able to reinitiate connections. If set to 0, internal feature logic will determine blocking time.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 0 |
+
+
+
+
+
+
+
+
### Configuration/DataDuplicationDirectory
@@ -464,7 +1037,7 @@ Define the retention period in days of how much time the evidence data will be k
| Property name | Property value |
|:--|:--|
-| Format | `chr` (string) |
+| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[1-120]` |
| Default Value | 60 |
@@ -534,7 +1107,7 @@ Defines the maximum data duplication quota in MB that can be collected. When the
-Define data duplication remote location for device control.
+Define data duplication remote location for Device Control. When configuring this setting, ensure that Device Control is Enabled and that the provided path is a remote path the user can access.
@@ -953,8 +1526,8 @@ Control Device Control feature.
| Value | Description |
|:--|:--|
-| 1 | . |
-| 0 (Default) | . |
+| 1 | Device Control is enabled. |
+| 0 (Default) | Device Control is disabled. |
@@ -1835,8 +2408,8 @@ This setting enables the DNS Sinkhole feature for Network Protection, respecting
| Value | Description |
|:--|:--|
-| 1 (Default) | DNS Sinkhole is disabled. |
-| 0 | DNS Sinkhole is enabled. |
+| 0 | DNS Sinkhole is disabled. |
+| 1 (Default) | DNS Sinkhole is enabled. |
@@ -1978,7 +2551,7 @@ Allows an administrator to explicitly disable network packet inspection made by
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: `|`) |
+| Allowed Values | Regular Expression: `^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}$|^[0-9a-fA-F]{1,4}(?::[0-9a-fA-F]{1,4}){1,6}$|^::1$|^::$` |
@@ -2186,6 +2759,55 @@ Allow managed devices to update through metered connections. Default is 0 - not
+
+### Configuration/NetworkProtectionReputationMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/NetworkProtectionReputationMode
+```
+
+
+
+
+This sets the reputation mode engine for Network Protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Use standard reputation engine. |
+| 1 | Use ESP reputation engine. |
+
+
+
+
+
+
+
+
### Configuration/OobeEnableRtpAndSigUpdate
@@ -2325,8 +2947,8 @@ This setting allows IT admins to configure performance mode in either enabled or
| Value | Description |
|:--|:--|
-| 0 (Default) | Performance mode is enabled (default). A service restart is required after changing this value. |
-| 1 | Performance mode is disabled. A service restart is required after changing this value. |
+| 0 (Default) | Performance mode is enabled (default). |
+| 1 | Performance mode is disabled. |
@@ -2388,6 +3010,55 @@ Enable this policy to specify when devices receive Microsoft Defender platform u
+
+### Configuration/QuickScanIncludeExclusions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/QuickScanIncludeExclusions
+```
+
+
+
+
+This setting allows you to scan excluded files and directories during quick scans.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | If you set this setting to 0 or don't configure it, exclusions aren't scanned during quick scans. |
+| 1 | If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan. |
+
+
+
+
+
+
+
+
### Configuration/RandomizeScheduleTaskTimes
@@ -2527,6 +3198,103 @@ This setting allows you to configure the scheduler randomization in hours. The r
+
+### Configuration/ScheduleSecurityIntelligenceUpdateDay
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ScheduleSecurityIntelligenceUpdateDay
+```
+
+
+
+
+This setting allows you to specify the day of the week on which to check for security intelligence updates. By default, this setting is configured to never check for security intelligence updates.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 8 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Daily. |
+| 1 | Sunday. |
+| 2 | Monday. |
+| 3 | Tuesday. |
+| 4 | Wednesday. |
+| 5 | Thursday. |
+| 6 | Friday. |
+| 7 | Saturday. |
+| 8 (Default) | Never. |
+
+
+
+
+
+
+
+
+
+### Configuration/ScheduleSecurityIntelligenceUpdateTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ScheduleSecurityIntelligenceUpdateTime
+```
+
+
+
+
+This setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 is equivalent to 02:00 AM. By default, this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1439]` |
+| Default Value | 105 |
+
+
+
+
+
+
+
+
### Configuration/SecuredDevicesConfiguration
@@ -2544,7 +3312,7 @@ This setting allows you to configure the scheduler randomization in hours. The r
-Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration isn't set the default value will be applied, meaning all of the supported devices will be secured.
+Defines which device's primary ids should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration isn't set the default value will be applied, meaning all supported devices will be secured. Currently supported primary ids are: RemovableMediaDevices, CdRomDevices, WpdDevices, PrinterDevices.
@@ -2558,9 +3326,19 @@ Defines what are the devices primary ids that should be secured by Defender Devi
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: `|`) |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| RemovableMediaDevices | RemovableMediaDevices. |
+| CdRomDevices | CdRomDevices. |
+| WpdDevices | WpdDevices. |
+| PrinterDevices | PrinterDevices. |
+
+
@@ -3554,6 +4332,84 @@ Version number of Windows Defender on the device.
+
+### Health/DeviceControl
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Health/DeviceControl
+```
+
+
+
+
+An interior node to group information about Device Cotrol health status.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### Health/DeviceControl/State
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Defender/Health/DeviceControl/State
+```
+
+
+
+
+Provide the current state of the Device Control.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
### Health/EngineVersion
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 22e2b101f9..2e65444a0f 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,14 +1,7 @@
---
title: Defender DDF file
description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/29/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/DevicePreparation/BootstrapperAgent/ClassID
-```
-
-
-
-
-This node stores the class ID for the Bootstrapper Agent WinRT object.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Get, Replace |
-
-
-
-
-
-
-
-
### BootstrapperAgent/ExecutionContext
@@ -155,85 +111,6 @@ This node holds opaque data that will be passed to the Bootstrapper Agent as a p
-
-### BootstrapperAgent/InstallationStatusUri
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/DevicePreparation/BootstrapperAgent/InstallationStatusUri
-```
-
-
-
-
-This node holds a URI that can be queried for the status of the Bootstrapper Agent installation.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Get, Replace |
-
-
-
-
-
-
-
-
-
-## MdmAgentInstalled
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/DevicePreparation/MdmAgentInstalled
-```
-
-
-
-
-This node indicates whether the MDM agent was installed or not. When set to true sets the AUTOPILOT_MDM_AGENT_REGISTERED WNF event.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `bool` |
-| Access Type | Get, Replace |
-| Default Value | false |
-
-
-
-
-
-
-
-
## MDMProvider
@@ -251,7 +128,7 @@ This node indicates whether the MDM agent was installed or not. When set to true
-The subnode configures the settings for the MDMProvider.
+Parent node for configuring the MDM provider that interacts with the BootstrapperAgent.
@@ -273,6 +150,46 @@ The subnode configures the settings for the MDMProvider.
+
+### MDMProvider/MdmAgentInstalled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/MDMProvider/MdmAgentInstalled
+```
+
+
+
+
+This node indicates whether the MDM agent was installed or not. When set to true sets the AUTOPILOT_MDM_AGENT_REGISTERED WNF event.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Get, Replace |
+| Default Value | False |
+
+
+
+
+
+
+
+
### MDMProvider/Progress
@@ -290,7 +207,7 @@ The subnode configures the settings for the MDMProvider.
-Node for reporting progress status as opaque data.
+Node for reporting progress status as opaque data. Contract for data is between the server and EMM agent that reads the data.
@@ -303,7 +220,7 @@ Node for reporting progress status as opaque data.
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
-| Access Type | Get, Replace |
+| Access Type | Add, Delete, Get, Replace |
@@ -312,6 +229,46 @@ Node for reporting progress status as opaque data.
+
+### MDMProvider/RebootRequired
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/MDMProvider/RebootRequired
+```
+
+
+
+
+This node indicates whether an MDM policy was provisioned that requires a reboot.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Get |
+| Default Value | False |
+
+
+
+
+
+
+
+
## PageEnabled
@@ -329,7 +286,7 @@ Node for reporting progress status as opaque data.
-This node determines whether to enable or show the Device Preparation page.
+This node determines whether to show the Device Preparation page during OOBE.
@@ -346,21 +303,139 @@ This node determines whether to enable or show the Device Preparation page.
| Default Value | false |
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| false (Default) | The page isn't enabled. |
-| true | The page is enabled. |
-
-
+
+## PageErrorCode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/PageErrorCode
+```
+
+
+
+
+This node provides specific overall HRESULT causing a fatal error on the Device Preparation page. This node is valid only if the PageErrorPhase node's value isn't Unknown.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+## PageErrorDetails
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/PageErrorDetails
+```
+
+
+
+
+This node provides optional details for any fatal error on the Device Preparation page. This node is valid only if the PageErrorPhase node's value isn't Unknown, but not all errors will have details.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+## PageErrorPhase
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DevicePreparation/PageErrorPhase
+```
+
+
+
+
+This node provides the specific phase that failed during the Device Preparation page. Values are an enum: 0 = Unknown; 1 = AgentDownload; 2 = AgentProgress.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Unknown. |
+| 1 | AgentDownload. |
+| 2 | AgentProgress. |
+
+
+
+
+
+
+
+
## PageSettings
@@ -378,7 +453,7 @@ This node determines whether to enable or show the Device Preparation page.
-This node configures specific settings for the Device Preparation page.
+This node configures the Device Preparation page settings.
@@ -417,7 +492,7 @@ This node configures specific settings for the Device Preparation page.
-This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = ExitedOnSuccess; 4 = ExitedOnFailure.
+This node provides status of the Device Preparation page.
@@ -441,8 +516,8 @@ This node provides status of the Device Preparation page. Values are an enum: 0
| 0 | Disabled. |
| 1 | Enabled. |
| 2 | InProgress. |
-| 3 | Succeeded. |
-| 4 | Failed. |
+| 3 | ExitOnSuccess. |
+| 4 | ExitOnFailure. |
diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md
index 4f948ac7b5..cdccc95934 100644
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@@ -1,14 +1,7 @@
---
title: DevicePreparation DDF file
description: View the XML file containing the device description framework (DDF) for the DevicePreparation configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -31,7 +24,7 @@ The following XML file contains the device description framework (DDF) for the D
Dependency URI: `Vendor/MSFT/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
|
+| Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn`
Dependency URI: `Syncml/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel`
Dependency Allowed Value: `SRVCRED`
Dependency Allowed Value Type: `ENUM`
|
@@ -751,7 +744,7 @@ Specifies the authentication type. If AAuthLevel is CLCRED, the supported types
-Specifies the application identifier for the OMA DM account.. The only supported value is w7.
+Specifies the application identifier for the OMA DM account. The only supported value is w7.
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 8f0a89e31b..96ba92429a 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,14 +1,7 @@
---
title: DMAcc DDF file
description: View the XML file containing the device description framework (DDF) for the DMAcc configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/HealthAttestation/AttestErrorMessage
+```
+
+
+
+
+AttestErrorMessage maintains the error message for the last attestation session, if returned by the attestation service.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
## AttestStatus
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 7207f7cd68..d68e4952d2 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,14 +1,7 @@
---
title: HealthAttestation DDF file
description: View the XML file containing the device description framework (DDF) for the HealthAttestation configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the H
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnableAccount
+```
+
+
+
+
+Use this setting to configure whether the automatically managed account is enabled or disabled.
+
+- If this setting is enabled, the target account will be enabled.
+
+- If this setting is disabled, the target account will be disabled.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| False (Default) | The target account will be disabled. |
+| True | The target account will be enabled. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementEnabled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled
+```
+
+
+
+
+Use this setting to specify whether automatic account management is enabled.
+
+- If this setting is enabled, the target account will be automatically managed.
+
+- If this setting is disabled, the target account won't be automatically managed.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | The target account won't be automatically managed. |
+| true | The target account will be automatically managed. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementNameOrPrefix
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementNameOrPrefix
+```
+
+
+
+
+Use this setting to configure the name or prefix of the managed local administrator account.
+
+If specified, the value will be used as the name or name prefix of the managed account.
+
+If not specified, this setting will default to "WLapsAdmin".
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementRandomizeName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementRandomizeName
+```
+
+
+
+
+Use this setting to configure whether the name of the automatically managed account uses a random numeric suffix each time the password is rotated.
+
+If this setting is enabled, the name of the target account will use a random numeric suffix.
+
+If this setting is disbled, the name of the target account won't use a random numeric suffix.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | False |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| False (Default) | The name of the target account won't use a random numeric suffix. |
+| True | The name of the target account will use a random numeric suffix. |
+
+
+
+
+
+
+
+
+
+### Policies/AutomaticAccountManagementTarget
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementTarget
+```
+
+
+
+
+Use this setting to configure which account is automatically managed.
+
+The allowable settings are:
+
+0=The builtin administrator account will be managed.
+
+1=A new account created by Windows LAPS will be managed.
+
+If not specified, this setting will default to 1.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+| Dependency [AutomaticAccountManagementEnabled] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/AutomaticAccountManagementEnabled`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Manage the built-in administrator account. |
+| 1 (Default) | Manage a new custom administrator account. |
+
+
+
+
+
+
+
+
### Policies/BackupDirectory
@@ -485,6 +753,54 @@ If not specified, this setting will default to 0.
+
+### Policies/PassphraseLength
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```Device
+./Device/Vendor/MSFT/LAPS/Policies/PassphraseLength
+```
+
+
+
+
+Use this setting to configure the number of passphrase words.
+
+If not specified, this setting will default to 6 words.
+
+This setting has a minimum allowed value of 3 words.
+
+This setting has a maximum allowed value of 10 words.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[3-10]` |
+| Default Value | 6 |
+| Dependency [PasswordComplexity] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/LAPS/Policies/PasswordComplexity`
Dependency Allowed Value: `[6-8]`
Dependency Allowed Value Type: `Range`
|
+
+
+
+
+
+
+
+
### Policies/PasswordAgeDays
@@ -557,9 +873,15 @@ The allowable settings are:
1=Large letters
2=Large letters + small letters
3=Large letters + small letters + numbers
-4=Large letters + small letters + numbers + special characters.
+4=Large letters + small letters + numbers + special characters
+5=Large letters + small letters + numbers + special characters (improved readability)
+6=Passphrase (long words)
+7=Passphrase (short words)
+8=Passphrase (short words with unique prefixes)
If not specified, this setting will default to 4.
+
+Passphrase list taken from "Deep Dive: EFF's New Wordlists for Random Passphrases" by Electronic Frontier Foundation, and is used under a CC-BY-3.0 Attribution license. See
Dependency URI: `Vendor/MSFT/LAPS/Policies/PasswordComplexity`
Dependency Allowed Value: `[1-5]`
Dependency Allowed Value Type: `Range`
|
@@ -747,6 +1074,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
| 1 | Reset password: upon expiry of the grace period, the managed account password will be reset. |
| 3 (Default) | Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will be terminated. |
| 5 | Reset the password and reboot: upon expiry of the grace period, the managed account password will be reset and the managed device will be immediately rebooted. |
+| 11 | Reset the password, logoff the managed account, and terminate any remaining processes: upon expiration of the grace period, the managed account password is reset, any interactive logon sessions using the managed account are logged off, and any remaining processes are terminated. |
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index d9f29bb7d6..d347e57374 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,14 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 04/07/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -201,8 +194,14 @@ The allowable settings are:
2=Large letters + small letters
3=Large letters + small letters + numbers
4=Large letters + small letters + numbers + special characters
+5=Large letters + small letters + numbers + special characters (improved readability)
+6=Passphrase (long words)
+7=Passphrase (short words)
+8=Passphrase (short words with unique prefixes)
-If not specified, this setting will default to 4.
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Personalization/CompanyLogoStatus
+```
+
+
+
+
+This represents the status of the Company Logo. 1 - Successfully downloaded or copied. 2 - Download/Copy in progress. 3 - Download/Copy failed. 4 - Unknown file type. 5 - Unsupported Url scheme. 6 - Max retry failed. This setting is currently available for boot to cloud shared pc mode only.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+## CompanyLogoUrl
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Personalization/CompanyLogoUrl
+```
+
+
+
+
+An http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+## CompanyName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Personalization/CompanyName
+```
+
+
+
+
+This represents the name of the company. It can be at most 30 characters long. This setting is currently available only for boot to cloud shared pc mode to display the company name on sign-in screen.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Regular Expression: `^.{1,30}$` |
+
+
+
+
+
+
+
+
## DesktopImageStatus
@@ -90,7 +206,7 @@ This represents the status of the DesktopImage. 1 - Successfully downloaded or c
-A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to be used as the Desktop Image.
+An http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to be used as the Desktop Image.
@@ -168,7 +284,7 @@ This represents the status of the LockScreenImage. 1 - Successfully downloaded o
-A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.
+An http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index a57ddb1e63..07040a6851 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,14 +1,7 @@
---
title: Personalization DDF file
description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -49,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Help/AllowChildProcesses
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowChildProcesses |
+| ADMX File Name | Help.admx |
+
+
+
+
+
+
+
+
## DisableHHDEP
@@ -155,6 +200,56 @@ For additional options, see the "Restrict these programs from being launched fro
+
+## HideChildProcessMessageBox
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Help/HideChildProcessMessageBox
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideChildProcessMessageBox |
+| ADMX File Name | Help.admx |
+
+
+
+
+
+
+
+
## RestrictRunFromHelp
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index b207a1fdec..3d1cc2cff2 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -1,14 +1,7 @@
---
title: ADMX_HelpAndSupport Policy CSP
description: Learn more about the ADMX_HelpAndSupport Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 97c0f896dd..731f6ed051 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -1,14 +1,7 @@
---
title: ADMX_hotspotauth Policy CSP
description: Learn more about the ADMX_hotspotauth Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index b75dbe301d..17e2fbb340 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -1,14 +1,7 @@
---
title: ADMX_ICM Policy CSP
description: Learn more about the ADMX_ICM Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index 5a1b4f8ae9..d447964117 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -1,14 +1,7 @@
---
title: ADMX_IIS Policy CSP
description: Learn more about the ADMX_IIS Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index 2bb4a2a986..2e5c716a1d 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -1,14 +1,7 @@
---
title: ADMX_iSCSI Policy CSP
description: Learn more about the ADMX_iSCSI Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index c9bad00bc5..f972a10971 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -1,14 +1,7 @@
---
title: ADMX_kdc Policy CSP
description: Learn more about the ADMX_kdc Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 267e0d30d2..085ac4f942 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -1,14 +1,7 @@
---
title: ADMX_Kerberos Policy CSP
description: Learn more about the ADMX_Kerberos Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index 8cdab26c32..97c9ecc2d4 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -1,14 +1,7 @@
---
title: ADMX_LanmanServer Policy CSP
description: Learn more about the ADMX_LanmanServer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 474035a993..b507c61a1e 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -1,14 +1,7 @@
---
title: ADMX_LanmanWorkstation Policy CSP
description: Learn more about the ADMX_LanmanWorkstation Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 10bfdf7962..067d3135e1 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -1,14 +1,7 @@
---
title: ADMX_LeakDiagnostic Policy CSP
description: Learn more about the ADMX_LeakDiagnostic Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index dc36ab7519..469330d891 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -1,14 +1,7 @@
---
title: ADMX_LinkLayerTopologyDiscovery Policy CSP
description: Learn more about the ADMX_LinkLayerTopologyDiscovery Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index c36607194b..970d6b6704 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -1,14 +1,7 @@
---
title: ADMX_LocationProviderAdm Policy CSP
description: Learn more about the ADMX_LocationProviderAdm Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index cf357ba833..dba5786104 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -1,14 +1,7 @@
---
title: ADMX_Logon Policy CSP
description: Learn more about the ADMX_Logon Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -97,12 +90,7 @@ This policy prevents the user from showing account details (email address or use
-
-This policy setting disables the acrylic blur effect on logon background image.
-
-- If you enable this policy, the logon background image shows without blur.
-
-- If you disable or don't configure this policy, the logon background image adopts the acrylic blur effect.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index f462eeaba0..d56fe04616 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,14 +1,7 @@
---
title: ADMX_MicrosoftDefenderAntivirus Policy CSP
description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -838,7 +831,7 @@ Microsoft Defender Antivirus automatically determines which applications should
Enabled:
-Specify additional allowed applications in the Options section..
+Specify additional allowed applications in the Options section.
Disabled:
@@ -1283,12 +1276,12 @@ This policy, if defined, will prevent antimalware from using the configured prox
This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order):
1. Proxy server (if specified)
-2. Proxy .pac URL (if specified)
+1. Proxy .pac URL (if specified)
-3. None
-4. Internet Explorer proxy settings.
+1. None
+1. Internet Explorer proxy settings.
-5. Autodetect.
+1. Autodetect.
- If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above.
@@ -1349,12 +1342,12 @@ This policy setting defines the URL of a proxy .pac file that should be used whe
This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order):
1. Proxy server (if specified)
-2. Proxy .pac URL (if specified)
+1. Proxy .pac URL (if specified)
-3. None
-4. Internet Explorer proxy settings.
+1. None
+1. Internet Explorer proxy settings.
-5. Autodetect.
+1. Autodetect.
- If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either https:// or https://.
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 33ef1a700b..d127a3b726 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -1,14 +1,7 @@
---
title: ADMX_MMC Policy CSP
description: Learn more about the ADMX_MMC Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index d7e7143b0d..d854617402 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -1,14 +1,7 @@
---
title: ADMX_MMCSnapins Policy CSP
description: Learn more about the ADMX_MMCSnapins Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 54c66c7309..7e94f79eac 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -1,14 +1,7 @@
---
title: ADMX_MobilePCMobilityCenter Policy CSP
description: Learn more about the ADMX_MobilePCMobilityCenter Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index bd007d95f0..7fecf79eed 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -1,14 +1,7 @@
---
title: ADMX_MobilePCPresentationSettings Policy CSP
description: Learn more about the ADMX_MobilePCPresentationSettings Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index 334498bf41..b253142cc0 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -1,14 +1,7 @@
---
title: ADMX_MSAPolicy Policy CSP
description: Learn more about the ADMX_MSAPolicy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 34c9f09939..7d53cbdc2b 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -1,14 +1,7 @@
---
title: ADMX_msched Policy CSP
description: Learn more about the ADMX_msched Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 61b9d77688..33e06d7063 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -1,14 +1,7 @@
---
title: ADMX_MSDT Policy CSP
description: Learn more about the ADMX_MSDT Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index d4bedbcaf2..30e507028d 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -1,14 +1,7 @@
---
title: ADMX_MSI Policy CSP
description: Learn more about the ADMX_MSI Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -668,11 +661,13 @@ Also, see the "Enable user to patch elevated products" policy setting.
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
-If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete.
+- If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete.
This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, don't use this policy setting unless it's essential.
-This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it's considered be enabled, even if it's explicitly disabled in the other folder.
+This policy setting appears in the Computer Configuration and User Configuration folders.
+
+- If the policy setting is enabled in either folder, it's considered be enabled, even if it's explicitly disabled in the other folder.
@@ -729,11 +724,13 @@ This policy setting appears in the Computer Configuration and User Configuration
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
-If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete.
+- If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete.
This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, don't use this policy setting unless it's essential.
-This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it's considered be enabled, even if it's explicitly disabled in the other folder.
+This policy setting appears in the Computer Configuration and User Configuration folders.
+
+- If the policy setting is enabled in either folder, it's considered be enabled, even if it's explicitly disabled in the other folder.
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index 90a1241020..e87b0fb09d 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -1,14 +1,7 @@
---
title: ADMX_MsiFileRecovery Policy CSP
description: Learn more about the ADMX_MsiFileRecovery Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
index c318f50ecd..27e93c1b63 100644
--- a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
+++ b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
@@ -1,14 +1,7 @@
---
title: ADMX_MSS-legacy Policy CSP
description: Learn more about the ADMX_MSS-legacy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 35907c1d3b..8e47bcbc86 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -1,14 +1,7 @@
---
title: ADMX_nca Policy CSP
description: Learn more about the ADMX_nca Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -53,9 +46,9 @@ Important.
At least one of the entries must be a PING: resource.
-- A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page don't matter. The syntax is "HTTP:" followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:https://myserver.corp.contoso.com/ or HTTP:https://2002:836b:1::1/.
+- A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page don't matter. The syntax is "HTTP:" followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:https://myserver.corp.contoso.com/ or HTTP:https://2002:836b:1::1/.
-- A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file don't matter. The syntax is "FILE:" followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt.
+- A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file don't matter. The syntax is "FILE:" followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt.
You must configure this setting to have complete NCA functionality.
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 19a7dcb36f..59719047b8 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -1,14 +1,7 @@
---
title: ADMX_NCSI Policy CSP
description: Learn more about the ADMX_NCSI Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index c9d7247cac..cc98c5cf2d 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -1,14 +1,7 @@
---
title: ADMX_Netlogon Policy CSP
description: Learn more about the ADMX_Netlogon Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 04f22cb3cf..e65aa855ba 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -1,14 +1,7 @@
---
title: ADMX_NetworkConnections Policy CSP
description: Learn more about the ADMX_NetworkConnections Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index b0ed275af0..3f4616f1d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -1,14 +1,7 @@
---
title: ADMX_OfflineFiles Policy CSP
description: Learn more about the ADMX_OfflineFiles Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -1939,7 +1932,7 @@ Reminder balloons appear when the user's connection to a network file is lost or
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
> [!TIP]
-> To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
+> To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every .. minutes" option.
@@ -2002,7 +1995,7 @@ Reminder balloons appear when the user's connection to a network file is lost or
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
> [!TIP]
-> To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
+> To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every .. minutes" option.
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 362d358dbb..cf28909853 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -1,14 +1,7 @@
---
title: ADMX_pca Policy CSP
description: Learn more about the ADMX_pca Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index d71f78c562..83ba39d5bd 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -1,14 +1,7 @@
---
title: ADMX_PeerToPeerCaching Policy CSP
description: Learn more about the ADMX_PeerToPeerCaching Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index f6c7cd6556..1f8f990c0e 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -1,14 +1,7 @@
---
title: ADMX_PenTraining Policy CSP
description: Learn more about the ADMX_PenTraining Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 4668a2c205..510a54b8fa 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -1,14 +1,7 @@
---
title: ADMX_PerformanceDiagnostics Policy CSP
description: Learn more about the ADMX_PerformanceDiagnostics Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index df3ab6fb49..d329f3a34e 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -1,14 +1,7 @@
---
title: ADMX_Power Policy CSP
description: Learn more about the ADMX_Power Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index 68f10aa963..bea468e20c 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -1,14 +1,7 @@
---
title: ADMX_PowerShellExecutionPolicy Policy CSP
description: Learn more about the ADMX_PowerShellExecutionPolicy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 12298c8668..f9552c2c37 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -1,14 +1,7 @@
---
title: ADMX_PreviousVersions Policy CSP
description: Learn more about the ADMX_PreviousVersions Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 4e7b8d6bf5..712df5a4c8 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -1,14 +1,7 @@
---
title: ADMX_Printing Policy CSP
description: Learn more about the ADMX_Printing Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index a30b68056b..c687d9136e 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -1,14 +1,7 @@
---
title: ADMX_Printing2 Policy CSP
description: Learn more about the ADMX_Printing2 Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index ce4953e2bd..5548050a9c 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -1,14 +1,7 @@
---
title: ADMX_Programs Policy CSP
description: Learn more about the ADMX_Programs Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index f4c90fd2f1..806d9651ce 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -1,14 +1,7 @@
---
title: ADMX_PushToInstall Policy CSP
description: Learn more about the ADMX_PushToInstall Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-qos.md b/windows/client-management/mdm/policy-csp-admx-qos.md
index 88eb3a3e85..c19234a322 100644
--- a/windows/client-management/mdm/policy-csp-admx-qos.md
+++ b/windows/client-management/mdm/policy-csp-admx-qos.md
@@ -1,14 +1,7 @@
---
title: ADMX_QOS Policy CSP
description: Learn more about the ADMX_QOS Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index 787f2686d2..2d7bb746e9 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -1,14 +1,7 @@
---
title: ADMX_Radar Policy CSP
description: Learn more about the ADMX_Radar Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 0c9e9c4c91..20c59c50f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -1,14 +1,7 @@
---
title: ADMX_Reliability Policy CSP
description: Learn more about the ADMX_Reliability Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index b3b804deb2..d6b3127e2e 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -1,14 +1,7 @@
---
title: ADMX_RemoteAssistance Policy CSP
description: Learn more about the ADMX_RemoteAssistance Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 3184140eb7..8e706aa2c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -1,14 +1,7 @@
---
title: ADMX_RemovableStorage Policy CSP
description: Learn more about the ADMX_RemovableStorage Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 7c8406a263..613e1bb668 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -1,14 +1,7 @@
---
title: ADMX_RPC Policy CSP
description: Learn more about the ADMX_RPC Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-sam.md b/windows/client-management/mdm/policy-csp-admx-sam.md
index f50403b71b..1427a02daf 100644
--- a/windows/client-management/mdm/policy-csp-admx-sam.md
+++ b/windows/client-management/mdm/policy-csp-admx-sam.md
@@ -1,14 +1,7 @@
---
title: ADMX_sam Policy CSP
description: Learn more about the ADMX_sam Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index 787caffb91..a507a7dc14 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -1,14 +1,7 @@
---
title: ADMX_Scripts Policy CSP
description: Learn more about the ADMX_Scripts Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index 6d21f4a202..c23bf10950 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -1,14 +1,7 @@
---
title: ADMX_sdiageng Policy CSP
description: Learn more about the ADMX_sdiageng Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 7fe4560ed8..a221dc34b5 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -1,14 +1,7 @@
---
title: ADMX_sdiagschd Policy CSP
description: Learn more about the ADMX_sdiagschd Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 7195e4fc98..fd54e1f891 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -1,14 +1,7 @@
---
title: ADMX_Securitycenter Policy CSP
description: Learn more about the ADMX_Securitycenter Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -48,14 +41,6 @@ Note that Security Center can only be turned off for computers that are joined t
- If you enable this policy setting, Security Center is turned on for all users.
- If you disable this policy setting, Security Center is turned off for domain members.
-
-Windows XP SP2
-----------------------
-In Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. Note that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers.
-
-Windows Vista
----------------------
-In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers don't require a reboot for this policy setting to take effect.
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 467b0c299b..6c890631d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -1,14 +1,7 @@
---
title: ADMX_Sensors Policy CSP
description: Learn more about the ADMX_Sensors Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index 2e0010499f..0af31e3dda 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -1,14 +1,7 @@
---
title: ADMX_ServerManager Policy CSP
description: Learn more about the ADMX_ServerManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index 8a4ae0fb37..a31799041a 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -1,14 +1,7 @@
---
title: ADMX_Servicing Policy CSP
description: Learn more about the ADMX_Servicing Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index 27aef62087..5b949ace6f 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -1,14 +1,7 @@
---
title: ADMX_SettingSync Policy CSP
description: Learn more about the ADMX_SettingSync Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index 78196c2803..486085f08a 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -1,14 +1,7 @@
---
title: ADMX_SharedFolders Policy CSP
description: Learn more about the ADMX_SharedFolders Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 5af4415dfe..a83e821101 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -1,14 +1,7 @@
---
title: ADMX_Sharing Policy CSP
description: Learn more about the ADMX_Sharing Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index 97565d0fc8..228d08b694 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -1,14 +1,7 @@
---
title: ADMX_ShellCommandPromptRegEditTools Policy CSP
description: Learn more about the ADMX_ShellCommandPromptRegEditTools Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index a427fcd365..22338b85ad 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -1,14 +1,7 @@
---
title: ADMX_Smartcard Policy CSP
description: Learn more about the ADMX_Smartcard Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 36d22a34e9..0d2382bb64 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -1,14 +1,7 @@
---
title: ADMX_Snmp Policy CSP
description: Learn more about the ADMX_Snmp Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index ead22da785..41cf4a6ccc 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -1,14 +1,7 @@
---
title: ADMX_SoundRec Policy CSP
description: Learn more about the ADMX_SoundRec Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index 1758b042bb..7fc90a1ff0 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -1,14 +1,7 @@
---
title: ADMX_srmfci Policy CSP
description: Learn more about the ADMX_srmfci Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index ea6c920ff9..0a223d43d0 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,14 +1,7 @@
---
title: ADMX_StartMenu Policy CSP
description: Learn more about the ADMX_StartMenu Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index c3c396e287..2e1c03774b 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -1,14 +1,7 @@
---
title: ADMX_SystemRestore Policy CSP
description: Learn more about the ADMX_SystemRestore Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
index c031995861..e7b2fb7d4a 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
@@ -1,14 +1,7 @@
---
title: ADMX_TabletPCInputPanel Policy CSP
description: Learn more about the ADMX_TabletPCInputPanel Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index 6682bc155c..7ee90e1830 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -1,14 +1,7 @@
---
title: ADMX_TabletShell Policy CSP
description: Learn more about the ADMX_TabletShell Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 97e296b53b..176660f30b 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -1,14 +1,7 @@
---
title: ADMX_Taskbar Policy CSP
description: Learn more about the ADMX_Taskbar Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -105,16 +98,7 @@ A reboot is required for this policy setting to take effect.
-
-This policy disables the functionality that converts balloons to toast notifications.
-
-- If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
-
-Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications.
-
-- If you disable or don't configure this policy setting, all notifications will appear as toast notifications.
-
-A reboot is required for this policy setting to take effect.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index efef32bb83..a394a7a264 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -1,14 +1,7 @@
---
title: ADMX_tcpip Policy CSP
description: Learn more about the ADMX_tcpip Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index d804a847a8..0b5853336a 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1,14 +1,7 @@
---
title: ADMX_TerminalServer Policy CSP
description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -1362,11 +1355,11 @@ You can use this policy setting to set a limit on the color depth of any connect
Note:
-1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
+1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
-2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
+1. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
-3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
+1. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
a. Value specified by this policy setting b. Maximum color depth supported by the client c. Value requested by the client.
@@ -2130,19 +2123,19 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
-If the policy setting is enabled, the RD Session Host server joins the farm that's specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that's specified in the Configure RD Connection Broker server name policy setting.
+- If the policy setting is enabled, the RD Session Host server joins the farm that's specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that's specified in the Configure RD Connection Broker server name policy setting.
-- If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
+- If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed.
+
+- If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level.
Note:
-1.
+1. - If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
-- If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
-
-2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
@@ -2330,7 +2323,7 @@ This policy setting allows you to specify the order in which an RD Session Host
1. Remote Desktop license servers that are published in Active Directory Domain Services.
-2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
+1. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
- If you disable or don't configure this policy setting, the RD Session Host server doesn't specify a license server at the Group Policy level.
@@ -2945,7 +2938,7 @@ This policy setting determines whether a user will be prompted on the client com
-This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
+This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
The default connection URL must be configured in the form of< https://contoso.com/rdweb/Feed/webfeed.aspx>.
@@ -3074,13 +3067,13 @@ By default, when a new user signs in to a computer, the Start screen is shown an
1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
-2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
+1. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
-3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
+1. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
-4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
+1. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
-5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
+1. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
- If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
@@ -3141,13 +3134,13 @@ By default, when a new user signs in to a computer, the Start screen is shown an
1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
-2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
+1. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
-3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
+1. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
-4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
+1. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
-5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
+1. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
- If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
@@ -3275,7 +3268,7 @@ Note:
1. This policy setting isn't effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
-2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
@@ -3404,9 +3397,9 @@ Note:
1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-2. This policy setting isn't effective unless the Join RD Connection Broker policy setting is enabled.
+1. This policy setting isn't effective unless the Join RD Connection Broker policy setting is enabled.
-3. To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
+1. To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
@@ -4075,9 +4068,9 @@ This policy setting allows the administrator to configure the RemoteFX experienc
- If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
1. Let the system choose the experience for the network condition
-2. Optimize for server scalability.
+1. Optimize for server scalability.
-3. Optimize for minimum bandwidth usage.
+1. Optimize for minimum bandwidth usage.
- If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition".
@@ -5677,7 +5670,7 @@ Note:
1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
-2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
+1. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index aa937ea978..1b7747fb27 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -1,14 +1,7 @@
---
title: ADMX_Thumbnails Policy CSP
description: Learn more about the ADMX_Thumbnails Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 2442bd1a0c..90a38cf981 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -1,14 +1,7 @@
---
title: ADMX_TouchInput Policy CSP
description: Learn more about the ADMX_TouchInput Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index c0de908883..299bc993aa 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -1,14 +1,7 @@
---
title: ADMX_TPM Policy CSP
description: Learn more about the ADMX_TPM Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index c89a4542be..5df403b933 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -1,14 +1,7 @@
---
title: ADMX_UserExperienceVirtualization Policy CSP
description: Learn more about the ADMX_UserExperienceVirtualization Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index df2fd32ecf..adf0ccefe0 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -1,14 +1,7 @@
---
title: ADMX_UserProfiles Policy CSP
description: Learn more about the ADMX_UserProfiles Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 4c34ddc617..3aaf1c7335 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -1,14 +1,7 @@
---
title: ADMX_W32Time Policy CSP
description: Learn more about the ADMX_W32Time Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index 2daf25532c..e6fe0c1726 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -1,14 +1,7 @@
---
title: ADMX_WCM Policy CSP
description: Learn more about the ADMX_WCM Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index 14371f71cf..df4c5846ad 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -1,14 +1,7 @@
---
title: ADMX_WDI Policy CSP
description: Learn more about the ADMX_WDI Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index 97141edb41..31833306d1 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -1,14 +1,7 @@
---
title: ADMX_WinCal Policy CSP
description: Learn more about the ADMX_WinCal Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index c7c06a9fc3..2055d516ec 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsColorSystem Policy CSP
description: Learn more about the ADMX_WindowsColorSystem Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 10dcf61ff3..b115f7d5e2 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsConnectNow Policy CSP
description: Learn more about the ADMX_WindowsConnectNow Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 33ab184dc5..7fe9bd9679 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsExplorer Policy CSP
description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index 9476a4fabb..dbd36541c4 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsMediaDRM Policy CSP
description: Learn more about the ADMX_WindowsMediaDRM Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index 46150339f6..04df21d7a7 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsMediaPlayer Policy CSP
description: Learn more about the ADMX_WindowsMediaPlayer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 3a972ef92a..9feebc0561 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsRemoteManagement Policy CSP
description: Learn more about the ADMX_WindowsRemoteManagement Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 757279b2fc..ad9da6b96b 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -1,14 +1,7 @@
---
title: ADMX_WindowsStore Policy CSP
description: Learn more about the ADMX_WindowsStore Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index b4561c36e3..016d00fda3 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -1,14 +1,7 @@
---
title: ADMX_WinInit Policy CSP
description: Learn more about the ADMX_WinInit Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index e9191d0a40..7861b20555 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -1,14 +1,7 @@
---
title: ADMX_WinLogon Policy CSP
description: Learn more about the ADMX_WinLogon Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index f92cba7883..56d9974fe2 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -1,14 +1,7 @@
---
title: ADMX_Winsrv Policy CSP
description: Learn more about the ADMX_Winsrv Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -38,12 +31,7 @@ ms.topic: reference
-
-This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.
-
-- If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown won't be automatically terminated during shutdown.
-
-- If you disable or don't configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly.
+
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 67f7fd4932..d09a2030f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -1,14 +1,7 @@
---
title: ADMX_wlansvc Policy CSP
description: Learn more about the ADMX_wlansvc Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index 8217f78031..a71623c248 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -1,14 +1,7 @@
---
title: ADMX_WordWheel Policy CSP
description: Learn more about the ADMX_WordWheel Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index 90b757d7e6..f5b3d60f6b 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -1,14 +1,7 @@
---
title: ADMX_WorkFoldersClient Policy CSP
description: Learn more about the ADMX_WorkFoldersClient Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 3a2751af33..f69b55da60 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -1,14 +1,7 @@
---
title: ADMX_WPN Policy CSP
description: Learn more about the ADMX_WPN Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 7796c7da9d..ee6da319a3 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,14 +1,7 @@
---
title: ApplicationDefaults Policy CSP
description: Learn more about the ApplicationDefaults Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -37,7 +30,7 @@ ms.topic: reference
-This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc. xml), and then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Microsoft Entra joined, the associations assigned in SyncML will be processed and default associations will be applied.
+This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Microsoft Entra joined, the associations assigned in SyncML will be processed and default associations will be applied.
@@ -158,7 +151,7 @@ To create the SyncML, follow these steps:
This policy setting determines whether Windows supports web-to-app linking with app URI handlers.
-Enabling this policy setting enables web-to-app linking so that apps can be launched with a http(s) URI.
+Enabling this policy setting enables web-to-app linking so that apps can be launched with an http(s) URI.
Disabling this policy disables web-to-app linking and http(s) URIs will be opened in the default browser instead of launching the associated app.
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 15396470d3..ba4fc8b016 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,14 +1,7 @@
---
title: ApplicationManagement Policy CSP
description: Learn more about the ApplicationManagement Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index c80e7472b4..20cddfc183 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,14 +1,7 @@
---
title: AppRuntime Policy CSP
description: Learn more about the AppRuntime Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 7cfb9ef14a..6e677aa3b7 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,14 +1,7 @@
---
title: AppVirtualization Policy CSP
description: Learn more about the AppVirtualization Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index ad924dc539..63caf16da0 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,14 +1,7 @@
---
title: AttachmentManager Policy CSP
description: Learn more about the AttachmentManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 174c8e6dd0..c434116039 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,14 +1,7 @@
---
title: Audit Policy CSP
description: Learn more about the Audit Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 7d6b0d757b..ebc00056d8 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,14 +1,7 @@
---
title: Authentication Policy CSP
description: Learn more about the Authentication Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -16,8 +9,6 @@ ms.topic: reference
# Policy CSP - Authentication
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -402,7 +393,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 23H2 [10.0.22631.2506] and later |
@@ -469,10 +460,7 @@ Specifies whether web-based sign-in is allowed for signing in to Windows.
-> [!WARNING]
-> The Web sign-in feature is intended for recovery purposes in the event a password isn't available as an authentication method. Web sign-in only supports *temporary access pass* as an authentication method for Microsoft Entra ID, unless it's used in a limited federated scope.
-
-**Web sign-in** is a modern way of signing into a Windows PC. It enables Windows sign-in support for new Microsoft Entra credentials, like temporary access pass.
+Web sign-in is a credential provider that enables a web-based sign-in experience on Windows devices. Initially introduced in Windows 10 with support for Temporary Access Pass (TAP) only, Web sign-in expanded its capabilities starting in Windows 11, version 22H2 with KB5030310. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in).
> [!NOTE]
> Web sign-in is only supported on Microsoft Entra joined PCs.
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index fbf76ab56a..f94c675d89 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,14 +1,7 @@
---
title: Autoplay Policy CSP
description: Learn more about the Autoplay Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index bdc7ed5eee..85ba82af82 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -1,14 +1,7 @@
---
title: Bitlocker Policy CSP
description: Learn more about the Bitlocker Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/09/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index b1d3449ae2..01dbd07987 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -1,14 +1,7 @@
---
title: BITS Policy CSP
description: Learn more about the BITS Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 03ee87d6ff..fc321bd1b1 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,14 +1,7 @@
---
title: Bluetooth Policy CSP
description: Learn more about the Bluetooth Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 16d4f87720..0831538391 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1,14 +1,7 @@
---
title: Browser Policy CSP
description: Learn more about the Browser Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -1044,7 +1037,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
-This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on..
+This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
- If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.
@@ -3530,7 +3523,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E
|:--|:--|
| Name | ConfiguredFavorites |
| Friendly Name | Provision Favorites |
-| Element Name | Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Microsoft Edge and use that html file for provisioning user machines.
URL can be specified as.
1. HTTP location: https://localhost:8080/URLs.html
2. Local network: \\network\shares\URLs.html.
3. Local file: file:///c:\\Users\\`
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows Insider Preview |
@@ -1687,7 +1682,7 @@ This policy allows an IT Admin to define the following details:
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows Insider Preview |
@@ -1697,8 +1692,8 @@ This policy allows an IT Admin to define the following details:
-
-This policy allows you to set one or more keywords used to recognize VPN connections.
+
+This policy allows you to set one or more keywords used to recognize VPN connections. To add multiple keywords, separate them with commas.
@@ -1721,8 +1716,12 @@ This policy allows you to set one or more keywords used to recognize VPN connect
| Name | Value |
|:--|:--|
| Name | VpnKeywords |
-| Path | DeliveryOptimization > AT > WindowsComponents > DeliveryOptimizationCat |
-| Element Name | VpnKeywords |
+| Friendly Name | VPN Keywords |
+| Element Name | VPN Keywords. |
+| Location | Computer Configuration |
+| Path | Windows Components > Delivery Optimization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization |
+| ADMX File Name | DeliveryOptimization.admx |
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 8c7fe07a3d..60c0d9c6aa 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,14 +1,7 @@
---
title: Desktop Policy CSP
description: Learn more about the Desktop Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
index 700a225113..2b3fea16a4 100644
--- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md
+++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
@@ -1,14 +1,7 @@
---
title: DesktopAppInstaller Policy CSP
description: Learn more about the DesktopAppInstaller Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -775,6 +768,56 @@ The settings are stored inside of a .json file on the user’s system. It may be
+
+## EnableWindowsPackageManagerConfiguration
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DesktopAppInstaller/EnableWindowsPackageManagerConfiguration
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableWindowsPackageManagerConfiguration |
+| ADMX File Name | DesktopAppInstaller.admx |
+
+
+
+
+
+
+
+
## SourceAutoUpdateInterval
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index fe3ed53290..c27a142696 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,14 +1,7 @@
---
title: DeviceGuard Policy CSP
description: Learn more about the DeviceGuard Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 0f7c4c5589..271866959b 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,14 +1,7 @@
---
title: DeviceHealthMonitoring Policy CSP
description: Learn more about the DeviceHealthMonitoring Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index dcf5e542ca..88d04325f2 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -1,14 +1,7 @@
---
title: DeviceInstallation Policy CSP
description: Learn more about the DeviceInstallation Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -365,26 +358,26 @@ Device instance IDs > Device IDs > Device setup class > Removable devices.
Device instance IDs.
1. Prevent installation of devices using drivers that match these device instance IDs
-2. Allow installation of devices using drivers that match these device instance IDs.
+1. Allow installation of devices using drivers that match these device instance IDs.
Device IDs.
-3. Prevent installation of devices using drivers that match these device IDs
-4. Allow installation of devices using drivers that match these device IDs.
+1. Prevent installation of devices using drivers that match these device IDs
+1. Allow installation of devices using drivers that match these device IDs.
Device setup class.
-5. Prevent installation of devices using drivers that match these device setup classes
-6. Allow installation of devices using drivers that match these device setup classes.
+1. Prevent installation of devices using drivers that match these device setup classes
+1. Allow installation of devices using drivers that match these device setup classes.
Removable devices.
-7. Prevent installation of removable devices.
+1. Prevent installation of removable devices.
> [!NOTE]
> This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored.
-If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..". policy settings have precedence over any other policy setting that allows Windows to install a device.
+If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation.". policy settings have precedence over any other policy setting that allows Windows to install a device.
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 7b0d273a41..649a6dada2 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,14 +1,7 @@
---
title: DeviceLock Policy CSP
description: Learn more about the DeviceLock Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -718,7 +711,7 @@ This security setting determines the period of time (in days) that a password ca
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[0-999]` |
-| Default Value | 1 |
+| Default Value | 42 |
@@ -1023,6 +1016,109 @@ This security setting determines the period of time (in days) that a password mu
+
+## MinimumPasswordLength
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordLength
+```
+
+
+
+
+This security setting determines the least number of characters that a password for a user account may contain. The maximum value for this setting depends on the value of the Relax minimum password length limits setting. If the Relax minimum password length limits setting isn't defined, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and disabled, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and enabled, this setting may be configured from 0 to 128. Setting the required number of characters to 0 means that no password is required.
+
+> [!NOTE]
+> By default, member computers follow the configuration of their domain controllers. Default values: 7 on domain controllers 0 on stand-alone servers Configuring this setting larger than 14 may affect compatibility with clients, services, and applications. We recommend that you only configure this setting larger than 14 after you use the Minimum password length audit setting to test for potential incompatibilities at the new setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-128]` |
+| Default Value | 0 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Minimum password length |
+| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
+
+
+
+
+
+
+
+
+
+## MinimumPasswordLengthAudit
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordLengthAudit
+```
+
+
+
+
+This security setting determines the minimum password length for which password length audit warning events are issued. This setting may be configured from 1 to 128. You should only enable and configure this setting when you try to determine the potential effect of increasing the minimum password length setting in your environment. If this setting isn't defined, audit events won't be issued. If this setting is defined and is less than or equal to the minimum password length setting, audit events won't be issued. If this setting is defined and is greater than the minimum password length setting, and the length of a new account password is less than this setting, an audit event will be issued.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[1-128]` |
+| Default Value | 4294967295 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Minimum password length audit |
+| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
+
+
+
+
+
+
+
+
## PasswordComplexity
@@ -1255,6 +1351,64 @@ If you enable this setting, users will no longer be able to modify slide show se
+
+## RelaxMinimumPasswordLengthLimits
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/RelaxMinimumPasswordLengthLimits
+```
+
+
+
+
+This setting controls whether the minimum password length setting can be increased beyond the legacy limit of 14. If this setting isn't defined, minimum password length may be configured to no more than 14. If this setting is defined and disabled, minimum password length may be configured to no more than 14. If this setting is defined and enabled, minimum password length may be configured more than 14.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Relax minimum password length |
+| Path | Windows Settings > Security Settings > Account Policies > Password Policy |
+
+
+
+
+
+
+
+
## ScreenTimeoutWhileLocked
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index c716b41a63..8f021f8337 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,14 +1,7 @@
---
title: Display Policy CSP
description: Learn more about the Display Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 0a9aa6d814..ed3b7b4609 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,14 +1,7 @@
---
title: DmaGuard Policy CSP
description: Learn more about the DmaGuard Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
index ccc75b02bf..14022fde28 100644
--- a/windows/client-management/mdm/policy-csp-eap.md
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -1,14 +1,7 @@
---
title: Eap Policy CSP
description: Learn more about the Eap Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 4ec2cef651..cfd49a1bf0 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,14 +1,7 @@
---
title: Education Policy CSP
description: Learn more about the Education Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 4005e29555..016c5d5a51 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,14 +1,7 @@
---
title: EnterpriseCloudPrint Policy CSP
description: Learn more about the EnterpriseCloudPrint Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -274,7 +267,7 @@ Resource URI for which access is being requested by the Mopria discovery client
This policy must target ./User, otherwise it fails.
-The default value is an empty string. Otherwise, the value should contain a URL.
+The default value is an empty string. Otherwise, the value should contain a URL.
**Example**:
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index e97461a682..50e401227e 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,14 +1,7 @@
---
title: ErrorReporting Policy CSP
description: Learn more about the ErrorReporting Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index ce940b762e..83a5c6c350 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,14 +1,7 @@
---
title: EventLogService Policy CSP
description: Learn more about the EventLogService Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 3fbecc7fbe..f7ecf4bf2a 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,14 +1,7 @@
---
title: Experience Policy CSP
description: Learn more about the Experience Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 089a7066d9..6d947b5cd3 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,14 +1,7 @@
---
title: ExploitGuard Policy CSP
description: Learn more about the ExploitGuard Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-federatedauthentication.md b/windows/client-management/mdm/policy-csp-federatedauthentication.md
index 18426abce1..4b4de43f51 100644
--- a/windows/client-management/mdm/policy-csp-federatedauthentication.md
+++ b/windows/client-management/mdm/policy-csp-federatedauthentication.md
@@ -1,14 +1,7 @@
---
title: FederatedAuthentication Policy CSP
description: Learn more about the FederatedAuthentication Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index a8a7ae5f57..98a8e70629 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -1,15 +1,7 @@
---
title: Policy CSP - Feeds
description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
ms.date: 09/17/2021
-ms.reviewer:
-manager: aaroncz
---
# Policy CSP - Feeds
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 75e9fb777f..fb55df7a5d 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,14 +1,7 @@
---
title: FileExplorer Policy CSP
description: Learn more about the FileExplorer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md
index 57ec3f91e0..f1d4135999 100644
--- a/windows/client-management/mdm/policy-csp-filesystem.md
+++ b/windows/client-management/mdm/policy-csp-filesystem.md
@@ -1,14 +1,7 @@
---
title: FileSystem Policy CSP
description: Learn more about the FileSystem Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -30,7 +23,7 @@ ms.topic: reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2338] and later
✅ Windows Insider Preview |
@@ -86,7 +79,7 @@ A reboot is required for this setting to take effect.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2338] and later
✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 7be1ae616e..d16bea4048 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,14 +1,7 @@
---
title: Games Policy CSP
description: Learn more about the Games Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 941b6ab1ce..6cd40803bd 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,14 +1,7 @@
---
title: Handwriting Policy CSP
description: Learn more about the Handwriting Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 6584e6372b..3ef891ed68 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -1,14 +1,7 @@
---
title: HumanPresence Policy CSP
description: Learn more about the HumanPresence Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index d707b4af93..a6efb038f9 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,14 +1,7 @@
---
title: InternetExplorer Policy CSP
description: Learn more about the InternetExplorer Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -3666,17 +3659,7 @@ If you disable, or don't configure this policy, all sites are opened using the c
-
-This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
-
-> [!IMPORTANT]
-> Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
-
-- If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
-
-- If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
-
-- If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
+
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index ed58ffd639..092f0fcfa3 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,14 +1,7 @@
---
title: Kerberos Policy CSP
description: Learn more about the Kerberos Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/23/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -323,7 +316,7 @@ If you don't configure this policy, the SHA1 algorithm will assume the **Default
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
@@ -396,7 +389,7 @@ If you don't configure this policy, the SHA256 algorithm will assume the **Defau
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
@@ -469,7 +462,7 @@ If you don't configure this policy, the SHA384 algorithm will assume the **Defau
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
@@ -542,7 +535,7 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
-| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfigurationEnabled`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+| Dependency [PKINIT_Hash_Algorithm_Configuration_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/Kerberos/PKInitHashAlgorithmConfiguration`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 957c1a280e..ab923304b0 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,14 +1,7 @@
---
title: KioskBrowser Policy CSP
description: Learn more about the KioskBrowser Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 4c0d5e7b6e..b3e44fe44d 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,14 +1,7 @@
---
title: LanmanWorkstation Policy CSP
description: Learn more about the LanmanWorkstation Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 27405e9ef7..69f8d74490 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,14 +1,7 @@
---
title: Licensing Policy CSP
description: Learn more about the Licensing Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index f3317c93af..bb70540374 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,14 +1,7 @@
---
title: LocalPoliciesSecurityOptions Policy CSP
description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -373,7 +366,7 @@ Accounts: Rename guest account This security setting determines whether a differ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -402,6 +395,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
| Format | `b64` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: ``) |
+| Default Value | 00 |
@@ -416,7 +410,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -457,7 +451,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -722,7 +716,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -771,7 +765,7 @@ Devices: Restrict floppy access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -824,7 +818,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -880,7 +874,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -930,7 +924,7 @@ Domain member: Digitally sign secure channel data (when possible) This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -987,7 +981,7 @@ Domain member: Disable machine account password changes Determines whether a dom
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1040,7 +1034,7 @@ Domain member: Maximum machine account password age This security setting determ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1325,31 +1319,31 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w
-
-## InteractiveLogon_MachineAccountThreshold
+
+## InteractiveLogon_MachineAccountLockoutThreshold
-
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
-
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
-
+
```Device
-./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineAccountThreshold
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineAccountLockoutThreshold
```
-
+
-
+
Interactive logon: Machine account threshold. The machine lockout policy is enforced only on those machines that have BitLocker enabled for protecting OS volumes. Please ensure that appropriate recovery password backup policies are enabled. This security setting determines the number of failed logon attempts that causes the machine to be locked out. A locked out machine can only be recovered by providing recovery key at console. You can set the value between 1 and 999 failed logon attempts. If you set the value to 0, the machine will never be locked out. Values from 1 to 3 will be interpreted as 4. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password protected screen savers counts as failed logon attempts. The machine lockout policy is enforced only on those machines that have BitLocker enabled for protecting OS volumes. Please ensure that the appropriate recovery password backup policies are enabled. Default: 0.
-
+
-
+
-
+
-
+
**Description framework properties**:
| Property name | Property value |
@@ -1358,22 +1352,22 @@ Interactive logon: Machine account threshold. The machine lockout policy is enfo
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[0-999]` |
| Default Value | 0 |
-
+
-
+
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | Interactive logon: Machine account lockout threshold |
| Path | Windows Settings > Security Settings > Local Policies > Security Options |
-
+
-
+
-
+
-
+
## InteractiveLogon_MachineInactivityLimit
@@ -1531,7 +1525,7 @@ Interactive logon: Message title for users attempting to log on This security se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1571,7 +1565,7 @@ Interactive logon: Number of previous logons to cache (in case domain controller
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1866,7 +1860,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -1891,8 +1885,8 @@ Microsoft network server: Amount of idle time required before suspending a sessi
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-15]` |
-| Default Value | 15 |
+| Allowed Values | Range: `[0-99999]` |
+| Default Value | 99999 |
@@ -2049,7 +2043,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2090,7 +2084,7 @@ Microsoft network server: Disconnect clients when logon hours expire This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2312,7 +2306,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2360,7 +2354,7 @@ Network access: Don't allow storage of passwords and credentials for network aut
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2410,7 +2404,7 @@ Network access: Let Everyone permissions apply to anonymous users This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2435,6 +2429,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2449,7 +2444,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2477,6 +2472,7 @@ Network access: Remotely accessible registry paths This security setting determi
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2491,7 +2487,7 @@ Network access: Remotely accessible registry paths This security setting determi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2519,6 +2515,7 @@ Network access: Remotely accessible registry paths and subpaths This security se
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2639,7 +2636,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2664,6 +2661,7 @@ Network access: Shares that can be accessed anonymously This security setting de
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
@@ -2678,7 +2676,7 @@ Network access: Shares that can be accessed anonymously This security setting de
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2722,7 +2720,7 @@ Network access: Sharing and security model for local accounts This security sett
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -2980,7 +2978,7 @@ Network security: Force logoff when logon hours expire This security setting det
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
+| Default Value | 1 |
@@ -2988,8 +2986,8 @@ Network security: Force logoff when logon hours expire This security setting det
| Value | Description |
|:--|:--|
-| 1 | Enable. |
-| 0 (Default) | Disable. |
+| 1 (Default) | Enable. |
+| 0 | Disable. |
@@ -3078,7 +3076,7 @@ Network security LAN Manager authentication level This security setting determin
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3110,7 +3108,7 @@ Network security: LDAP client signing requirements This security setting determi
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[0-2]` |
-| Default Value | 0 |
+| Default Value | 1 |
@@ -3484,7 +3482,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3534,7 +3532,7 @@ Recovery console: Allow automatic administrative logon This security setting det
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3691,7 +3689,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3732,7 +3730,7 @@ System Cryptography: Force strong key protection for user keys stored on the com
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3782,7 +3780,7 @@ System objects: Require case insensitivity for non-Windows subsystems This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -3940,6 +3938,64 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm
+
+## UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForEnhancedAdministrators
+```
+
+
+
+
+User Account Control: Behavior of the elevation prompt for administrators running with enhanced privilege protection. This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege. - Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 2 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Prompt for credentials on the secure desktop. |
+| 2 (Default) | Prompt for consent on the secure desktop. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | User Account Control: Behavior of the elevation prompt for administrators running with enhanced privilege protection |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+
+
+
+
+
+
+
+
## UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
@@ -4132,7 +4188,7 @@ User Account Control: Only elevate executable files that are signed and validate
-User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ - ...\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
+User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ..\Program Files\, including subfolders - ..\Windows\system32\ - ..\Program Files (x86)\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
@@ -4292,6 +4348,64 @@ User Account Control: Switch to the secure desktop when prompting for elevation
+
+## UserAccountControl_TypeOfAdminApprovalMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_TypeOfAdminApprovalMode
+```
+
+
+
+
+User Account Control: Configure type of Admin Approval Mode. This policy setting controls whether enhanced privilege protection is applied to admin approval mode elevations. If you change this policy setting, you must restart your computer. This policy is only supported on Windows Desktop, not Server. The options are: - Admin Approval Mode is running in legacy mode (default). - Admin Approval Mode is running with enhanced privilege protection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 (Default) | Legacy Admin Approval Mode. |
+| 2 | Admin Approval Mode with enhanced privilege protection. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | User Account Control: Configure type of Admin Approval Mode |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+
+
+
+
+
+
+
+
## UserAccountControl_UseAdminApprovalMode
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index 1ae1768b2e..7dc4364747 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -1,14 +1,7 @@
---
title: LocalUsersAndGroups Policy CSP
description: Learn more about the LocalUsersAndGroups Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index f7afb94964..95f4c33c50 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,14 +1,7 @@
---
title: LockDown Policy CSP
description: Learn more about the LockDown Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md
index 3359d00d6a..d4773d4c5d 100644
--- a/windows/client-management/mdm/policy-csp-lsa.md
+++ b/windows/client-management/mdm/policy-csp-lsa.md
@@ -1,14 +1,7 @@
---
title: LocalSecurityAuthority Policy CSP
description: Learn more about the LocalSecurityAuthority Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index e3a20f4341..7dc52aed91 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,14 +1,7 @@
---
title: Maps Policy CSP
description: Learn more about the Maps Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
index 5c6eedf729..d6550053a3 100644
--- a/windows/client-management/mdm/policy-csp-memorydump.md
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -1,14 +1,7 @@
---
title: MemoryDump Policy CSP
description: Learn more about the MemoryDump Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index f0b04e92b7..30117ff84d 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -1,14 +1,7 @@
---
title: Messaging Policy CSP
description: Learn more about the Messaging Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 79b92833b7..b8ae2bcd32 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -1,14 +1,7 @@
---
title: MixedReality Policy CSP
description: Learn more about the MixedReality Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/29/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -328,6 +321,97 @@ This policy setting controls if pressing the brightness button changes the brigh
+
+## ConfigureDeviceStandbyAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyAction
+```
+
+
+
+
+This policy setting controls device maintenance action during standby.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not configured. |
+| 1 | Logoff users. |
+| 2 | Reboot device. |
+
+
+
+
+
+
+
+
+
+## ConfigureDeviceStandbyActionTimeout
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyActionTimeout
+```
+
+
+
+
+This policy setting controls when to start maintenance action after device enters standby. The timeout value is in hours.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[1-168]` |
+| Default Value | 8 |
+
+
+
+
+
+
+
+
## ConfigureMovingPlatform
@@ -650,7 +734,7 @@ Windows Network Connectivity Status Indicator may get a false positive internet-
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -699,7 +783,7 @@ This policy setting controls if pinching your thumb and index finger, while look
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -748,7 +832,7 @@ This policy setting controls if using voice commands to open the Start menu is e
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1111,7 +1195,7 @@ The following example XML string shows the value to enable this policy:
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1160,7 +1244,7 @@ This policy configures whether the Sign-In App should prefer showing Other User
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -1209,7 +1293,7 @@ This policy setting controls if it's require that the Start icon to be pressed f
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index eaf592f322..da47e000cd 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,14 +1,7 @@
---
title: MSSecurityGuide Policy CSP
description: Learn more about the MSSecurityGuide Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -18,6 +11,8 @@ ms.topic: reference
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -222,6 +217,56 @@ ms.topic: reference
+
+## NetBTNodeTypeConfiguration
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/NetBTNodeTypeConfiguration
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Pol_SecGuide_0050_NetbtNodeTypeConfig |
+| ADMX File Name | SecGuide.admx |
+
+
+
+
+
+
+
+
## TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index a34a41ff94..6e60b0d9dd 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,14 +1,7 @@
---
title: MSSLegacy Policy CSP
description: Learn more about the MSSLegacy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index c12b74e90f..84df0472de 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -1,14 +1,7 @@
---
title: Multitasking Policy CSP
description: Learn more about the Multitasking Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index dd7b76de61..14633df6c8 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,14 +1,7 @@
---
title: NetworkIsolation Policy CSP
description: Learn more about the NetworkIsolation Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index ecc77167b9..0ade49a774 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,14 +1,7 @@
---
title: NetworkListManager Policy CSP
description: Learn more about the NetworkListManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -16,10 +9,159 @@ ms.topic: reference
# Policy CSP - NetworkListManager
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+## AllNetworks_NetworkIcon
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllNetworks_NetworkIcon
+```
+
+
+
+
+This policy setting allows you to specify whether users can change the network icon for all networks to which the user connects.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | User can change icon. |
+| 1 | User can't change icon. |
+
+
+
+
+
+
+
+
+
+## AllNetworks_NetworkLocation
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllNetworks_NetworkLocation
+```
+
+
+
+
+This policy setting allows you to specify whether users can change the network location for all networks to which the user connects.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | User can change location. |
+| 1 | User can't change location. |
+
+
+
+
+
+
+
+
+
+## AllNetworks_NetworkName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllNetworks_NetworkName
+```
+
+
+
+
+This policy setting allows you to specify whether users can change the network name for all networks to which the user connects.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | User can change name. |
+| 1 | User can't change name. |
+
+
+
+
+
+
+
+
## AllowedTlsAuthenticationEndpoints
@@ -114,6 +256,153 @@ This policy setting provides the string that names a network. If this setting is
+
+## IdentifyingNetworks_LocationType
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/NetworkListManager/IdentifyingNetworks_LocationType
+```
+
+
+
+
+This policy setting allows you to configure the Network Location for networks that are in a temporary state while Windows works to identify the network and location type. A network location identifies the type of network that a computer is connected to and automatically sets the appropriate firewall settings for that location.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Public. |
+| 1 | Private. |
+
+
+
+
+
+
+
+
+
+## UnidentifiedNetworks_LocationType
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/NetworkListManager/UnidentifiedNetworks_LocationType
+```
+
+
+
+
+This policy setting allows you to configure the Network Location type for networks that Windows can't identify due to a network issue or a lack of identifiable characters in the network information received by the operating system from the network. A network location identifies the type of network that a computer is connected to and automatically sets the appropriate firewall settings for that location.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Public. |
+| 1 | Private. |
+
+
+
+
+
+
+
+
+
+## UnidentifiedNetworks_UserPermissions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/NetworkListManager/UnidentifiedNetworks_UserPermissions
+```
+
+
+
+
+This policy setting allows you to configure the Network Location user permissions for networks that Windows can't identify due to a network issue or a lack of identifiable characters in the network information received by the operating system from the network.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | User can change location. |
+| 1 | User can't change location. |
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
index c22d8a9bfa..16fabdc822 100644
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -1,14 +1,7 @@
---
title: NewsAndInterests Policy CSP
description: Learn more about the NewsAndInterests Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 1f7b42377a..65d5cb42bc 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -1,14 +1,7 @@
---
title: Notifications Policy CSP
description: Learn more about the Notifications Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 68c365431c..e1e5083184 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,14 +1,7 @@
---
title: Power Policy CSP
description: Learn more about the Power Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 10b73e98be..fa423988bf 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,14 +1,7 @@
---
title: Printers Policy CSP
description: Learn more about the Printers Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -676,6 +669,56 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
+
+## ConfigureWindowsProtectedPrint
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureWindowsProtectedPrint
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureWindowsProtectedPrint |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
## EnableDeviceControl
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index f96c5acb6a..5094419e31 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,14 +1,7 @@
---
title: Privacy Policy CSP
description: Learn more about the Privacy Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index fa85c9cec4..1e190204ac 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,14 +1,7 @@
---
title: RemoteAssistance Policy CSP
description: Learn more about the RemoteAssistance Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index e112f3b6d8..caa589b6f9 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -1,14 +1,7 @@
---
title: RemoteDesktop Policy CSP
description: Learn more about the RemoteDesktop Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index dd8a3fc532..2e7833047e 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,14 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -18,6 +11,8 @@ ms.topic: reference
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -155,6 +150,106 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
+
+## DisconnectOnLockBasicAuthn
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockBasicAuthn
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TS_DISCONNECT_ON_LOCK_POLICY |
+| ADMX File Name | terminalserver.admx |
+
+
+
+
+
+
+
+
+
+## DisconnectOnLockWebAccountAuthn
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockWebAccountAuthn
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY |
+| ADMX File Name | terminalserver.admx |
+
+
+
+
+
+
+
+
## DoNotAllowDriveRedirection
@@ -338,6 +433,114 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
+
+## LimitClientToServerClipboardRedirection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/RemoteDesktopServices/LimitClientToServerClipboardRedirection
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/LimitClientToServerClipboardRedirection
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TS_CLIENT_CLIPBOARDRESTRICTION_CS |
+| ADMX File Name | terminalserver.admx |
+
+
+
+
+
+
+
+
+
+## LimitServerToClientClipboardRedirection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/RemoteDesktopServices/LimitServerToClientClipboardRedirection
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/LimitServerToClientClipboardRedirection
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TS_CLIENT_CLIPBOARDRESTRICTION_SC |
+| ADMX File Name | terminalserver.admx |
+
+
+
+
+
+
+
+
## PromptForPasswordUponConnection
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 1a0bbae405..0f19f54970 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,14 +1,7 @@
---
title: RemoteManagement Policy CSP
description: Learn more about the RemoteManagement Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index c939be5ef0..1def7d700f 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,14 +1,7 @@
---
title: RemoteProcedureCall Policy CSP
description: Learn more about the RemoteProcedureCall Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 95deedc15b..e7c0d076a7 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,14 +1,7 @@
---
title: RemoteShell Policy CSP
description: Learn more about the RemoteShell Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 83c65f6386..6c8af25f6a 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,14 +1,7 @@
---
title: RestrictedGroups Policy CSP
description: Learn more about the RestrictedGroups Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 624d6566b7..ba702af769 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,14 +1,7 @@
---
title: Search Policy CSP
description: Learn more about the Search Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -293,7 +286,7 @@ The most restrictive value is `0` to not allow indexing of encrypted items.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1620] and later
✅ Windows 10, version 21H1 [10.0.19043.1620] and later
✅ Windows 10, version 21H2 [10.0.19044.1620] and later
✅ Windows 11, version 21H2 [10.0.22000.1761] and later
✅ Windows 11, version 22H2 [10.0.22621] and later |
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index ef1082ff7d..b1093ffddc 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,14 +1,7 @@
---
title: Security Policy CSP
description: Learn more about the Security Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 73dbb1343a..46c10a8e9a 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -1,14 +1,7 @@
---
title: ServiceControlManager Policy CSP
description: Learn more about the ServiceControlManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 9f5437e695..eeb0d6f1ba 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,14 +1,7 @@
---
title: Settings Policy CSP
description: Learn more about the Settings Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md
index 954bbaeaf2..39e032a8b4 100644
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@@ -1,14 +1,7 @@
---
title: SettingsSync Policy CSP
description: Learn more about the SettingsSync Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index a59c0981e8..6e99e05ccb 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,14 +1,7 @@
---
title: SmartScreen Policy CSP
description: Learn more about the SmartScreen Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -77,6 +70,8 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot
|:--|:--|
| 0 (Default) | Turns off Application Installation Control, allowing users to download and install files from anywhere on the web. |
| 1 | Turns on Application Installation Control, allowing users to only install apps from the Store. |
+| 2 | Turns on Application Installation Control, letting users know that there's a comparable app in the Store. |
+| 3 | Turns on Application Installation Control, warning users before installing apps from outside the Store. |
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index bf6e6f78d4..437f917212 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,14 +1,7 @@
---
title: Speech Policy CSP
description: Learn more about the Speech Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 838e2faf41..8ae3504c72 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,14 +1,7 @@
---
title: Start Policy CSP
description: Learn more about the Start Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 09/25/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-stickers.md b/windows/client-management/mdm/policy-csp-stickers.md
index 9f2e6a4f60..34b5c89385 100644
--- a/windows/client-management/mdm/policy-csp-stickers.md
+++ b/windows/client-management/mdm/policy-csp-stickers.md
@@ -1,14 +1,7 @@
---
title: Stickers Policy CSP
description: Learn more about the Stickers Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 3e241acee7..78f789eba8 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,14 +1,7 @@
---
title: Storage Policy CSP
description: Learn more about the Storage Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md
new file mode 100644
index 0000000000..13be1bd00e
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-sudo.md
@@ -0,0 +1,78 @@
+---
+title: Sudo Policy CSP
+description: Learn more about the Sudo Area in Policy CSP.
+ms.date: 01/31/2024
+---
+
+
+
+
+# Policy CSP - Sudo
+
+[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+
+
+
+
+## EnableSudo
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Sudo/EnableSudo
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableSudo |
+| ADMX File Name | Sudo.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 0d0a105c89..337e3987e3 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,14 +1,7 @@
---
title: System Policy CSP
description: Learn more about the System Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -118,7 +111,7 @@ AllowCommercialDataPipeline configures a Microsoft Entra joined device so that M
To enable this behavior:
1. Enable this policy setting
-2. Join a Microsoft Entra account to the device.
+1. Join a Microsoft Entra account to the device.
Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device.
@@ -198,10 +191,10 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior:
1. Enable this policy setting
-2. Join a Microsoft Entra account to the device.
+1. Join a Microsoft Entra account to the device.
-3. Set Allow Telemetry to value 1 - Required, or higher
-4. Set the Configure the Commercial ID setting for your Desktop Analytics workspace.
+1. Set Allow Telemetry to value 1 - Required, or higher
+1. Set the Configure the Commercial ID setting for your Desktop Analytics workspace.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -762,10 +755,10 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior:
1. Enable this policy setting
-2. Join a Microsoft Entra account to the device.
+1. Join a Microsoft Entra account to the device.
-3. Set Allow Telemetry to value 1 - Required, or higher
-4. Set the Configure the Commercial ID setting for your Update Compliance workspace.
+1. Set Allow Telemetry to value 1 - Required, or higher
+1. Set the Configure the Commercial ID setting for your Update Compliance workspace.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -889,9 +882,9 @@ This policy setting configures a Microsoft Entra joined device so that Microsoft
To enable this behavior:
1. Enable this policy setting
-2. Join a Microsoft Entra account to the device.
+1. Join a Microsoft Entra account to the device.
-3. Set Allow Telemetry to value 1 - Required, or higher.
+1. Set Allow Telemetry to value 1 - Required, or higher.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -1999,10 +1992,10 @@ This policy setting, in combination with the "Allow Diagnostic Data" policy sett
To enable the behavior described above, complete the following steps:
1. Enable this policy setting
-2. Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data".
+1. Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data".
-3. Enable the "Limit Dump Collection" policy
-4. Enable the "Limit Diagnostic Log Collection" policy.
+1. Enable the "Limit Dump Collection" policy
+1. Enable the "Limit Diagnostic Log Collection" policy.
When these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at< https://go.microsoft.com/fwlink/?linkid=2116020>.
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 1ba198008c..b08d9a0c2d 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,14 +1,7 @@
---
title: SystemServices Policy CSP
description: Learn more about the SystemServices Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -20,6 +13,56 @@ ms.topic: reference
+
+## ConfigureComputerBrowserServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureComputerBrowserServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Computer Browser |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
## ConfigureHomeGroupListenerServiceStartupMode
@@ -120,6 +163,756 @@ This setting determines whether the service's start type is Automatic(2), Manual
+
+## ConfigureIISAdminServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureIISAdminServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | IIS Admin Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureInfraredMonitorServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureInfraredMonitorServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Infrared Monitor Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureInternetConnectionSharingServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureInternetConnectionSharingServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Internet Connection Sharing (ICS) |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureLxssManagerServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureLxssManagerServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LxssManager |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureMicrosoftFTPServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureMicrosoftFTPServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Microsoft FTP Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureRemoteProcedureCallLocatorServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureRemoteProcedureCallLocatorServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Remote Procedure Call (RPC) Locator |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureRoutingAndRemoteAccessServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureRoutingAndRemoteAccessServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Routing and Remote Access |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureSimpleTCPIPServicesStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureSimpleTCPIPServicesStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Simple TCP/IP Services |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureSpecialAdministrationConsoleHelperServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureSpecialAdministrationConsoleHelperServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Special Administration Console Helper |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureSSDPDiscoveryServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureSSDPDiscoveryServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SSDP Discovery |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureUPnPDeviceHostServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureUPnPDeviceHostServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | UPnP Device Host |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureWebManagementServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureWebManagementServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Web Management Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Windows Media Player Network Sharing Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureWindowsMobileHotspotServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureWindowsMobileHotspotServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Windows Mobile Hotspot Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
+
+## ConfigureWorldWideWebPublishingServiceStartupMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/SystemServices/ConfigureWorldWideWebPublishingServiceStartupMode
+```
+
+
+
+
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-4]` |
+| Default Value | 3 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | World Wide Web Publishing Service |
+| Path | Windows Settings > Security Settings > System Services |
+
+
+
+
+
+
+
+
## ConfigureXboxAccessoryManagementServiceStartupMode
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 9882cd2083..439cfdb8d3 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,14 +1,7 @@
---
title: TaskManager Policy CSP
description: Learn more about the TaskManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 61603da719..a847cb3ec9 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,14 +1,7 @@
---
title: TaskScheduler Policy CSP
description: Learn more about the TaskScheduler Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
index 32c6595782..6c9181ab8c 100644
--- a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
+++ b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
@@ -1,14 +1,7 @@
---
title: TenantDefinedTelemetry Policy CSP
description: Learn more about the TenantDefinedTelemetry Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
index 62451125d8..b0838899b1 100644
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@@ -1,14 +1,7 @@
---
title: TenantRestrictions Policy CSP
description: Learn more about the TenantRestrictions Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 49037f5600..359c78a5c8 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,14 +1,7 @@
---
title: TextInput Policy CSP
description: Learn more about the TextInput Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 216139ba2a..ec0faa2924 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,14 +1,7 @@
---
title: TimeLanguageSettings Policy CSP
description: Learn more about the TimeLanguageSettings Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 05a793d534..4e27dcdaee 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,14 +1,7 @@
---
title: Troubleshooting Policy CSP
description: Learn more about the Troubleshooting Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -61,15 +54,15 @@ After setting this policy, you can use the following instructions to check devic
rem The following batch script triggers Recommended Troubleshooting schtasks /run /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner".
-2. To create a new immediate task, navigate to the Group Policy Management Editor > Computer Configuration > Preferences and select Control Panel Settings.
+1. To create a new immediate task, navigate to the Group Policy Management Editor > Computer Configuration > Preferences and select Control Panel Settings.
-3. Under Control Panel settings, right-click on Scheduled Tasks and select New. Select Immediate Task (At least Windows 7).
+1. Under Control Panel settings, right-click on Scheduled Tasks and select New. Select Immediate Task (At least Windows 7).
-4. Provide name and description as appropriate, then under Security Options set the user account to System and select the Run with highest privileges checkbox.
+1. Provide name and description as appropriate, then under Security Options set the user account to System and select the Run with highest privileges checkbox.
-5. In the Actions tab, create a new action, select Start a Program as its type, then enter the file created in step 1.
+1. In the Actions tab, create a new action, select Start a Program as its type, then enter the file created in step 1.
-6. Configure the task to deploy to your domain.
+1. Configure the task to deploy to your domain.
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 9c9630b5ac..ff2d3b69e6 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,14 +1,7 @@
---
title: Update Policy CSP
description: Learn more about the Update Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/03/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -282,7 +275,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3757] and later |
@@ -292,8 +285,16 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
-
+
This policy enables devices to get optional updates (including gradual feature rollouts (CFRs) - learn more by visiting aka.ms/AllowOptionalContent)
+
+When the policy is configured.
+
+- If "Automatically receive optional updates (including CFRs)" is selected, the device will get the latest optional updates automatically in line with the configured quality update deferrals. This includes optional cumulative updates and gradual feature rollouts (CFRs).
+
+- If "Automatically receive optional updates" is selected, the device will only get optional cumulative updates automatically, in line with the quality update deferrals.
+
+- If "Users can select which optional updates to receive" is selected, users can select which optional updates to get by visiting Settings > Windows Update > Advanced options > Optional updates. Users can also enable the toggle "Get the latest updates as soon as they're available" to automatically receive optional updates and gradual feature rollouts.
@@ -327,7 +328,12 @@ This policy enables devices to get optional updates (including gradual feature r
| Name | Value |
|:--|:--|
| Name | AllowOptionalContent |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Friendly Name | Enable optional updates |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Manage updates offered from Windows Update |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| Registry Value Name | SetAllowOptionalContent |
+| ADMX File Name | WindowsUpdate.admx |
@@ -1958,7 +1964,7 @@ If any of the following two policies are enabled, this policy has no effect:
1. No auto-restart with logged-on users for scheduled automatic updates installations.
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy.
@@ -2085,7 +2091,7 @@ If any of the following two policies are enabled, this policy has no effect:
1. No auto-restart with logged-on users for scheduled automatic updates installations.
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy.
@@ -2422,7 +2428,7 @@ Number of days before feature updates are installed on devices automatically reg
> [!NOTE]
->
+>
> - After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
> - When this policy is used, the download, installation, and reboot settings from [Update/AllowAutoUpdate](#allowautoupdate) are ignored.
@@ -2481,7 +2487,7 @@ Number of days before quality updates are installed on devices automatically reg
> [!NOTE]
->
+>
> - After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
> - When this policy is used, the download, installation, and reboot settings from [Update/AllowAutoUpdate](#allowautoupdate) are ignored.
@@ -3599,7 +3605,7 @@ Enabling either of the following two policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations.
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
@@ -3664,7 +3670,7 @@ Enabling either of the following two policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations.
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
@@ -4083,9 +4089,9 @@ If you disable or don't configure this policy, the PC will restart following the
Enabling any of the following policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
-3. Specify deadline before auto-restart for update installation.
+1. Specify deadline before auto-restart for update installation.
@@ -4153,9 +4159,9 @@ If you disable or don't configure this policy, the PC will restart following the
Enabling any of the following policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
-3. Specify deadline before auto-restart for update installation.
+1. Specify deadline before auto-restart for update installation.
@@ -4223,9 +4229,9 @@ If you disable or don't configure this policy, the PC will restart following the
Enabling any of the following policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
-3. Specify deadline before auto-restart for update installation.
+1. Specify deadline before auto-restart for update installation.
@@ -4293,9 +4299,9 @@ If you disable or don't configure this policy, the PC will restart following the
Enabling any of the following policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
-3. Specify deadline before auto-restart for update installation.
+1. Specify deadline before auto-restart for update installation.
@@ -4363,9 +4369,9 @@ If you disable or don't configure this policy, the PC will restart following the
Enabling any of the following policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
-3. Specify deadline before auto-restart for update installation.
+1. Specify deadline before auto-restart for update installation.
@@ -4433,9 +4439,9 @@ If you disable or don't configure this policy, the PC will restart following the
Enabling any of the following policies will override the above policy:
1. No auto-restart with logged-on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time.
+1. Always automatically restart at scheduled time.
-3. Specify deadline before auto-restart for update installation.
+1. Specify deadline before auto-restart for update installation.
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index e323789f73..dc226ea336 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,14 +1,7 @@
---
title: UserRights Policy CSP
description: Learn more about the UserRights Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -259,6 +252,55 @@ This user right allows a process to impersonate any user without authentication.
+
+## AdjustMemoryQuotasForProcess
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/UserRights/AdjustMemoryQuotasForProcess
+```
+
+
+
+
+Adjust memory quotas for a process - This privilege determines who can change the maximum memory that can be consumed by a process. This privilege is useful for system tuning on a group or user basis.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `0xF000`) |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Adjust memory quotas for a process |
+| Path | Windows Settings > Security Settings > Local Policies > User Rights Assignment |
+
+
+
+
+
+
+
+
## AllowLocalLogOn
@@ -311,6 +353,55 @@ This user right determines which users can log on to the computer.
+
+## AllowLogOnThroughRemoteDesktop
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/UserRights/AllowLogOnThroughRemoteDesktop
+```
+
+
+
+
+Allow log on through Remote Desktop Services - This policy setting determines which users or groups can access the sign-in screen of a remote device through a Remote Desktop Services connection.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `0xF000`) |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Allow log on through Remote Desktop Services |
+| Path | Windows Settings > Security Settings > Local Policies > User Rights Assignment |
+
+
+
+
+
+
+
+
## BackupFilesAndDirectories
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 5c2fd4615b..bfea6628c8 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -1,14 +1,7 @@
---
title: VirtualizationBasedTechnology Policy CSP
description: Learn more about the VirtualizationBasedTechnology Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index a5834287ac..0b01461d1e 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -1,14 +1,7 @@
---
title: WebThreatDefense Policy CSP
description: Learn more about the WebThreatDefense Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 0eb72b28a0..677a40fffb 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,14 +1,7 @@
---
title: Wifi Policy CSP
description: Learn more about the Wifi Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -16,6 +9,8 @@ ms.topic: reference
# Policy CSP - Wifi
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -234,7 +229,7 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
@@ -284,7 +279,7 @@ Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-F
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 5d7b09569f..aa027def07 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,14 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/30/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/31/2024
---
@@ -22,13 +15,75 @@ ms.topic: reference
+
+## DisableAIDataAnalysis
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
+```
+
+
+
+
+This policy setting allows you to prevent Windows AI from using and analyzing user patterns and data.
+
+- If you enable this policy setting, Windows AI won't be able to take advantage of historical user patterns.
+
+- If you disable or don't configure this policy setting, Windows AI will be able to assist users by considering their historical behaviors and data.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enable Data Analysis for Windows AI. |
+| 1 | Disable Data Analysis for Windows AI. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableAIDataAnalysis |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
## TurnOffWindowsCopilot
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25929.1000] |
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3758] and later
✅ Windows 10, version 22H2 [10.0.19045.3758] and later
✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows 11, version 23H2 [10.0.22631] and later |
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 6fc277fe8f..1e3b68c37a 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -1,14 +1,7 @@
---
title: WindowsAutopilot Policy CSP
description: Learn more about the WindowsAutopilot Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 3b1491564f..ae7bafe0cf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,14 +1,7 @@
---
title: WindowsConnectionManager Policy CSP
description: Learn more about the WindowsConnectionManager Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 44ed4083ba..bc665f2973 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,14 +1,7 @@
---
title: WindowsDefenderSecurityCenter Policy CSP
description: Learn more about the WindowsDefenderSecurityCenter Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index a2608dd9a9..c84c0bded7 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,14 +1,7 @@
---
title: WindowsInkWorkspace Policy CSP
description: Learn more about the WindowsInkWorkspace Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 7f43647495..9d17406fe6 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,14 +1,7 @@
---
title: WindowsLogon Policy CSP
description: Learn more about the WindowsLogon Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 10/24/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -41,11 +34,11 @@ ms.topic: reference
This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
-This only occurs if the last interactive user didn't sign out before the restart or shutdown.
+This only occurs if the last interactive user didn't sign out before the restart or shutdown.
If the device is joined to Active Directory or Microsoft Entra ID, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.
-- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
+- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot .
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 2a3b6be557..9e4a87efb2 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,14 +1,7 @@
---
title: WindowsPowerShell Policy CSP
description: Learn more about the WindowsPowerShell Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 49f808e7e0..ffa94e847a 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -1,14 +1,7 @@
---
title: WindowsSandbox Policy CSP
description: Learn more about the WindowsSandbox Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -16,6 +9,8 @@ ms.topic: reference
# Policy CSP - WindowsSandbox
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -148,6 +143,56 @@ This policy setting enables or disables clipboard sharing with the sandbox.
+
+## AllowMappedFolders
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowMappedFolders
+```
+
+
+
+
+Allow mapping folders into Windows Sandbox.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value | 1 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowMappedFolders |
+| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat |
+
+
+
+
+
+
+
+
## AllowNetworking
@@ -406,6 +451,57 @@ Note that there may be security implications of exposing host video input to the
+
+## AllowWriteToMappedFolders
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowWriteToMappedFolders
+```
+
+
+
+
+Allow Sandbox to write to mapped folders.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value | 1 |
+| Dependency [WindowsSandbox_AllowWriteToMappedFolders_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowMappedFolders`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
|
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowWriteToMappedFolders |
+| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat |
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 2d101d6563..70e8e67fba 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,14 +1,7 @@
---
title: WirelessDisplay Policy CSP
description: Learn more about the WirelessDisplay Area in Policy CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/printerprovisioning-csp.md b/windows/client-management/mdm/printerprovisioning-csp.md
index bea685738c..a80ace3abb 100644
--- a/windows/client-management/mdm/printerprovisioning-csp.md
+++ b/windows/client-management/mdm/printerprovisioning-csp.md
@@ -1,14 +1,7 @@
---
title: PrinterProvisioning CSP
description: Learn more about the PrinterProvisioning CSP.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 08/10/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
diff --git a/windows/client-management/mdm/printerprovisioning-ddf-file.md b/windows/client-management/mdm/printerprovisioning-ddf-file.md
index d7306bda75..3c4a974d93 100644
--- a/windows/client-management/mdm/printerprovisioning-ddf-file.md
+++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md
@@ -1,14 +1,7 @@
---
title: PrinterProvisioning DDF file
description: View the XML file containing the device description framework (DDF) for the PrinterProvisioning configuration service provider.
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 06/02/2023
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
+ms.date: 01/18/2024
---
@@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the P
- Windows 10, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. |
-|Microsoft Entra ID | While all employees signing into Cortana need a Microsoft Entra account, a Microsoft Entra ID P1 or P2 tenant isn't required. |
-|Additional policies (Group Policy and Mobile Device Management (MDM)) |There's a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn off Cortana. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. |
-
->[!NOTE]
->For Windows 11, Cortana is no longer pinned to the taskbar by default. You can still pin the Cortana app to the taskbar as you would any other app. In addition, the keyboard shortcut that launched Cortana (Win+C) no longer opens Cortana.
-
-
-
-## Signing in using Microsoft Entra ID
-
-Your organization must have a Microsoft Entra tenant and your employees' devices must all be Microsoft Entra joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but won't be able to use their enterprise email or calendar.) For info about what a Microsoft Entra tenant is, how to get your devices joined, and other Microsoft Entra maintenance info, see [Microsoft Entra documentation.](/azure/active-directory/)
-
-## How is my data processed by Cortana?
-
-Cortana's approach to integration with Microsoft 365 has changed with Windows 10, version 2004 and later.
-
-### Cortana in Windows 10, version 2004 and later, or Windows 11
-
-Cortana enterprise services that can be accessed using Microsoft Entra ID through Cortana meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true).
-
-#### How does Microsoft store, retain, process, and use Customer Data in Cortana?
-
-The table below describes the data handling for Cortana enterprise services.
-
-
-| Name | Description |
-|---------|---------|
-|**Storage** |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. Speech audio isn't retained. |
-|**Stays in Geo** |Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant. |
-|**Retention** |Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. Speech audio isn't retained. |
-|**Processing and confidentiality** |Personnel engaged in the processing of Customer Data and personal data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends. |
-|**Usage** |Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud consistent with the Online Services Terms. Your data isn't used to target advertising. |
-
-#### How does the wake word (Cortana) work? If I enable it, is Cortana always listening?
-
->[!NOTE]
->The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
-
-Cortana only begins listening for commands or queries when the wake word is detected, or the microphone button has been selected.
-
-First, the user must enable the wake word from within Cortana settings. Once it has been enabled, a component of Windows called the [Windows Multiple Voice Assistant platform](/windows-hardware/drivers/audio/voice-activation-mva#voice-activation) will start listening for the wake word. No audio is processed by speech recognition unless two local wake word detectors and a server-side one agree with high confidence that the wake word was heard.
-
-The first decision is made by the Windows Multiple Voice Assistant platform using hardware optionally included in the user's PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening.
-
-:::image type="content" source="./images/screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening":::
-
-At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service doesn't confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user's PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded.
-
-If all three wake word detectors agree, the Cortana canvas will show what speech has been recognized.
-
-### Cortana in Windows 10, versions 1909 and earlier
-
-Cortana in Windows 10, versions 1909 and earlier, isn't a service covered by the Office 365 Trust Center. [Learn more about how Cortana in Windows 10, version 1909 and earlier, treats your data](https://go.microsoft.com/fwlink/p/?LinkId=536419).
-
-Cortana is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
-
-## See also
-
-- [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
deleted file mode 100644
index e0881606c0..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ /dev/null
@@ -1,88 +0,0 @@
----
-title: Configure Cortana with Group Policy and MDM settings (Windows)
-description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
-
-- **Allow Cortana**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana`
- - **MDM policy CSP**: [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)
- - **Description**: Specifies if users can use Cortana.
-
- Cortana won’t work if this setting is turned off (disabled). On Windows 10, version 1809 and below, users can still do local searches, even with Cortana turned off.
-
-- **AllowCortanaAboveLock**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock`
- - **MDM policy CSP**: [AboveLock/AllowCortanaAboveLock](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowcortanaabovelock)
- - **Description**: Specifies whether users can interact with Cortana using voice commands when the system is locked.
-
- This setting:
-
- - Doesn't apply to Windows 10, versions 2004 and later
- - Doesn't apply to Windows 11
-
-- **LetAppsActivateWithVoice**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice`
- - **MDM policy CSP**: [Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice)
- - **Description**: Specifies if apps, like Cortana or other voice assistants, can activate using a wake word, like “Hey Cortana”.
-
- This setting applies to:
-
- - Windows 10 versions 2004 and later
- - Windows 11
-
- To disable wake word activation on Windows 10 versions 1909 and earlier, disable voice commands using the [Privacy/AllowInputPersonalization CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization).
-
-- **LetAppsAccessMicrophone**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone`
- - **MDM policy CSP**: [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps)
- - **Description**: Disables Cortana’s access to the microphone. To use this setting, enter Cortana’s Package Family Name: `Microsoft.549981C3F5F10_8wekyb3d8bbwe`. Users can still type queries to Cortana.
-
-- **Allow users to enable online speech recognition services**
- - **Group policy**: `Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services`
- - **MDM policy CSP**: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization)
- - **Description**: Specifies whether users can use voice commands with Cortana in your organization.
- - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled).
- - **Windows 10, version 1607 and later**: Non-speech aspects of Cortana will still work if this setting is turned off (disabled).
- - **Windows 10, version 2004 and later**: Cortana will work, but voice input will be disabled.
-
-- **AllowLocation**
- - **Group policy**: None
- - **MDM policy CSP**: [System/AllowLocation](/windows/client-management/mdm/policy-csp-system#system-allowlocation)
- - **Description**: Specifies whether to allow app access to the Location service.
- - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled).
- - **Windows 10, version 1607 and later**: Cortana still works if this setting is turned off (disabled).
- - **Windows 10, version 2004 and later**: Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11 don't use the Location service.
-
-- **AllowMicrosoftAccountConnection**
- - **Group policy**: None
- - **MDM policy CSP**: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
- - **Description**: Specifies whether to allow users to sign in using a Microsoft account (MSA) from Windows apps. If you only want to allow users to sign in with their Microsoft Entra account, then disable this setting.
-
-- **Allow search and Cortana to use location**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location`
- - **MDM policy CSP**: [Search/AllowSearchToUseLocation](/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation)
- - **Description**: Specifies whether Cortana can use your current location during searches and for location reminders. In **Windows 10, version 2004 and later**, Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11, don't use the Location service.
-
-- **Don't search the web or display web results**
- - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results`
- - **MDM policy CSP**: [Search/DoNotUseWebResults](/windows/client-management/mdm/policy-csp-search#search-donotusewebresults)
- - **Description**: Specifies if search can do queries on the web, and if the web results are shown in search.
- - **Windows 10 Pro edition**: This setting can’t be managed.
- - **Windows 10 Enterprise edition**: Cortana won't work if this setting is turned off (disabled).
- - **Windows 10, version 2004 and later**: This setting no longer impacts Cortana.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
deleted file mode 100644
index 28baf34fab..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Sign into Microsoft Entra ID, enable the wake word, and try a voice query
-description: A test scenario walking you through signing in and managing the notebook.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Test scenario 1 – Sign into Microsoft Entra ID, enable the wake word, and try a voice query
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!NOTE]
->The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
-
-1. Select the **Cortana** icon in the task bar and sign in using your Microsoft Entra account.
-
-2. Select the "…" menu and select **Talking to Cortana**.
-
-3. Toggle **Wake word** to **On** and close Cortana.
-
-4. Say **Cortana, what can you do?**
-
- When you say **Cortana**, Cortana will open in listening mode to acknowledge the wake word.
-
- :::image type="content" source="../screenshot4.png" alt-text="Screenshot: Cortana listening mode":::
-
- Once you finish saying your query, Cortana will open with the result.
-
->[!NOTE]
->If you've disabled the wake word using MDM or Group Policy, you will need to manually activate the microphone by selecting Cortana, then the mic button.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
deleted file mode 100644
index c107c97a64..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Perform a quick search with Cortana at work (Windows)
-description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 2 – Perform a Bing search with Cortana
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Type **What time is it in Hyderabad?**.
-
-Cortana will respond with the information from Bing.
-
-:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderabad":::
-
->[!NOTE]
->This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](./set-up-and-test-cortana-in-windows-10.md#set-up-and-configure-the-bing-answers-feature).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
deleted file mode 100644
index 50fb4c4d32..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Set a reminder for a location with Cortana at work (Windows)
-description: A test scenario about how to set a location-based reminder using Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 3 - Set a reminder
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-This scenario helps you set up, review, and edit a reminder. For example, you can remind yourself to send someone a link to a document after a meeting.
-
-1. Select the **Cortana** icon in the taskbar and type **Remind me to send a link to the deck at 3:05pm** and press **Enter**.
-
-Cortana will create a reminder in Microsoft To Do and will remind you at the appropriate time.
-
-:::image type="content" source="../screenshot6.png" alt-text="Screenshot: Cortana set a reminder":::
-
-:::image type="content" source="../screenshot7.png" alt-text="Screenshot: Cortana showing reminder on page":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
deleted file mode 100644
index 997bd2f471..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Use Cortana at work to find your upcoming meetings (Windows)
-description: A test scenario on how to use Cortana at work to find your upcoming meetings.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
-
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-This scenario helps you find out if a time slot is free on your calendar.
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type **Am I free at 3 PM tomorrow?**
-
-Cortana will respond with your availability for that time, and nearby meetings.
-
-:::image type="content" source="../screenshot8.png" alt-text="Screenshot: Cortana showing free time on a calendar":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
deleted file mode 100644
index 67d77779e6..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Use Cortana to send email to a coworker (Windows)
-description: A test scenario about how to use Cortana at work to send email to a coworker.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 5 - Test scenario 5 – Find out about a person
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-Cortana can help you quickly look up information about someone or the org chart.
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Type or select the mic and say, **Who is name of person in your organization's?**
-
-:::image type="content" source="../screenshot9.png" alt-text="Screenshot: Cortana showing name of person in your organization":::
-
-Cortana will respond with information about the person. You can select the person to see more information about them in Microsoft Search.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
deleted file mode 100644
index a940f6be39..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Review a reminder suggested by Cortana (Windows)
-description: A test scenario on how to use Cortana with the Suggested reminders feature.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 6 – Change your language and perform a quick search with Cortana
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-Cortana can help employees in regions outside the US search for quick answers like currency conversions, time zone conversions, or weather in their location.
-
-1. Select the **Cortana** icon in the taskbar.
-
-2. Select the **…** menu, then select **Settings**, **Language**, then select **Español (España)**. You'll be prompted to restart the app.
-
-3. Once the app has restarted, type or say **Convierte 100 Euros a Dólares**.
-
-:::image type="content" source="../screenshot10.png" alt-text="Screenshot: Cortana showing a change your language and showing search results in Spanish":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
deleted file mode 100644
index 88e5901e0c..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Help protect data with Cortana and WIP (Windows)
-description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!IMPORTANT]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This optional scenario helps you to protect your organization’s data on a device, based on an inspection by Cortana.
-
-## Use Cortana and WIP to protect your organization’s data
-
-1. Create and deploy a WIP policy to your organization. For information about how to do this step, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
-
-2. Create a new email from a non-protected or personal mailbox, including the text _I’ll send you that presentation tomorrow_.
-
-3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
- Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
-
-4. Create a new email from a protected mailbox, including the same text as above, _I’ll send you that presentation tomorrow_.
-
-5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
- Because it was in an WIP-protected email, the presentation info isn’t pulled out and it isn’t shown to you.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
deleted file mode 100644
index 9260043d11..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Cortana at work testing scenarios
-description: Suggested testing scenarios that you can use to test Cortana in your organization.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 06/28/2021
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Cortana at work testing scenarios
-
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
-
-- [Sign into Microsoft Entra ID, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)
-- [Perform a Bing search with Cortana](cortana-at-work-scenario-2.md)
-- [Set a reminder](cortana-at-work-scenario-3.md)
-- [Use Cortana to find free time on your calendar](cortana-at-work-scenario-4.md)
-- [Find out about a person](cortana-at-work-scenario-5.md)
-- [Change your language and perform a quick search with Cortana](cortana-at-work-scenario-6.md)
-- [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
deleted file mode 100644
index 21f168168d..0000000000
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Set up and test custom voice commands in Cortana for your organization (Windows)
-description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Set up and test custom voice commands in Cortana for your organization
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!NOTE]
->This content applies to Cortana in versions 1909 and earlier, but will not be available in future releases.
-
-Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
-
-## High-level process
-Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be simple to complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.
-
-To enable voice commands in Cortana
-
-1. **Extend your LOB app.** Add a custom VCD file to your app package. This file defines what capabilities are available to Cortana from the app, letting you tell Cortana what vocal commands should be understood and handled by your app and how the app should start when the command is vocalized.
-
- Cortana can perform actions on apps in the foreground (taking focus from Cortana) or in the background (allowing Cortana to keep focus). We recommend that you decide where an action should happen, based on what your voice command is intended to do. For example, if your voice command requires employee input, it’s best for that to happen in the foreground. However, if the app only uses basic commands and doesn’t require interaction, it can happen in the background.
-
- - **Start Cortana with focus on your app, using specific voice-enabled statements.** [Activate a foreground app with voice commands through Cortana](/cortana/voice-commands/launch-a-foreground-app-with-voice-commands-in-cortana).
-
- - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Activate a background app in Cortana using voice commands](/cortana/voice-commands/launch-a-background-app-with-voice-commands-in-cortana).
-
-2. **Install the VCD file on employees' devices**. You can use Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
-
-## Test scenario: Use voice commands in a Microsoft Store app
-While these apps aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.
-
-**To get a Microsoft Store app**
-1. Go to the Microsoft Store, scroll down to the **Collections** area, select **Show All**, and then select **Better with Cortana**.
-
-2. Select **Uber**, and then select **Install**.
-
-3. Open Uber, create an account or sign in, and then close the app.
-
-**To set up the app with Cortana**
-1. Select on the **Cortana** search box in the taskbar, and then select the **Notebook** icon.
-
-2. Select on **Connected Services**, select **Uber**, and then select **Connect**.
-
- 
-
-**To use the voice-enabled commands with Cortana**
-1. Select on the **Cortana** icon in the taskbar, and then select the **Microphone** icon (to the right of the **Search** box).
-
-2. Say _Uber get me a taxi_.
-
- Cortana changes, letting you provide your trip details for Uber.
-
-## See also
-- [Cortana for developers](/cortana/skills/)
diff --git a/windows/configuration/cortana-at-work/images/screenshot1.png b/windows/configuration/cortana-at-work/images/screenshot1.png
deleted file mode 100644
index ed62740e92..0000000000
Binary files a/windows/configuration/cortana-at-work/images/screenshot1.png and /dev/null differ
diff --git a/windows/configuration/cortana-at-work/images/screenshot2.png b/windows/configuration/cortana-at-work/images/screenshot2.png
deleted file mode 100644
index fb7995600e..0000000000
Binary files a/windows/configuration/cortana-at-work/images/screenshot2.png and /dev/null differ
diff --git a/windows/configuration/cortana-at-work/includes/cortana-deprecation.md b/windows/configuration/cortana-at-work/includes/cortana-deprecation.md
deleted file mode 100644
index c5ad2bd22a..0000000000
--- a/windows/configuration/cortana-at-work/includes/cortana-deprecation.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
-ms.topic: include
-ms.date: 06/08/2023
-ms.localizationpriority: medium
----
-
-
-> [!Important]
-> Cortana in Windows as a standalone app is [deprecated](/windows/whats-new/deprecated-features). This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms.
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
deleted file mode 100644
index b9fd7b9023..0000000000
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Set up and test Cortana in Windows 10, version 2004 and later
-ms.reviewer:
-manager: aaroncz
-description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Set up and test Cortana in Windows 10, version 2004 and later
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-## Before you begin
-
-- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you'll need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
-- **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you'll need to [enable updates through the Microsoft Store](../stop-employees-from-using-microsoft-store.md).
-
-## Set up and configure the Bing Answers feature
-Bing Answers provides fast, authoritative results to search queries based on search terms. When the Bing Answers feature is enabled, users will be able to ask Cortana web-related questions in the Cortana in Windows app, such as "What's the current weather?" or "Who is the president of the U.S.?," and get a response, based on public results from Bing.com.
-
-The above experience is powered by Microsoft Bing, and Cortana sends the user queries to Bing. The use of Microsoft Bing is governed by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) and [Privacy Statement](https://privacy.microsoft.com/en-US/privacystatement).
-
-## Configure the Bing Answers feature
-
-Admins can configure the Cortana in Windows Bing Answers feature for their organizations. As the admin, use the following steps to change the setting for Bing Answers at the tenant/security group level. This setting is enabled by default, so that all users who have Cortana enabled will be able to receive Bing Answers. By default, the Bing Answer feature will be available to your users.
-
-Users can't enable or disable the Bing Answer feature individually. So, if you disable this feature at the tenant/security group level, no users in your organization or specific security group will be able to use Bing Answers in Cortana in Windows.
-
-Sign in to the [Office Configuration Admin tool](https://config.office.com/).
-
-Follow the steps [here](/deployoffice/overview-office-cloud-policy-service#steps-for-creating-a-policy-configuration) to create this policy configuration. Once completed, the policy will look as shown below:
-
-:::image type="content" source="../screenshot3.png" alt-text="Screenshot: Bing policy example":::
-
-## How does Microsoft handle customer data for Bing Answers?
-
-When a user enters a search query (by speech or text), Cortana evaluates if the request is for any of our first-party compliant skills if enabled in a specific market, and does the following actions:
-
-1. If it is for any of the first-party compliant skills, the query is sent to that skill, and results/action are returned.
-
-2. If it isn't for any of the first-party compliant skills, the query is sent to Bing for a search of public results from Bing.com. Because enterprise searches might be sensitive, similar to [Microsoft Search in Bing](/MicrosoftSearch/security-for-search#microsoft-search-in-bing-protects-workplace-searches), Bing Answers in Cortana has implemented a set of trust measures, described below, that govern how the separate search of public results from Bing.com is handled. The Bing Answers in Cortana trust measures are consistent with the enhanced privacy and security measures described in [Microsoft Search in Bing](/MicrosoftSearch/security-for-search). All Bing.com search logs that pertain to Cortana traffic are disassociated from users' workplace identity. All Cortana queries issued via a work or school account are stored separately from public, non-Cortana traffic.
-
-Bing Answers is enabled by default for all users. However, admins can configure and change this setting for specific users and user groups in their organization.
-
-## How the Bing Answer policy configuration is applied
-Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of a Microsoft Entra group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
deleted file mode 100644
index cd72adceb2..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
-description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
-This scenario turns on Microsoft Entra ID and lets your employee use Cortana to manage an entry in the notebook.
-
-## Sign in with your work or school account
-
-This process helps you to sign out of a Microsoft Account and to sign into a Microsoft Entra account.
-
-1. Click on the **Cortana** icon in the taskbar, then click the profile picture in the navigation to open Cortana settings.
-
-2. Click your email address.
-
-A dialog box appears, showing the associated account info.
-
-3. Click **Sign out** under your email address.
-
-This signs out the Microsoft account, letting you continue to add your work or school account.
-
-4. Open Cortana again and select the **Sign in** glyph in the left rail and follow the instructions to sign in with your work or school account.
-
-## Use Cortana to manage the notebook content
-
-This process helps you to manage the content Cortana shows in your Notebook.
-
-1. Select the **Cortana** icon in the taskbar, click **Notebook**, select **Manage Skills.** Scroll down and click **Weather**.
-
-2. In the **Weather** settings, scroll down to the **Cities you're tracking** area, and then click **Add a city**.
-
-3. Add **Redmond, Washington**.
-
-> [!IMPORTANT]
-> The data created as part of these scenarios will be uploaded to Microsoft's Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
deleted file mode 100644
index f69b1c2789..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Test scenario 2 - Perform a quick search with Cortana at work
-description: A test scenario about how to perform a quick search with Cortana at work.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 2 – Perform a quick search with Cortana at work
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you perform a quick search using Cortana, both by typing and through voice commands.
-
-## Search using Cortana
-
-1. Click on the Cortana icon in the taskbar, and then click in the Search bar.
-
-2. Type **Type Weather in New York**.
-
-You should see the weather in New York, New York at the top of the search results.
-Insert screenshot
-
-## Search with Cortana, by using voice commands
-
-This process helps you to use Cortana at work and voice commands to perform a quick search.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box).
-
-2. Say **What's the weather in Chicago?** Cortana tells you and shows you the current weather in Chicago.
-Insert screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
deleted file mode 100644
index b57dded7f3..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ /dev/null
@@ -1,81 +0,0 @@
----
-title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
-description: A test scenario about how to set up, review, and edit a reminder based on a location.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 3 - Set a reminder for a specific location using Cortana at work
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you set up, review, and edit a reminder based on a location. For example, reminding yourself to grab your expense report receipts before you leave the house.
-
->[!Note]
->You can set each reminder location individually as you create the reminders, or you can go into the About me screen and add both Work and Home addresses as favorites. Make sure that you use real addresses since you’ll need to go to these locations to complete your testing scenario.
-
-Additionally, if you’ve turned on the Meeting & reminder cards & notifications option (in the Meetings & reminders option of your Notebook), you’ll also see your pending reminders on the Cortana Home page.
-
-## Create a reminder for a specific location
-
-This process helps you to create a reminder based on a specific location.
-
-1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
-
-2. Click the **+** sign, add a subject for your reminder, such as **Remember to file expense report receipts**, and then click **Place**.
-
-3. Choose **Arrive** from the drop-down box, and then type a location to associate with your reminder. For example, you can use the physical address of where you work. Just make sure you can physically get to your location, so you can test the reminder.
-
-4. Click **Done**.
-
->[!Note]
->If you’ve never used this location before, you’ll be asked to add a name for it so it can be added to the Favorites list in Windows Maps.
-
-5. Choose to be reminded the Next time you arrive at the location or on a specific day of the week from the drop-down box.
-
-6. Take a picture of your receipts and store them locally on your device.
-
-7. Click **Add Photo**, click **Library**, browse to your picture, and then click **OK**.
-
-The photo is stored with the reminder.
-
-Insert screenshot 6
-
-8. Review the reminder info, and then click **Remind**.
-
-The reminder is saved and ready to be triggered.
-Insert screenshot
-
-## Create a reminder for a specific location by using voice commands
-
-This process helps you to use Cortana at work and voice commands to create a reminder for a specific location.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone* icon (to the right of the Search box).
-
-2. Say **Remind me to grab my expense report receipts before I leave home**.
-
-Cortana opens a new reminder task and asks if it sounds good.
-insert screenshot
-
-3. Say **Yes** so Cortana can save the reminder.
-insert screenshot
-
-## Edit or archive an existing reminder
-
-This process helps you to edit or archive and existing or completed reminder.
-
-1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
-
-2. Click the pending reminder you want to edit.
-
-3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click Save to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
deleted file mode 100644
index 206010600b..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Use Cortana to find your upcoming meetings at work (Windows)
-description: A test scenario about how to use Cortana at work to find your upcoming meetings.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 4 - Use Cortana to find your upcoming meetings at work
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you search for both general upcoming meetings, and specific meetings, both manually and verbally.
-
->[!Note]
->If you’ve turned on the Meeting & reminder cards & notifications option (in the Meetings & reminders option of your Notebook), you’ll also see your pending reminders on the Cortana Home page.
-
-## Find out about upcoming meetings
-
-This process helps you find your upcoming meetings.
-
-1. Check to make sure your work calendar is connected and synchronized with your Microsoft Entra account.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type **Show me my meetings for tomorrow**.
-
-You’ll see all your meetings scheduled for the next day.
-
-Cortana at work, showing all upcoming meetings
-screenshot
-
-## Find out about upcoming meetings by using voice commands
-
-This process helps you to use Cortana at work and voice commands to find your upcoming meetings.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box.
-
-2. Say **Show me what meeting I have at 3pm tomorrow**.
-
->[!Important]
->Make sure that you have a meeting scheduled for the time you specify here.
-
-Cortana at work, showing the meeting scheduled for 3pm
-screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
deleted file mode 100644
index f8dfb7cf8e..0000000000
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Use Cortana to send an email to co-worker (Windows)
-description: A test scenario on how to use Cortana at work to send email to a co-worker.
-ms.prod: windows-client
-ms.collection: tier3
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.date: 10/05/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
----
-
-# Test scenario 5 - Use Cortana to send an email to co-worker
-
-[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-
->[!Important]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you to send an email to a co-worker listed in your work address book, both manually and verbally.
-
-## Send email to a co-worker
-
-This process helps you to send a quick message to a co-worker from the work address book.
-
-1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Microsoft Entra account.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type **Send an email to
For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
-Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
-
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
->
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
->
->
-> [!TIP]
-> To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information:
-> - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
-> - Data type: Integer
-> - Value: 1
-
-
-#### Rules for URLs in Kiosk Browser settings
-
-Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home).
-
-URLs can include:
-- A valid port value from 1 to 65,535.
-- The path to the resource.
-- Query parameters.
-
-More guidelines for URLs:
-
-- If a period precedes the host, the policy filters exact host matches only.
-- You can't use user:pass fields.
-- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence.
-- The policy searches wildcards (*) last.
-- The optional query is a set of key-value and key-only tokens delimited by '&'.
-- Key-value tokens are separated by '='.
-- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching.
-
-### Examples of blocked URLs and exceptions
-
-The following table describes the results for different combinations of blocked URLs and blocked URL exceptions.
-
-Blocked URL rule | Block URL exception rule | Result
---- | --- | ---
-`*` | `contoso.com`
`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains.
-`contoso.com` | `mail.contoso.com`
`.contoso.com`
`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain.
-`youtube.com` | `youtube.com/watch?v=v1`
`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2).
-
-The following table gives examples for blocked URLs.
-
-
-| Entry | Result |
-|--------------------------|-------------------------------------------------------------------------------|
-| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
-| `https://*` | Blocks all HTTPS requests to any domain. |
-| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
-| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
-| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
-| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
-| `*:8080` | Blocks all requests to port 8080. |
-| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
-| `192.168.1.2` | Blocks requests to 192.168.1.2. |
-| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
-
-### Other browsers
-
-
-
-You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
-- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
-- [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView)
-- [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
-
-
-
-## Secure your information
-
-Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
-
-## App configuration
-
-Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
-
-Check the guidelines published by your selected app and set up accordingly.
-
-## Develop your kiosk app
-
-Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
-
-Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
-
-## Test your assigned access experience
-
-The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you've selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
diff --git a/windows/configuration/images/account-management-details.PNG b/windows/configuration/images/account-management-details.png
similarity index 100%
rename from windows/configuration/images/account-management-details.PNG
rename to windows/configuration/images/account-management-details.png
diff --git a/windows/configuration/images/add-applications-details.PNG b/windows/configuration/images/add-applications-details.png
similarity index 100%
rename from windows/configuration/images/add-applications-details.PNG
rename to windows/configuration/images/add-applications-details.png
diff --git a/windows/configuration/images/add-certificates-details.PNG b/windows/configuration/images/add-certificates-details.png
similarity index 100%
rename from windows/configuration/images/add-certificates-details.PNG
rename to windows/configuration/images/add-certificates-details.png
diff --git a/windows/configuration/images/admx-category.PNG b/windows/configuration/images/admx-category.png
similarity index 100%
rename from windows/configuration/images/admx-category.PNG
rename to windows/configuration/images/admx-category.png
diff --git a/windows/configuration/images/admx-policy.PNG b/windows/configuration/images/admx-policy.png
similarity index 100%
rename from windows/configuration/images/admx-policy.PNG
rename to windows/configuration/images/admx-policy.png
diff --git a/windows/configuration/images/apn-add-details.png b/windows/configuration/images/apn-add-details.png
new file mode 100644
index 0000000000..caee3d6429
Binary files /dev/null and b/windows/configuration/images/apn-add-details.png differ
diff --git a/windows/configuration/images/apn-add.png b/windows/configuration/images/apn-add.png
new file mode 100644
index 0000000000..0e25e5c0e9
Binary files /dev/null and b/windows/configuration/images/apn-add.png differ
diff --git a/windows/configuration/images/cortana-connect-uber.png b/windows/configuration/images/cortana-connect-uber.png
deleted file mode 100644
index 724fecb5b5..0000000000
Binary files a/windows/configuration/images/cortana-connect-uber.png and /dev/null differ
diff --git a/windows/configuration/images/customization-start-edge.PNG b/windows/configuration/images/customization-start-edge.png
similarity index 100%
rename from windows/configuration/images/customization-start-edge.PNG
rename to windows/configuration/images/customization-start-edge.png
diff --git a/windows/configuration/images/customization-start.PNG b/windows/configuration/images/customization-start.png
similarity index 100%
rename from windows/configuration/images/customization-start.PNG
rename to windows/configuration/images/customization-start.png
diff --git a/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png b/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png
deleted file mode 100644
index ca0cbd51cc..0000000000
Binary files a/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png and /dev/null differ
diff --git a/windows/configuration/images/icd-create-options-1703.PNG b/windows/configuration/images/icd-create-options-1703.png
similarity index 100%
rename from windows/configuration/images/icd-create-options-1703.PNG
rename to windows/configuration/images/icd-create-options-1703.png
diff --git a/windows/configuration/images/icd-desktop-1703.PNG b/windows/configuration/images/icd-desktop-1703.png
similarity index 100%
rename from windows/configuration/images/icd-desktop-1703.PNG
rename to windows/configuration/images/icd-desktop-1703.png
diff --git a/windows/configuration/images/icd-runtime.PNG b/windows/configuration/images/icd-runtime.png
similarity index 100%
rename from windows/configuration/images/icd-runtime.PNG
rename to windows/configuration/images/icd-runtime.png
diff --git a/windows/configuration/images/icd-setting-help.PNG b/windows/configuration/images/icd-setting-help.png
similarity index 100%
rename from windows/configuration/images/icd-setting-help.PNG
rename to windows/configuration/images/icd-setting-help.png
diff --git a/windows/configuration/images/icd-step1.PNG b/windows/configuration/images/icd-step1.png
similarity index 100%
rename from windows/configuration/images/icd-step1.PNG
rename to windows/configuration/images/icd-step1.png
diff --git a/windows/configuration/images/icd-step2.PNG b/windows/configuration/images/icd-step2.png
similarity index 100%
rename from windows/configuration/images/icd-step2.PNG
rename to windows/configuration/images/icd-step2.png
diff --git a/windows/configuration/images/icd-step3.PNG b/windows/configuration/images/icd-step3.png
similarity index 100%
rename from windows/configuration/images/icd-step3.PNG
rename to windows/configuration/images/icd-step3.png
diff --git a/windows/configuration/images/icd-step4.PNG b/windows/configuration/images/icd-step4.png
similarity index 100%
rename from windows/configuration/images/icd-step4.PNG
rename to windows/configuration/images/icd-step4.png
diff --git a/windows/configuration/images/icd-step5.PNG b/windows/configuration/images/icd-step5.png
similarity index 100%
rename from windows/configuration/images/icd-step5.PNG
rename to windows/configuration/images/icd-step5.png
diff --git a/windows/configuration/images/icd-switch.PNG b/windows/configuration/images/icd-switch.png
similarity index 100%
rename from windows/configuration/images/icd-switch.PNG
rename to windows/configuration/images/icd-switch.png
diff --git a/windows/configuration/images/icons/accessibility.svg b/windows/configuration/images/icons/accessibility.svg
new file mode 100644
index 0000000000..21a6b4f235
--- /dev/null
+++ b/windows/configuration/images/icons/accessibility.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/configuration/images/icons/windows-os.svg b/windows/configuration/images/icons/windows-os.svg
new file mode 100644
index 0000000000..da64baf975
--- /dev/null
+++ b/windows/configuration/images/icons/windows-os.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/configuration/images/kiosk-account-details.PNG b/windows/configuration/images/kiosk-account-details.png
similarity index 100%
rename from windows/configuration/images/kiosk-account-details.PNG
rename to windows/configuration/images/kiosk-account-details.png
diff --git a/windows/configuration/images/kiosk-common-details.PNG b/windows/configuration/images/kiosk-common-details.png
similarity index 100%
rename from windows/configuration/images/kiosk-common-details.PNG
rename to windows/configuration/images/kiosk-common-details.png
diff --git a/windows/configuration/images/kiosk-desktop.PNG b/windows/configuration/images/kiosk-desktop.png
similarity index 100%
rename from windows/configuration/images/kiosk-desktop.PNG
rename to windows/configuration/images/kiosk-desktop.png
diff --git a/windows/configuration/images/kiosk-fullscreen.PNG b/windows/configuration/images/kiosk-fullscreen.png
similarity index 100%
rename from windows/configuration/images/kiosk-fullscreen.PNG
rename to windows/configuration/images/kiosk-fullscreen.png
diff --git a/windows/configuration/images/kiosk-settings.PNG b/windows/configuration/images/kiosk-settings.png
similarity index 100%
rename from windows/configuration/images/kiosk-settings.PNG
rename to windows/configuration/images/kiosk-settings.png
diff --git a/windows/configuration/images/kiosk.png b/windows/configuration/images/kiosk.png
deleted file mode 100644
index 868ea31bb1..0000000000
Binary files a/windows/configuration/images/kiosk.png and /dev/null differ
diff --git a/windows/configuration/images/office-logo.png b/windows/configuration/images/office-logo.png
deleted file mode 100644
index cd6d504301..0000000000
Binary files a/windows/configuration/images/office-logo.png and /dev/null differ
diff --git a/windows/configuration/images/set-up-device-details-desktop.PNG b/windows/configuration/images/set-up-device-details-desktop.png
similarity index 100%
rename from windows/configuration/images/set-up-device-details-desktop.PNG
rename to windows/configuration/images/set-up-device-details-desktop.png
diff --git a/windows/configuration/images/set-up-device-details.PNG b/windows/configuration/images/set-up-device-details.png
similarity index 100%
rename from windows/configuration/images/set-up-device-details.PNG
rename to windows/configuration/images/set-up-device-details.png
diff --git a/windows/configuration/images/set-up-network-details-desktop.PNG b/windows/configuration/images/set-up-network-details-desktop.png
similarity index 100%
rename from windows/configuration/images/set-up-network-details-desktop.PNG
rename to windows/configuration/images/set-up-network-details-desktop.png
diff --git a/windows/configuration/images/set-up-network-details.PNG b/windows/configuration/images/set-up-network-details.png
similarity index 100%
rename from windows/configuration/images/set-up-network-details.PNG
rename to windows/configuration/images/set-up-network-details.png
diff --git a/windows/configuration/images/user.PNG b/windows/configuration/images/user.png
similarity index 100%
rename from windows/configuration/images/user.PNG
rename to windows/configuration/images/user.png
diff --git a/windows/configuration/images/wcd-app-commands.PNG b/windows/configuration/images/wcd-app-commands.png
similarity index 100%
rename from windows/configuration/images/wcd-app-commands.PNG
rename to windows/configuration/images/wcd-app-commands.png
diff --git a/windows/configuration/images/wcd-app-name.PNG b/windows/configuration/images/wcd-app-name.png
similarity index 100%
rename from windows/configuration/images/wcd-app-name.PNG
rename to windows/configuration/images/wcd-app-name.png
diff --git a/windows/configuration/images/windows.png b/windows/configuration/images/windows.png
deleted file mode 100644
index e3889eff6a..0000000000
Binary files a/windows/configuration/images/windows.png and /dev/null differ
diff --git a/windows/configuration/includes/insider-note.md b/windows/configuration/includes/insider-note.md
new file mode 100644
index 0000000000..f0018a1d2b
--- /dev/null
+++ b/windows/configuration/includes/insider-note.md
@@ -0,0 +1,16 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.topic: include
+ms.date: 01/11/2024
+---
+
+:::row:::
+:::column span="1":::
+:::image type="content" source="insider.png" alt-text="Logo of Windows Insider." border="false":::
+:::column-end:::
+:::column span="3":::
+> [!IMPORTANT]
+>This article describes features or settings that are under development and only applicable to [Windows Insider Preview builds](/windows-insider/). The content is subject to change and may have dependencies on other features or services in preview.
+:::column-end:::
+:::row-end:::
diff --git a/windows/configuration/includes/insider.png b/windows/configuration/includes/insider.png
new file mode 100644
index 0000000000..dbe00408cb
Binary files /dev/null and b/windows/configuration/includes/insider.png differ
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
deleted file mode 100644
index 7f90909404..0000000000
--- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: aczechowski
-ms.author: aaroncz
-ms.date: 09/21/2021
-ms.reviewer:
-manager: aaroncz
-ms.prod: w10
-ms.topic: include
----
-
-Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml
index 0eace6a656..334a6aeec9 100644
--- a/windows/configuration/index.yml
+++ b/windows/configuration/index.yml
@@ -1,74 +1,78 @@
### YamlMime:Landing
-
title: Configure Windows client # < 60 chars
-summary: Find out how to apply custom configurations to Windows client devices. Windows provides many features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
+summary: Find out how to apply custom configurations to Windows client devices. # < 160 chars
metadata:
title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find out how to apply custom configurations to Windows client devices. # Required; article description that is displayed in search results. < 160 chars.
ms.topic: landing-page # Required
- ms.prod: windows-client
ms.collection:
- - highpri
- tier1
author: aczechowski
ms.author: aaroncz
manager: aaroncz
- ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
- localization_priority: medium
-
+ ms.date: 12/20/2023
+
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- - title: Manage Windows client settings
+ - title: Customize the appearance
linkLists:
- - linkListType: overview
+ - linkListType: how-to-guide
links:
- - text: Manage the Windows 10 Start and taskbar layout
- url: windows-10-start-layout-options-and-policies.md
+ - text: Customize the Windows 11 Start menu layout
+ url: customize-start-menu-layout-windows-11.md
+ - text: Customize the Windows 11 taskbar
+ url: customize-taskbar-windows-11.md
- text: Configure Windows Spotlight on the lock screen
url: windows-spotlight.md
- - text: Customize the Windows 10 Start and taskbar with Group Policy
- url: customize-windows-10-start-screens-by-using-group-policy.md
-
+ - text: Accessibility information for IT pros
+ url: windows-accessibility-for-itpros.md
# Card (optional)
- title: Configure a Windows kiosk
linkLists:
- - linkListType: overview
+ - linkListType: how-to-guide
links:
- - text: Guidelines for choosing an app for assigned access
- url: guidelines-for-assigned-access-app.md
+ - text: Configure kiosks and digital signs
+ url: kiosk-methods.md
- text: Set up a single-app kiosk
url: kiosk-single-app.md
- - text: Set up a multi-app kiosk
- url: lock-down-windows-10-to-specific-apps.md
-
+ - text: Set up a multi-app kiosk for Windows 11
+ url: lock-down-windows-11-to-specific-apps.md
+ - text: Manage multi-user and guest devices
+ url: shared-devices-concepts.md
# Card (optional)
- - title: Windows client provisioning packages
+ - title: Use provisioning packages
linkLists:
- - linkListType: overview
+ - linkListType: how-to-guide
links:
+ - text: Provisioning packages for Windows
+ url: provisioning-packages/provisioning-packages.md
- text: Install Windows Configuration Designer
url: provisioning-packages/provisioning-install-icd.md
- - text: Provisioning packages for Windows 10
- url: provisioning-packages/provisioning-packages.md
+ - text: Create a provisioning package
+ url: provisioning-packages/provisioning-create-package.md
+ - text: Apply a provisioning package
+ url: provisioning-packages/provisioning-apply-package.md
# Card (optional)
- title: Use Windows Configuration Designer (WCD)
linkLists:
- - linkListType: overview
+ - linkListType: reference
links:
- text: Windows Configuration Designer (WCD) reference
url: wcd/wcd.md
- - text: WCD policies reference
+ - text: Policies
url: wcd/wcd-policies.md
- - text: WCD OOBE reference
- url: wcd/wcd-oobe.md
+ - text: ProvisioningCommands
+ url: wcd/wcd-provisioningcommands.md
+ - text: Accounts
+ url: wcd/wcd-accounts.md
# Card (optional)
- title: Configure Cortana in Windows client
@@ -77,7 +81,8 @@ landingContent:
links:
- text: Configure Cortana in Windows 10
url: cortana-at-work/cortana-at-work-overview.md
- - text: Custom voice commands in Cortana
+ - text: Custom voice commands in Cortana
+
url: cortana-at-work/cortana-at-work-voice-commands.md
# Card (optional)
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
deleted file mode 100644
index 91f7ece2cf..0000000000
--- a/windows/configuration/kiosk-additional-reference.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: More kiosk methods and reference information (Windows 10/11)
-description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.topic: reference
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# More kiosk methods and reference information
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-## In this section
-
-Topic | Description
---- | ---
-[Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app.
-[Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk.
-[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience.
-[Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
-[Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
-[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps.
-[Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
-[Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration.
\ No newline at end of file
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
deleted file mode 100644
index 7dc2ae5f02..0000000000
--- a/windows/configuration/kiosk-methods.md
+++ /dev/null
@@ -1,120 +0,0 @@
----
-title: Configure kiosks and digital signs on Windows 10/11 desktop editions
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: lizgt2000
-ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Configure kiosks and digital signs on Windows desktop editions
-
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
-
-- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.
-
- A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen.
-
- 
-
-- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types.
-
- > [!NOTE]
- > [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
-
- A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device.
-
- 
-
-Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user.
-
-There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
-
-- **Which type of app will your kiosk run?**
-
- 
-
- Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
-
-- **Which type of kiosk do you need?**
-
- 
-
- If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
-
-- **Which edition of Windows client will the kiosk run?**
-
- 
-
- All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home.
-
-- **Which type of user account will be the kiosk account?**
-
- 
-
- The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
-
-
->[!IMPORTANT]
->Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
-
-[!INCLUDE [assigned-access-kiosk-mode](../../includes/licensing/assigned-access-kiosk-mode.md)]
-
-## Methods for a single-app kiosk running a UWP app
-
-You can use this method | For this edition | For this kiosk account type
---- | --- | ---
-[Assigned access in Settings](kiosk-single-app.md#local) | Pro, Ent, Edu | Local standard user
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | Pro, Ent, Edu | Local standard user
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
-[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-
-
-## Methods for a single-app kiosk running a Windows desktop application
-
-You can use this method | For this edition | For this kiosk account type
---- | --- | ---
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
-[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-
-
-## Methods for a multi-app kiosk
-
-You can use this method | For this edition | For this kiosk account type
---- | --- | ---
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID
-[MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-## Summary of kiosk configuration methods
-
-Method | App type | Account type | Single-app kiosk | Multi-app kiosk
---- | --- | --- | :---: | :---:
-[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | ✔️ |
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | ✔️ |
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ |
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ | ✔️
-Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✔️ | ✔️
-[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ |
-[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | | ✔️
-
-
->[!NOTE]
->For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
deleted file mode 100644
index 9e599f8790..0000000000
--- a/windows/configuration/kiosk-policies.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: Policies enforced on kiosk devices (Windows 10/11)
-description: Learn about the policies enforced on a device when you configure it as a kiosk.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.author: lizlong
-ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Policies enforced on kiosk devices
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-
-It isn't recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
-
-When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
-
-
-## Group Policy
-
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Microsoft Entra users.
-
-| Setting | Value |
-| --- | --- |
-Remove access to the context menus for the task bar | Enabled
-Clear history of recently opened documents on exit | Enabled
-Prevent users from customizing their Start Screen | Enabled
-Prevent users from uninstalling applications from Start | Enabled
-Remove Run menu from Start Menu | Enabled
-Disable showing balloon notifications as toast | Enabled
-Do not allow pinning items in Jump Lists | Enabled
-Do not allow pinning programs to the Taskbar | Enabled
-Do not display or track items in Jump Lists from remote locations | Enabled
-Remove Notifications and Action Center | Enabled
-Lock all taskbar settings | Enabled
-Lock the Taskbar | Enabled
-Prevent users from adding or removing toolbars | Enabled
-Prevent users from resizing the taskbar | Enabled
-Remove frequent programs list from the Start Menu | Enabled
-Remove Pinned programs from the taskbar | Enabled
-Remove the Security and Maintenance icon | Enabled
-Turn off all balloon notifications | Enabled
-Turn off feature advertisement balloon notifications | Enabled
-Turn off toast notifications | Enabled
-Remove Task Manager | Enabled
-Remove Change Password option in Security Options UI | Enabled
-Remove Sign Out option in Security Options UI | Enabled
-Remove All Programs list from the Start Menu | Enabled – Remove and disable setting
-Prevent access to drives from My Computer | Enabled - Restrict all drives
-
->[!NOTE]
->When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
-
-
-
-## MDM policy
-
-
-Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (that is, system-wide impact).
-
-Setting | Value | System-wide
- --- | --- | ---
-[Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes
-[Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
-Start/HidePeopleBar | 1 - True (hide) | No
-[Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes
-[WindowsInkWorkspace/AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes
-[Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No
-[WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
similarity index 91%
rename from windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
rename to windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
index ee9ad89242..862316c47b 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
@@ -1,19 +1,10 @@
---
title: Find the Application User Model ID of an installed app
-ms.reviewer: sybruckm
-manager: aaroncz
description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.collection:
- - highpri
- - tier2
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
+
# Find the Application User Model ID of an installed app
To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. You can find the AUMID by using Windows PowerShell, File Explorer, or the registry.
@@ -50,10 +41,8 @@ You can add the `-user
For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. |
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
+| Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. |
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
+
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18)
+1. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com)
+1. Save the XML file
+1. Open the project again in Windows Configuration Designer
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed
+
+> [!TIP]
+>
+> To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information:
+>
+> - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
+> - Data type: Integer
+> - Value: 1
+
+#### Rules for URLs in Kiosk Browser settings
+
+Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home).
+
+URLs can include:
+
+- A valid port value from 1 to 65,535.
+- The path to the resource.
+- Query parameters.
+
+More guidelines for URLs:
+
+- If a period precedes the host, the policy filters exact host matches only
+- You can't use user:pass fields
+- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence
+- The policy searches wildcards (*) last
+- The optional query is a set of key-value and key-only tokens delimited by '&'
+- Key-value tokens are separated by '='
+- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching
+
+### Examples of blocked URLs and exceptions
+
+The following table describes the results for different combinations of blocked URLs and blocked URL exceptions.
+
+| Blocked URL rule | Block URL exception rule | Result |
+|--|--|--|
+| `*` | `contoso.com`
`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains. |
+| `contoso.com` | `mail.contoso.com`
`.contoso.com`
`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. |
+| `youtube.com` | `youtube.com/watch?v=v1`
`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). |
+
+The following table gives examples for blocked URLs.
+
+| Entry | Result |
+|--|--|
+| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
+| `https://*` | Blocks all HTTPS requests to any domain. |
+| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
+| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
+| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
+| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
+| `*:8080` | Blocks all requests to port 8080. |
+| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
+| `192.168.1.2` | Blocks requests to 192.168.1.1. |
+| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
+
+### Other browsers
+
+You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
+
+- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
+- [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView)
+- [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
+
+## Secure your information
+
+Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
+
+## App configuration
+
+Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
+
+Check the guidelines published by your selected app and set up accordingly.
+
+## Develop your kiosk app
+
+Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
+
+Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
+
+## Test your assigned access experience
+
+The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you've selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
diff --git a/windows/configuration/kiosk/images/account-management-details.PNG b/windows/configuration/kiosk/images/account-management-details.PNG
new file mode 100644
index 0000000000..e4307d8f7b
Binary files /dev/null and b/windows/configuration/kiosk/images/account-management-details.PNG differ
diff --git a/windows/configuration/kiosk/images/add-applications-details.PNG b/windows/configuration/kiosk/images/add-applications-details.PNG
new file mode 100644
index 0000000000..2efd3483ae
Binary files /dev/null and b/windows/configuration/kiosk/images/add-applications-details.PNG differ
diff --git a/windows/configuration/kiosk/images/add-certificates-details.PNG b/windows/configuration/kiosk/images/add-certificates-details.PNG
new file mode 100644
index 0000000000..78cd783282
Binary files /dev/null and b/windows/configuration/kiosk/images/add-certificates-details.PNG differ
diff --git a/windows/configuration/images/apprule.png b/windows/configuration/kiosk/images/apprule.png
similarity index 100%
rename from windows/configuration/images/apprule.png
rename to windows/configuration/kiosk/images/apprule.png
diff --git a/windows/configuration/images/appwarning.png b/windows/configuration/kiosk/images/appwarning.png
similarity index 100%
rename from windows/configuration/images/appwarning.png
rename to windows/configuration/kiosk/images/appwarning.png
diff --git a/windows/configuration/images/aumid-file-explorer.png b/windows/configuration/kiosk/images/aumid-file-explorer.png
similarity index 100%
rename from windows/configuration/images/aumid-file-explorer.png
rename to windows/configuration/kiosk/images/aumid-file-explorer.png
diff --git a/windows/configuration/images/auto-signin.png b/windows/configuration/kiosk/images/auto-signin.png
similarity index 100%
rename from windows/configuration/images/auto-signin.png
rename to windows/configuration/kiosk/images/auto-signin.png
diff --git a/windows/configuration/images/enable-assigned-access-log.png b/windows/configuration/kiosk/images/enable-assigned-access-log.png
similarity index 100%
rename from windows/configuration/images/enable-assigned-access-log.png
rename to windows/configuration/kiosk/images/enable-assigned-access-log.png
diff --git a/windows/configuration/images/finish-details.png b/windows/configuration/kiosk/images/finish-details.png
similarity index 100%
rename from windows/configuration/images/finish-details.png
rename to windows/configuration/kiosk/images/finish-details.png
diff --git a/windows/configuration/images/genrule.png b/windows/configuration/kiosk/images/genrule.png
similarity index 100%
rename from windows/configuration/images/genrule.png
rename to windows/configuration/kiosk/images/genrule.png
diff --git a/windows/configuration/kiosk/images/kiosk-account-details.PNG b/windows/configuration/kiosk/images/kiosk-account-details.PNG
new file mode 100644
index 0000000000..53c31880ea
Binary files /dev/null and b/windows/configuration/kiosk/images/kiosk-account-details.PNG differ
diff --git a/windows/configuration/kiosk/images/kiosk-common-details.PNG b/windows/configuration/kiosk/images/kiosk-common-details.PNG
new file mode 100644
index 0000000000..5eda9b293e
Binary files /dev/null and b/windows/configuration/kiosk/images/kiosk-common-details.PNG differ
diff --git a/windows/configuration/images/kiosk-fullscreen-sm.png b/windows/configuration/kiosk/images/kiosk-fullscreen-sm.png
similarity index 100%
rename from windows/configuration/images/kiosk-fullscreen-sm.png
rename to windows/configuration/kiosk/images/kiosk-fullscreen-sm.png
diff --git a/windows/configuration/kiosk/images/kiosk-settings.PNG b/windows/configuration/kiosk/images/kiosk-settings.PNG
new file mode 100644
index 0000000000..51a4338371
Binary files /dev/null and b/windows/configuration/kiosk/images/kiosk-settings.PNG differ
diff --git a/windows/configuration/images/kiosk-wizard.png b/windows/configuration/kiosk/images/kiosk-wizard.png
similarity index 100%
rename from windows/configuration/images/kiosk-wizard.png
rename to windows/configuration/kiosk/images/kiosk-wizard.png
diff --git a/windows/configuration/images/lockdownapps.png b/windows/configuration/kiosk/images/lockdownapps.png
similarity index 100%
rename from windows/configuration/images/lockdownapps.png
rename to windows/configuration/kiosk/images/lockdownapps.png
diff --git a/windows/configuration/images/multiappassignedaccesssettings.png b/windows/configuration/kiosk/images/multiappassignedaccesssettings.png
similarity index 100%
rename from windows/configuration/images/multiappassignedaccesssettings.png
rename to windows/configuration/kiosk/images/multiappassignedaccesssettings.png
diff --git a/windows/configuration/images/profile-config.png b/windows/configuration/kiosk/images/profile-config.png
similarity index 100%
rename from windows/configuration/images/profile-config.png
rename to windows/configuration/kiosk/images/profile-config.png
diff --git a/windows/configuration/images/sample-start.png b/windows/configuration/kiosk/images/sample-start.png
similarity index 100%
rename from windows/configuration/images/sample-start.png
rename to windows/configuration/kiosk/images/sample-start.png
diff --git a/windows/configuration/images/set-assignedaccess.png b/windows/configuration/kiosk/images/set-assignedaccess.png
similarity index 100%
rename from windows/configuration/images/set-assignedaccess.png
rename to windows/configuration/kiosk/images/set-assignedaccess.png
diff --git a/windows/configuration/kiosk/images/set-up-device-details.PNG b/windows/configuration/kiosk/images/set-up-device-details.PNG
new file mode 100644
index 0000000000..031dac6fe6
Binary files /dev/null and b/windows/configuration/kiosk/images/set-up-device-details.PNG differ
diff --git a/windows/configuration/kiosk/images/set-up-network-details.PNG b/windows/configuration/kiosk/images/set-up-network-details.PNG
new file mode 100644
index 0000000000..778b8497c4
Binary files /dev/null and b/windows/configuration/kiosk/images/set-up-network-details.PNG differ
diff --git a/windows/configuration/images/slv2-oma-uri.png b/windows/configuration/kiosk/images/slv2-oma-uri.png
similarity index 100%
rename from windows/configuration/images/slv2-oma-uri.png
rename to windows/configuration/kiosk/images/slv2-oma-uri.png
diff --git a/windows/configuration/images/vm-kiosk-connect.png b/windows/configuration/kiosk/images/vm-kiosk-connect.png
similarity index 100%
rename from windows/configuration/images/vm-kiosk-connect.png
rename to windows/configuration/kiosk/images/vm-kiosk-connect.png
diff --git a/windows/configuration/images/vm-kiosk.png b/windows/configuration/kiosk/images/vm-kiosk.png
similarity index 100%
rename from windows/configuration/images/vm-kiosk.png
rename to windows/configuration/kiosk/images/vm-kiosk.png
diff --git a/windows/configuration/kiosk/kiosk-additional-reference.md b/windows/configuration/kiosk/kiosk-additional-reference.md
new file mode 100644
index 0000000000..d652bf9874
--- /dev/null
+++ b/windows/configuration/kiosk/kiosk-additional-reference.md
@@ -0,0 +1,22 @@
+---
+title: More kiosk methods and reference information
+description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
+ms.topic: reference
+ms.date: 12/31/2017
+---
+
+# More kiosk methods and reference information
+
+## In this section
+
+| Topic | Description |
+|--|--|
+| [Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app. |
+| [Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk. |
+| [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience. |
+| [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. |
+| [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. |
+| [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. |
+| [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. |
+| [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. |
+| [Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. |
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk/kiosk-mdm-bridge.md
similarity index 74%
rename from windows/configuration/kiosk-mdm-bridge.md
rename to windows/configuration/kiosk/kiosk-mdm-bridge.md
index 4b2f8a1fe8..7725923709 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk/kiosk-mdm-bridge.md
@@ -1,42 +1,30 @@
---
-title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
+title: Use MDM Bridge WMI Provider to create a Windows kiosk
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 1/26/2024
+zone_pivot_groups: windows-versions-11-10
+appliesto:
---
# Use MDM Bridge WMI Provider to create a Windows client kiosk
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
+Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
Here's an example to set AssignedAccess configuration:
-1. Download the [psexec tool](/sysinternals/downloads/psexec).
-2. Run `psexec.exe -i -s cmd.exe`.
-3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
+1. [Download PsTools][PSTools]
+1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
+1. In the PowerShell session launched by `psexec.exe`, execute the following script:
-Step 4 is different for Windows 10 or Windows 11
+::: zone pivot="windows-10"
-4. Execute the following script for Windows 10:
-
-```xml
+```PowerShell
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
Add-Type -AssemblyName System.Web
+
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
- Assign [group accounts to a config profile](#config-for-group-accounts)
- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 |
| - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)
- [Automatically launch an app](#allowedapps) when the user signs in
- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809
**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `https://schemas.microsoft.com/AssignedAccess/201810/config`. |
->[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+> [!WARNING]
+> The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
->[!TIP]
->Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
+> [!TIP]
+> Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
@@ -57,12 +43,12 @@ To configure a kiosk in Microsoft Intune, see:
Process:
1. [Create XML file](#create-xml-file)
-2. [Add XML file to provisioning package](#add-xml)
-3. [Apply provisioning package to device](#apply-ppkg)
+1. [Add XML file to provisioning package](#add-xml)
+1. [Apply provisioning package to device](#apply-ppkg)
Watch how to use a provisioning package to configure a multi-app kiosk.
->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#use-mdm-to-deploy-the-multi-app-configuration), or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
@@ -71,8 +57,8 @@ If you don't want to use a provisioning package, you can deploy the configuratio
- Windows Configuration Designer (Windows 10, version 1709 or later)
- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709 or later
->[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
+> [!NOTE]
+> For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
### Create XML file
@@ -161,7 +147,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
1. Default rule is to allow all users to launch the signed package apps.
-2. The package app blocklist is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the blocklist. This list will exclude the default allowed inbox package apps, which are critical for the system to function. It then excludes the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This blocklist will be used to prevent the user from accessing the apps that are currently available for the user but not in the allowed list.
+1. The package app blocklist is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the blocklist. This list will exclude the default allowed inbox package apps, which are critical for the system to function. It then excludes the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This blocklist will be used to prevent the user from accessing the apps that are currently available for the user but not in the allowed list.
> [!NOTE]
> You can't manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994629(v=ws.11)#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
@@ -171,8 +157,8 @@ When the multi-app kiosk configuration is applied to a device, AppLocker rules w
Here are the predefined assigned access AppLocker rules for **desktop apps**:
1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
-2. There's a predefined inbox desktop app blocklist for the assigned access user account, and this blocklist is adjusted based on the desktop app allowlist that you defined in the multi-app configuration.
-3. Enterprise-defined allowed desktop apps are added in the AppLocker allowlist.
+1. There's a predefined inbox desktop app blocklist for the assigned access user account, and this blocklist is adjusted based on the desktop app allowlist that you defined in the multi-app configuration.
+1. Enterprise-defined allowed desktop apps are added in the AppLocker allowlist.
The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
@@ -198,7 +184,7 @@ Starting in Windows 10 version 1809, you can explicitly allow some known folders
The following example shows how to allow user access to the Downloads folder in the common file dialog box.
->[!TIP]
+> [!TIP]
> To grant access to the Downloads folder through File Explorer, add "Explorer.exe" to the list of allowed apps, and pin a file explorer shortcut to the kiosk start menu.
```xml
@@ -231,17 +217,17 @@ The following example shows how to allow user access to the Downloads folder in
> - `FileExplorerNamespaceRestrictions` and `AllowedNamespace:Downloads` are available in namespace `https://schemas.microsoft.com/AssignedAccess/201810/config`.
> - `AllowRemovableDrives` and `NoRestriction` are defined in a new namespace `https://schemas.microsoft.com/AssignedAccess/2020/config`.
-* When `FileExplorerNamespaceRestrictions` node isn't used, or used but left empty, the user won't be able to access any folder in a common dialog. For example, **Save As** in the Microsoft Edge browser.
-* When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
-* When `AllowRemovableDrives` is used, user will be to access removable drives.
-* When `NoRestriction` is used, no restriction will be applied to the dialog.
-* `AllowRemovableDrives` and `AllowedNamespace:Downloads` can be used at the same time.
+- When `FileExplorerNamespaceRestrictions` node isn't used, or used but left empty, the user won't be able to access any folder in a common dialog. For example, **Save As** in the Microsoft Edge browser.
+- When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
+- When `AllowRemovableDrives` is used, user will be to access removable drives.
+- When `NoRestriction` is used, no restriction will be applied to the dialog.
+- `AllowRemovableDrives` and `AllowedNamespace:Downloads` can be used at the same time.
##### StartLayout
After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
-The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
+The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](../start/customize-and-export-start-layout.md).
A few things to note here:
@@ -278,8 +264,8 @@ The following example pins Groove Music, Movies & TV, Photos, Weather, Calculato
```
->[!NOTE]
->If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
+> [!NOTE]
+> If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
@@ -299,8 +285,8 @@ The following example hides the taskbar:
Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.|
+|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.|
+|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 1. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.
Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](/mem/intune/configuration/custom-settings-windows-10) for **AboveLock/AllowActionCenterNotifications**.|
+|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.|
+|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.
Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.|
+|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 1. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and noncritical system notifications, but it also applied some of these limitations to other accounts on the device.
In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.
Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.|
+|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.|
+|[Custom sign in](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign out, and shut down|[Embedded sign in](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
+|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/kiosk/setup-digital-signage.md
similarity index 55%
rename from windows/configuration/setup-digital-signage.md
rename to windows/configuration/kiosk/setup-digital-signage.md
index b5761ada29..f159299653 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/kiosk/setup-digital-signage.md
@@ -1,30 +1,18 @@
---
-title: Set up digital signs on Windows 10/11
-description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
+title: Set up digital signs on Windows
+description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
ms.date: 09/20/2021
ms.topic: article
-ms.technology: itpro-configure
---
-# Set up digital signs on Windows 10/11
+# Set up digital signs
-**Applies to**
+Digital signage can be a useful and exciting business tool. Use digital signs to showcase your products and services, to display testimonials, or to advertise promotions and campaigns. A digital sign can be a static display, such as a building directory or menu, or it can be dynamic, such as repeating videos or a social media feed.
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-Digital signage can be a useful and exciting business tool. Use digital signs to showcase your products and services, to display testimonials, or to advertise promotions and campaigns. A digital sign can be a static display, such as a building directory or menu, or it can be dynamic, such as repeating videos or a social media feed.
-
-For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) or the Kiosk Browser app, and configure it to show your online content.
+For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](/DeployEdge/microsoft-edge-configure-kiosk-mode) or the Kiosk Browser app, and configure it to show your online content.
>[!TIP]
->Kiosk Browser can also be used in [single-app kiosks](kiosk-single-app.md) and [multi-app kiosk](lock-down-windows-10-to-specific-apps.md) as a web browser. For more information, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
+>Kiosk Browser can also be used in [single-app kiosks](kiosk-single-app.md) and [multi-app kiosk](lock-down-windows-10-to-specific-apps.md) as a web browser. For more information, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
Kiosk Browser must be downloaded for offline licensing using Microsoft Store for Business. You can deploy Kiosk Browser to devices running Windows 11, and Windows 10 version 1803+.
@@ -33,30 +21,30 @@ Kiosk Browser must be downloaded for offline licensing using Microsoft Store for
This procedure explains how to configure digital signage using Kiosk Browser on a device running Windows client that has already been set up (completed the first-run experience).
-1. [Get **Kiosk Browser** in Microsoft Store for Business with offline, unencoded license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
-2. [Download the **Kiosk Browser** package, license file, and all required frameworks.](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app)
-2. [Install Windows Configuration Designer.](~/provisioning-packages/provisioning-install-icd.md)
-3. Open Windows Configuration Designer and select **Provision kiosk devices**.
-4. Enter a friendly name for the project, and select **Finish**.
-5. On **Set up device**, select **Disabled**, and select **Next**.
-6. On **Set up network**, enable network setup:
- - Toggle **On** wireless network connectivity.
+1. [Get **Kiosk Browser** in Microsoft Store for Business with offline, unencoded license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
+1. [Download the **Kiosk Browser** package, license file, and all required frameworks.](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app)
+1. [Install Windows Configuration Designer.](~/provisioning-packages/provisioning-install-icd.md)
+1. Open Windows Configuration Designer and select **Provision kiosk devices**.
+1. Enter a friendly name for the project, and select **Finish**.
+1. On **Set up device**, select **Disabled**, and select **Next**.
+1. On **Set up network**, enable network setup:
+ - Toggle **On** wireless network connectivity.
- Enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.
-7. On **Account management**, select **Disabled**, and select **Next**.
-8. On **Add applications**, select **Add an application**:
+1. On **Account management**, select **Disabled**, and select **Next**.
+1. On **Add applications**, select **Add an application**:
- For **Application name**, enter `Kiosk Browser`.
- For **Installer path**, browse to and select the AppxBundle that you downloaded from Microsoft Store for Business. After you select the package, additional fields are displayed.
- For **License file path**, browse to and select the XML license file that you downloaded from Microsoft Store for Business.
- The **Package family name** is populated automatically.
- Select **Next**.
-9. On **Add certificates**, select **Next**.
-10. On **Configure kiosk account and app**, toggle **Yes** to create a local user account for your digital signage:
+1. On **Add certificates**, select **Next**.
+1. On **Configure kiosk account and app**, toggle **Yes** to create a local user account for your digital signage:
- Enter a user name and password, and toggle **Auto sign-in** to **Yes**.
- Under **Configure the kiosk mode app**, enter the user name for the account that you're creating.
- For **App type**, select **Universal Windows App**.
- In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
-11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**.
-12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu:
+1. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**.
+1. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu:
- In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.
- In **BlockedUrl**, enter `*`.
- In **DefaultUrl**, enter `https://www.contoso.com/menu`.
@@ -65,13 +53,13 @@ This procedure explains how to configure digital signage using Kiosk Browser on
>[!TIP]
>For more information on kiosk browser settings, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
-13. On the **File** menu, select **Save**, and select **OK** in the **Keep your info secure** dialog box.
-14. On the **Export** menu, select **Provisioning package**.
-15. Change the **Owner** to **IT Admin**, and select **Next**.
-16. On **Select security details for the provisioning package**, select **Next**.
-17. On **Select where to save the provisioning package**, select **Next**.
-18. On **Build the provisioning package**, select **Build**.
-19. On the **All done!** screen, click the **Output location**.
-20. Copy the .ppkg file to a USB drive.
-21. Attach the USB drive to the device that you want to use for your digital sign.
-22. Go to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package on the USB drive.
+1. On the **File** menu, select **Save**, and select **OK** in the **Keep your info secure** dialog box.
+1. On the **Export** menu, select **Provisioning package**.
+1. Change the **Owner** to **IT Admin**, and select **Next**.
+1. On **Select security details for the provisioning package**, select **Next**.
+1. On **Select where to save the provisioning package**, select **Next**.
+1. On **Build the provisioning package**, select **Build**.
+1. On the **All done!** screen, click the **Output location**.
+1. Copy the .ppkg file to a USB drive.
+1. Attach the USB drive to the device that you want to use for your digital sign.
+1. Go to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package on the USB drive.
diff --git a/windows/configuration/kiosk/toc.yml b/windows/configuration/kiosk/toc.yml
new file mode 100644
index 0000000000..3362daaabd
--- /dev/null
+++ b/windows/configuration/kiosk/toc.yml
@@ -0,0 +1,37 @@
+items:
+- name: Overview
+ href: kiosk-methods.md
+- name: Prepare a device for kiosk configuration
+ href: kiosk-prepare.md
+- name: Set up digital signs
+ href: setup-digital-signage.md
+- name: Set up a single-app kiosk
+ href: kiosk-single-app.md
+- name: Set up a multi-app kiosk for Windows 10
+ href: lock-down-windows-10-to-specific-apps.md
+- name: Set up a multi-app kiosk for Windows 11
+ href: lock-down-windows-11-to-specific-apps.md
+- name: Kiosk reference information
+ items:
+ - name: More kiosk methods and reference information
+ href: kiosk-additional-reference.md
+ - name: Find the Application User Model ID of an installed app
+ href: find-the-application-user-model-id-of-an-installed-app.md
+ - name: Validate your kiosk configuration
+ href: kiosk-validate.md
+ - name: Guidelines for choosing an app for assigned access (kiosk mode)
+ href: guidelines-for-assigned-access-app.md
+ - name: Policies enforced on kiosk devices
+ href: kiosk-policies.md
+ - name: Assigned access XML reference
+ href: kiosk-xml.md
+ - name: Use AppLocker to create a Windows 10 kiosk
+ href: lock-down-windows-10-applocker.md
+ - name: Use Shell Launcher to create a Windows client kiosk
+ href: kiosk-shelllauncher.md
+ - name: Use MDM Bridge WMI Provider to create a Windows client kiosk
+ href: kiosk-mdm-bridge.md
+ - name: Troubleshoot kiosk mode issues
+ href: /troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting
+- name: Lockdown features from Windows Embedded 8.1 Industry
+ href: lockdown-features-windows-10.md
\ No newline at end of file
diff --git a/windows/configuration/images/funfacts.png b/windows/configuration/lock-screen/images/funfacts.png
similarity index 100%
rename from windows/configuration/images/funfacts.png
rename to windows/configuration/lock-screen/images/funfacts.png
diff --git a/windows/configuration/images/lockscreen.png b/windows/configuration/lock-screen/images/lockscreen.png
similarity index 100%
rename from windows/configuration/images/lockscreen.png
rename to windows/configuration/lock-screen/images/lockscreen.png
diff --git a/windows/configuration/images/lockscreenpolicy.png b/windows/configuration/lock-screen/images/lockscreenpolicy.png
similarity index 100%
rename from windows/configuration/images/lockscreenpolicy.png
rename to windows/configuration/lock-screen/images/lockscreenpolicy.png
diff --git a/windows/configuration/images/spotlight.png b/windows/configuration/lock-screen/images/spotlight.png
similarity index 100%
rename from windows/configuration/images/spotlight.png
rename to windows/configuration/lock-screen/images/spotlight.png
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/lock-screen/windows-spotlight.md
similarity index 70%
rename from windows/configuration/windows-spotlight.md
rename to windows/configuration/lock-screen/windows-spotlight.md
index 33bd24bcc8..faf68d1afa 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/lock-screen/windows-spotlight.md
@@ -1,86 +1,56 @@
---
-title: Configure Windows Spotlight on the lock screen
-description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
+title: Configure Windows Spotlight
+description: Learn how to configure Windows Spotlight, a Windows lock screen feature that displays different images.
+ms.topic: how-to
ms.date: 04/30/2018
-ms.collection:
- - highpri
- - tier2
-ms.technology: itpro-configure
---
-# Configure Windows Spotlight on the lock screen
+# Configure Windows Spotlight
-
-**Applies to**
-
-- Windows 10
-
-
-Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen. Windows Spotlight is available in all desktop editions of Windows 10.
+Windows Spotlight is a Windows feature that displays different background images and occasionally offers suggestions on the lock screen. Windows Spotlight is available in all desktop editions of Windows 10.
For managed devices running Windows 10 Enterprise and Windows 10 Education, enterprise administrators can configure a mobile device management (MDM) or Group Policy setting to prevent users from using the Windows Spotlight background. For managed devices running Windows 10 Pro, version 1607, administrators can disable suggestions for third party apps.
-
>[!NOTE]
->In Windows 10, version 1607, the lock screen background does not display if you disable the **Animate windows when minimizing and maximizing** setting in **This PC** > **Properties** > **Advanced system settings** > **Performance settings** > **Visual Effects**, or if you enable the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Desktop Windows Manager** > **Do not allow windows animations**.
->
->In Windows 10, version 1703, you can use the [Personalization CSP](/windows/client-management/mdm/personalization-csp) settings to set lock screen and desktop background images.
+>You can use the [Personalization CSP](/windows/client-management/mdm/personalization-csp) settings to set lock screen and desktop background images.
## What does Windows Spotlight include?
-
-- **Background image**
-
+- **Background image**
The Windows Spotlight displays a new image on the lock screen each day. The initial background image is included during installation. More images are downloaded on ongoing basis.
-
-
-- **Feature suggestions, fun facts, tips**
-
+- **Feature suggestions, fun facts, tips**
The lock screen background will occasionally make recommendations on how to enhance your productivity and enjoyment of Microsoft products including suggesting other relevant Microsoft products and services.
-
## How do you turn off Windows Spotlight locally?
-
To turn off Windows Spotlight locally, go to **Settings** > **Personalization** > **Lock screen** > **Background** > **Windows spotlight** > select a different lock screen background
## How do you disable Windows Spotlight for managed devices?
-
Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mobile device management (MDM) settings to help you manage Windows Spotlight on enterprise computers.
>[!NOTE]
>These policies are in the **User Configuration \Policies\Administrative Templates\Windows Components\Cloud Content** path in the Group Policy Management Console, and in the **User Configuration \Administrative Templates\Windows Components\Cloud Content** path in the Local Group Policy Editor.
| Group Policy | MDM | Description | Applies to |
-| --- | --- | --- | --- |
+|--|--|--|--|
| **Do not suggest third-party content in Windows spotlight** | **Experience/Allow ThirdParty Suggestions In Windows Spotlight** | Enables enterprises to restrict suggestions to Microsoft apps and services | Windows 10 Pro, Enterprise, and Education, version 1607 and later |
| **Turn off all Windows Spotlight features** | **Experience/Allow Windows Spotlight** | Enables enterprises to completely disable all Windows Spotlight features in a single setting | Windows 10 Enterprise and Education, version 1607 and later |
-| **Configure Spotlight on lock screen** | **Experience/Configure Windows Spotlight On Lock Screen** | Specifically controls the use of the dynamic Windows Spotlight image on the lock screen, and can be enabled or disabled | Windows 10 Enterprise and Education, version 1607 and later |
-| **Turn off the Windows Spotlight on Action Center** | **Experience/Allow Windows Spotlight On Action Center** | Turn off Suggestions from Microsoft that show after each clean install, upgrade, or on an on-going basis to introduce users to what is new or changed | Windows 10 Enterprise and Education, version 1703 |
+| **Configure Spotlight on lock screen** | **Experience/Configure Windows Spotlight On Lock Screen** | Specifically controls the use of the dynamic Windows Spotlight image on the lock screen, and can be enabled or disabled | Windows 10 Enterprise and Education, version 1607 and later |
+| **Turn off the Windows Spotlight on Action Center** | **Experience/Allow Windows Spotlight On Action Center** | Turn off Suggestions from Microsoft that show after each clean install, upgrade, or on an on-going basis to introduce users to what is new or changed | Windows 10 Enterprise and Education, version 1703 |
| **Do not use diagnostic data for tailored experiences** | **Experience/Allow Tailored Experiences With Diagnostic Data** | Prevent Windows from using diagnostic data to provide tailored experiences to the user | Windows 10 Pro, Enterprise, and Education, version 1703 |
| **Turn off the Windows Welcome Experience** | **Experience/Allow Windows Spotlight Windows Welcome Experience** | Turn off the Windows Spotlight Windows Welcome experience that helps introduce users to Windows, such as launching Microsoft Edge with a web page highlighting new features | Windows 10 Enterprise and Education, version 1703 |
-**Turn off the Windows Spotlight on Settings** | **Experience/Allow Windows Spotlight on Settings** | Turn off the Windows Spotlight in the Settings app. | Windows 10 Enterprise and Education, version 1803 |
-
-
+| **Turn off the Windows Spotlight on Settings** | **Experience/Allow Windows Spotlight on Settings** | Turn off the Windows Spotlight in the Settings app. | Windows 10 Enterprise and Education, version 1803 |
In addition to the specific policy settings for Windows Spotlight, administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image** (Windows 10 Enterprise and Education).
>[!TIP]
>If you want to use a custom lock screen image that contains text, see [Resolution for custom lock screen image](#resolution-for-custom-lock-screen-image).
-
Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox isn't selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages.
@@ -93,12 +63,4 @@ A custom lock screen image created in 16:9 aspect ratio (1600x900) will scale pr
Lock screen images created at other aspect ratios may scale and center unpredictably on your device when changing aspect ratios.
-The recommendation for custom lock screen images that include text (such as a legal statement) is to create the lock screen image in 16:9 resolution with text contained in the 4:3 region, allowing the text to remain visible at any aspect ratio.
-
-## Related topics
-
-
-[Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md)
-
-
-
+The recommendation for custom lock screen images that include text (such as a legal statement) is to create the lock screen image in 16:9 resolution with text contained in the 4:3 region, allowing the text to remain visible at any aspect ratio.
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
deleted file mode 100644
index 9a32f053b2..0000000000
--- a/windows/configuration/lockdown-features-windows-10.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
-description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Lockdown features from Windows Embedded 8.1 Industry
-
-**Applies to**
-
-- Windows 10
-
-Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation.
-
-|Windows Embedded 8.1 Industry lockdown feature|Windows 10 feature|Changes|
-|--- |--- |--- |
-|[Hibernate Once/Resume Many (HORM)](/previous-versions/windows/embedded/dn449302(v=winembedded.82)): Quick boot to device|[HORM](/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)|HORM is supported in Windows 10, version 1607 and later.|
-|[Unified Write Filter](/previous-versions/windows/embedded/dn449332(v=winembedded.82)): protect a device's physical storage media|[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)|The Unified Write Filter is continued in Windows 10.|
-|[Keyboard Filter](/previous-versions/windows/embedded/dn449298(v=winembedded.82)): block hotkeys and other key combinations|[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)|Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via **Turn Windows Features On/Off**. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.|
-|[Shell Launcher](/previous-versions/windows/embedded/dn449423(v=winembedded.82)): launch a Windows desktop application on sign-on|[Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher)|Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the **SMISettings** category.
Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.|
-|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.|
-|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.
Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](/mem/intune/configuration/custom-settings-windows-10) for **AboveLock/AllowActionCenterNotifications**.|
-|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.|
-|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.
Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.|
-|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.
In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.
Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.|
-|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.|
-|[Custom Logon](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown|[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
-|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
diff --git a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
index 5a71baac61..7efc313edb 100644
--- a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
@@ -1,15 +1,8 @@
---
title: Diagnose Provisioning Packages
description: Diagnose general failures in provisioning.
-ms.reviewer:
-manager: aaroncz
-ms.author: lizlong
ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: lizgt2000
ms.date: 01/18/2023
-ms.collection: highpri
---
# Diagnose Provisioning Packages
@@ -26,16 +19,16 @@ To apply the power settings successfully with the [correct security context](/wi
## Unable to perform bulk enrollment in Microsoft Entra ID
-When [enrolling devices into Microsoft Entra ID using provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400), the bulk token request will be rejected, if the user requesting a bulk token is not authorized to grant application consent. For more information, see [Configure how users consent to applications](/azure/active-directory/manage-apps/configure-user-consent).
+When [enrolling devices into Microsoft Entra ID using provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400), the bulk token request is rejected, if the user requesting a bulk token isn't authorized to grant application consent. For more information, see [Configure how users consent to applications](/azure/active-directory/manage-apps/configure-user-consent).
> [!NOTE]
-> When obtaining the bulk token, you should select "No, sign in to this app only" when prompted for authentication. If you select "OK" instead without also selecting "Allow my organization to manage my device", the bulk token request may be rejected.
+> When obtaining the bulk token, you should select "No, sign in to this app only" when prompted for authentication. If you select "OK" instead without also selecting "Allow my organization to manage my device", the bulk token request might be rejected.
## Unable to apply a multivariant provisioning package
-When applying a [multivariant package](/windows/configuration/provisioning-packages/provisioning-multivariant), it may be difficult to diagnose why a certain target did not get applied. There may have been improperly authored conditions that did not evaluate as expected.
+When applying a [multivariant package](/windows/configuration/provisioning-packages/provisioning-multivariant), it might be difficult to diagnose why a certain target didn't get applied. There may have been improperly authored conditions that didn't evaluate as expected.
-Starting in Windows 11, version 22H2, [MdmDiagnosticsTool](/windows/client-management/diagnose-mdm-failures-in-windows-10) includes multivariant condition values to diagnose problems with multivariant packages to determine why the package was not applied.
+Starting in Windows 11, version 22H2, [MdmDiagnosticsTool](/windows/client-management/diagnose-mdm-failures-in-windows-10) includes multivariant condition values to diagnose problems with multivariant packages to determine why the package wasn't applied.
You can use the following PowerShell example to review the multivariant conditions in the `MDMDiagReport.xml` report:
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index e6fe7659b1..e88f25ff70 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,24 +1,12 @@
---
-title: Configuration service providers for IT pros (Windows 10/11)
+title: Configuration service providers for IT pros
description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Configuration service providers for IT pros
-**Applies to**
-
-- Windows 10
-- Windows 11
-
This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows client in their organizations. CSPs expose device configuration settings in Windows client. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Hardware Dev Center](/windows/client-management/mdm/configuration-service-provider-reference).
## What is a CSP?
@@ -31,7 +19,7 @@ Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/win
CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
-:::image type="content" source="../images/policytocsp.png" alt-text="How intune maps to CSP":::
+:::image type="content" source="images/policytocsp.png" alt-text="How intune maps to CSP":::
CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
@@ -53,11 +41,11 @@ In addition, you may have unmanaged devices, or a large number of devices that y
### CSPs in Windows Configuration Designer
-You can use Windows Configuration Designer to create [provisioning packages](./provisioning-packages.md) to apply settings to devices during the out-of-box-experience (OOBE), and after the devices are set up. You can also use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
+You can use Windows Configuration Designer to create [provisioning packages](provisioning-packages.md) to apply settings to devices during the out-of-box-experience (OOBE), and after the devices are set up. You can also use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows Configuration Designer are based on CSPs.
Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
-:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in ICD.":::
+:::image type="content" source="images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in ICD.":::
[Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
@@ -75,15 +63,15 @@ All CSPs are documented in the [Configuration service provider reference](/windo
The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP.
-:::image type="content" source="../images/csptable.png" alt-text="The CSP reference shows the supported Windows editions":::
+:::image type="content" source="images/csptable.png" alt-text="The CSP reference shows the supported Windows editions":::
The documentation for each CSP follows the same structure. After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format.
-The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices’ root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
+The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices' root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
-:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access CSP tree.":::
+:::image type="content" source="images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access CSP tree.":::
The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
@@ -93,7 +81,7 @@ The element in the tree diagram after the root node tells you the name of the CS
When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
-:::image type="content" source="../images/csp-placeholder.png" alt-text="The placeholder in the CSP tree":::
+:::image type="content" source="images/csp-placeholder.png" alt-text="The placeholder in the CSP tree":::
After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
@@ -105,82 +93,82 @@ The documentation for most CSPs will also include an XML example.
CSPs provide access to many settings useful to enterprises. This section introduces the CSPs that an enterprise might find useful.
-- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
+- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
The Policy CSP enables the enterprise to configure policies on Windows client. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
Some of the settings available in the Policy CSP include the following:
- - **Accounts**, such as whether a non-Microsoft account can be added to the device.
- - **Application management**, such as whether only Microsoft Store apps are allowed.
- - **Bluetooth**, such as the services allowed to use it.
- - **Browser**, such as restricting InPrivate browsing.
- - **Connectivity**, such as whether the device can be connected to a computer by USB.
- - **Defender** (for desktop only), such as day and time to scan.
- - **Device lock**, such as the type of PIN or password required to unlock the device.
- - **Experience**, such as allowing Cortana.
- - **Security**, such as whether provisioning packages are allowed.
- - **Settings**, such as enabling the user to change VPN settings.
- - **Start**, such as applying a standard Start layout.
- - **System**, such as allowing the user to reset the device.
- - **Text input**, such as allowing the device to send anonymized user text input data samples to Microsoft.
- - **Update**, such as whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
- - **WiFi**, such as whether Internet sharing is enabled.
+ - **Accounts**, such as whether a non-Microsoft account can be added to the device.
+ - **Application management**, such as whether only Microsoft Store apps are allowed.
+ - **Bluetooth**, such as the services allowed to use it.
+ - **Browser**, such as restricting InPrivate browsing.
+ - **Connectivity**, such as whether the device can be connected to a computer by USB.
+ - **Defender** (for desktop only), such as day and time to scan.
+ - **Device lock**, such as the type of PIN or password required to unlock the device.
+ - **Experience**, such as allowing Cortana.
+ - **Security**, such as whether provisioning packages are allowed.
+ - **Settings**, such as enabling the user to change VPN settings.
+ - **Start**, such as applying a standard Start layout.
+ - **System**, such as allowing the user to reset the device.
+ - **Text input**, such as allowing the device to send anonymized user text input data samples to Microsoft.
+ - **Update**, such as whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
+ - **WiFi**, such as whether Internet sharing is enabled.
Here is a list of CSPs supported on Windows 10 Enterprise:
-- [ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
-- [Application CSP](/windows/client-management/mdm/application-csp)
-- [AppLocker CSP](/windows/client-management/mdm/applocker-csp)
-- [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp)
-- [Bootstrap CSP](/windows/client-management/mdm/bootstrap-csp)
-- [BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
-- [CellularSettings CSP](/windows/client-management/mdm/cellularsettings-csp)
-- [CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
-- [ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
-- [CM\_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
-- [CM\_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
-- [CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
-- [Defender CSP](/windows/client-management/mdm/defender-csp)
-- [DevDetail CSP](/windows/client-management/mdm/devdetail-csp)
-- [DeviceInstanceService CSP](/windows/client-management/mdm/deviceinstanceservice-csp)
-- [DeviceLock CSP](/windows/client-management/mdm/devicelock-csp)
-- [DeviceStatus CSP](/windows/client-management/mdm/devicestatus-csp)
-- [DevInfo CSP](/windows/client-management/mdm/devinfo-csp)
-- [DiagnosticLog CSP](/windows/client-management/mdm/diagnosticlog-csp)
-- [DMAcc CSP](/windows/client-management/mdm/dmacc-csp)
-- [DMClient CSP](/windows/client-management/mdm/dmclient-csp)
-- [Email2 CSP](/windows/client-management/mdm/email2-csp)
-- [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-- [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
-- [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
-- [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp)
-- [EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
-- [FileSystem CSP](/windows/client-management/mdm/filesystem-csp)
-- [HealthAttestation CSP](/windows/client-management/mdm/healthattestation-csp)
-- [HotSpot CSP](/windows/client-management/mdm/hotspot-csp)
-- [Maps CSP](/windows/client-management/mdm/maps-csp)
-- [NAP CSP](/windows/client-management/mdm/filesystem-csp)
-- [NAPDEF CSP](/windows/client-management/mdm/napdef-csp)
-- [NodeCache CSP](https://go.microsoft.com/fwlink/p/?LinkId=723265)
-- [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
-- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
-- [PolicyManager CSP](https://go.microsoft.com/fwlink/p/?LinkId=723418)
-- [Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-- [Proxy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723372)
-- [PXLOGICAL CSP](/windows/client-management/mdm/pxlogical-csp)
-- [Registry CSP](/windows/client-management/mdm/registry-csp)
-- [RemoteFind CSP](/windows/client-management/mdm/remotefind-csp)
-- [RemoteWipe CSP](/windows/client-management/mdm/remotewipe-csp)
-- [Reporting CSP](/windows/client-management/mdm/reporting-csp)
-- [RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
-- [SecurityPolicy CSP](/windows/client-management/mdm/securitypolicy-csp)
-- [Storage CSP](/windows/client-management/mdm/storage-csp)
-- [SUPL CSP](/windows/client-management/mdm/supl-csp)
-- [UnifiedWriteFilter CSP](/windows/client-management/mdm/unifiedwritefilter-csp)
-- [Update CSP](/windows/client-management/mdm/update-csp)
-- [VPN CSP](/windows/client-management/mdm/vpn-csp)
-- [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
-- [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp)
-- [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp)
-- [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
+- [ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
+- [Application CSP](/windows/client-management/mdm/application-csp)
+- [AppLocker CSP](/windows/client-management/mdm/applocker-csp)
+- [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp)
+- [Bootstrap CSP](/windows/client-management/mdm/bootstrap-csp)
+- [BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
+- [CellularSettings CSP](/windows/client-management/mdm/cellularsettings-csp)
+- [CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
+- [ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
+- [CM\_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
+- [CM\_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
+- [CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
+- [Defender CSP](/windows/client-management/mdm/defender-csp)
+- [DevDetail CSP](/windows/client-management/mdm/devdetail-csp)
+- [DeviceInstanceService CSP](/windows/client-management/mdm/deviceinstanceservice-csp)
+- [DeviceLock CSP](/windows/client-management/mdm/devicelock-csp)
+- [DeviceStatus CSP](/windows/client-management/mdm/devicestatus-csp)
+- [DevInfo CSP](/windows/client-management/mdm/devinfo-csp)
+- [DiagnosticLog CSP](/windows/client-management/mdm/diagnosticlog-csp)
+- [DMAcc CSP](/windows/client-management/mdm/dmacc-csp)
+- [DMClient CSP](/windows/client-management/mdm/dmclient-csp)
+- [Email2 CSP](/windows/client-management/mdm/email2-csp)
+- [EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
+- [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
+- [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
+- [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp)
+- [EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
+- [FileSystem CSP](/windows/client-management/mdm/filesystem-csp)
+- [HealthAttestation CSP](/windows/client-management/mdm/healthattestation-csp)
+- [HotSpot CSP](/windows/client-management/mdm/hotspot-csp)
+- [Maps CSP](/windows/client-management/mdm/maps-csp)
+- [NAP CSP](/windows/client-management/mdm/filesystem-csp)
+- [NAPDEF CSP](/windows/client-management/mdm/napdef-csp)
+- [NodeCache CSP](https://go.microsoft.com/fwlink/p/?LinkId=723265)
+- [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
+- [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
+- [PolicyManager CSP](https://go.microsoft.com/fwlink/p/?LinkId=723418)
+- [Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
+- [Proxy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723372)
+- [PXLOGICAL CSP](/windows/client-management/mdm/pxlogical-csp)
+- [Registry CSP](/windows/client-management/mdm/registry-csp)
+- [RemoteFind CSP](/windows/client-management/mdm/remotefind-csp)
+- [RemoteWipe CSP](/windows/client-management/mdm/remotewipe-csp)
+- [Reporting CSP](/windows/client-management/mdm/reporting-csp)
+- [RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
+- [SecurityPolicy CSP](/windows/client-management/mdm/securitypolicy-csp)
+- [Storage CSP](/windows/client-management/mdm/storage-csp)
+- [SUPL CSP](/windows/client-management/mdm/supl-csp)
+- [UnifiedWriteFilter CSP](/windows/client-management/mdm/unifiedwritefilter-csp)
+- [Update CSP](/windows/client-management/mdm/update-csp)
+- [VPN CSP](/windows/client-management/mdm/vpn-csp)
+- [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
+- [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp)
+- [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp)
+- [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
diff --git a/windows/configuration/images/ICD.png b/windows/configuration/provisioning-packages/images/ICD.png
similarity index 100%
rename from windows/configuration/images/ICD.png
rename to windows/configuration/provisioning-packages/images/ICD.png
diff --git a/windows/configuration/provisioning-packages/images/account-management-details.PNG b/windows/configuration/provisioning-packages/images/account-management-details.PNG
new file mode 100644
index 0000000000..e4307d8f7b
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/account-management-details.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/add-applications-details.PNG b/windows/configuration/provisioning-packages/images/add-applications-details.PNG
new file mode 100644
index 0000000000..2efd3483ae
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/add-applications-details.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/add-certificates-details.PNG b/windows/configuration/provisioning-packages/images/add-certificates-details.PNG
new file mode 100644
index 0000000000..78cd783282
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/add-certificates-details.PNG differ
diff --git a/windows/configuration/images/csp-placeholder.png b/windows/configuration/provisioning-packages/images/csp-placeholder.png
similarity index 100%
rename from windows/configuration/images/csp-placeholder.png
rename to windows/configuration/provisioning-packages/images/csp-placeholder.png
diff --git a/windows/configuration/images/cspinicd.png b/windows/configuration/provisioning-packages/images/cspinicd.png
similarity index 100%
rename from windows/configuration/images/cspinicd.png
rename to windows/configuration/provisioning-packages/images/cspinicd.png
diff --git a/windows/configuration/images/csptable.png b/windows/configuration/provisioning-packages/images/csptable.png
similarity index 100%
rename from windows/configuration/images/csptable.png
rename to windows/configuration/provisioning-packages/images/csptable.png
diff --git a/windows/configuration/provisioning-packages/images/finish-details.png b/windows/configuration/provisioning-packages/images/finish-details.png
new file mode 100644
index 0000000000..727efac696
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/finish-details.png differ
diff --git a/windows/configuration/provisioning-packages/images/icd-create-options-1703.PNG b/windows/configuration/provisioning-packages/images/icd-create-options-1703.PNG
new file mode 100644
index 0000000000..007e740683
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-create-options-1703.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/icd-desktop-1703.PNG b/windows/configuration/provisioning-packages/images/icd-desktop-1703.PNG
new file mode 100644
index 0000000000..7c060af4d0
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-desktop-1703.PNG differ
diff --git a/windows/configuration/images/icd-export-menu.png b/windows/configuration/provisioning-packages/images/icd-export-menu.png
similarity index 100%
rename from windows/configuration/images/icd-export-menu.png
rename to windows/configuration/provisioning-packages/images/icd-export-menu.png
diff --git a/windows/configuration/images/icd-multi-target-true.png b/windows/configuration/provisioning-packages/images/icd-multi-target-true.png
similarity index 100%
rename from windows/configuration/images/icd-multi-target-true.png
rename to windows/configuration/provisioning-packages/images/icd-multi-target-true.png
diff --git a/windows/configuration/images/icd-multi-targetstate-true.png b/windows/configuration/provisioning-packages/images/icd-multi-targetstate-true.png
similarity index 100%
rename from windows/configuration/images/icd-multi-targetstate-true.png
rename to windows/configuration/provisioning-packages/images/icd-multi-targetstate-true.png
diff --git a/windows/configuration/provisioning-packages/images/icd-runtime.PNG b/windows/configuration/provisioning-packages/images/icd-runtime.PNG
new file mode 100644
index 0000000000..d63544e206
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-runtime.PNG differ
diff --git a/windows/configuration/images/icd-script1.png b/windows/configuration/provisioning-packages/images/icd-script1.png
similarity index 100%
rename from windows/configuration/images/icd-script1.png
rename to windows/configuration/provisioning-packages/images/icd-script1.png
diff --git a/windows/configuration/images/icd-script2.png b/windows/configuration/provisioning-packages/images/icd-script2.png
similarity index 100%
rename from windows/configuration/images/icd-script2.png
rename to windows/configuration/provisioning-packages/images/icd-script2.png
diff --git a/windows/configuration/provisioning-packages/images/icd-setting-help.PNG b/windows/configuration/provisioning-packages/images/icd-setting-help.PNG
new file mode 100644
index 0000000000..3f6e5fefa5
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-setting-help.PNG differ
diff --git a/windows/configuration/images/icd-simple-edit.png b/windows/configuration/provisioning-packages/images/icd-simple-edit.png
similarity index 100%
rename from windows/configuration/images/icd-simple-edit.png
rename to windows/configuration/provisioning-packages/images/icd-simple-edit.png
diff --git a/windows/configuration/provisioning-packages/images/icd-step1.PNG b/windows/configuration/provisioning-packages/images/icd-step1.PNG
new file mode 100644
index 0000000000..d2ad656d35
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-step1.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/icd-step2.PNG b/windows/configuration/provisioning-packages/images/icd-step2.PNG
new file mode 100644
index 0000000000..54e70d9193
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-step2.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/icd-step3.PNG b/windows/configuration/provisioning-packages/images/icd-step3.PNG
new file mode 100644
index 0000000000..ecac26f3d6
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-step3.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/icd-step4.PNG b/windows/configuration/provisioning-packages/images/icd-step4.PNG
new file mode 100644
index 0000000000..8fcfa2863b
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-step4.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/icd-step5.PNG b/windows/configuration/provisioning-packages/images/icd-step5.PNG
new file mode 100644
index 0000000000..9e96edd812
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-step5.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/icd-switch.PNG b/windows/configuration/provisioning-packages/images/icd-switch.PNG
new file mode 100644
index 0000000000..e46e48a648
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/icd-switch.PNG differ
diff --git a/windows/configuration/images/multi-target.png b/windows/configuration/provisioning-packages/images/multi-target.png
similarity index 100%
rename from windows/configuration/images/multi-target.png
rename to windows/configuration/provisioning-packages/images/multi-target.png
diff --git a/windows/configuration/images/oobe.png b/windows/configuration/provisioning-packages/images/oobe.png
similarity index 100%
rename from windows/configuration/images/oobe.png
rename to windows/configuration/provisioning-packages/images/oobe.png
diff --git a/windows/configuration/images/policytocsp.png b/windows/configuration/provisioning-packages/images/policytocsp.png
similarity index 100%
rename from windows/configuration/images/policytocsp.png
rename to windows/configuration/provisioning-packages/images/policytocsp.png
diff --git a/windows/configuration/images/provisioning-csp-assignedaccess.png b/windows/configuration/provisioning-packages/images/provisioning-csp-assignedaccess.png
similarity index 100%
rename from windows/configuration/images/provisioning-csp-assignedaccess.png
rename to windows/configuration/provisioning-packages/images/provisioning-csp-assignedaccess.png
diff --git a/windows/configuration/images/provisioning-oobe-choice.png b/windows/configuration/provisioning-packages/images/provisioning-oobe-choice.png
similarity index 100%
rename from windows/configuration/images/provisioning-oobe-choice.png
rename to windows/configuration/provisioning-packages/images/provisioning-oobe-choice.png
diff --git a/windows/configuration/images/provisioning-oobe-choose-package.png b/windows/configuration/provisioning-packages/images/provisioning-oobe-choose-package.png
similarity index 100%
rename from windows/configuration/images/provisioning-oobe-choose-package.png
rename to windows/configuration/provisioning-packages/images/provisioning-oobe-choose-package.png
diff --git a/windows/configuration/images/provisioning-oobe-installing.png b/windows/configuration/provisioning-packages/images/provisioning-oobe-installing.png
similarity index 100%
rename from windows/configuration/images/provisioning-oobe-installing.png
rename to windows/configuration/provisioning-packages/images/provisioning-oobe-installing.png
diff --git a/windows/configuration/images/provisioning-runtime-UAC.png b/windows/configuration/provisioning-packages/images/provisioning-runtime-UAC.png
similarity index 100%
rename from windows/configuration/images/provisioning-runtime-UAC.png
rename to windows/configuration/provisioning-packages/images/provisioning-runtime-UAC.png
diff --git a/windows/configuration/images/provisioning-runtime-add-package.png b/windows/configuration/provisioning-packages/images/provisioning-runtime-add-package.png
similarity index 100%
rename from windows/configuration/images/provisioning-runtime-add-package.png
rename to windows/configuration/provisioning-packages/images/provisioning-runtime-add-package.png
diff --git a/windows/configuration/images/provisioning-runtime-choose-package.png b/windows/configuration/provisioning-packages/images/provisioning-runtime-choose-package.png
similarity index 100%
rename from windows/configuration/images/provisioning-runtime-choose-package.png
rename to windows/configuration/provisioning-packages/images/provisioning-runtime-choose-package.png
diff --git a/windows/configuration/images/provisioning-runtime-click-to-install.png b/windows/configuration/provisioning-packages/images/provisioning-runtime-click-to-install.png
similarity index 100%
rename from windows/configuration/images/provisioning-runtime-click-to-install.png
rename to windows/configuration/provisioning-packages/images/provisioning-runtime-click-to-install.png
diff --git a/windows/configuration/images/provisioning-runtime-manage-packages.png b/windows/configuration/provisioning-packages/images/provisioning-runtime-manage-packages.png
similarity index 100%
rename from windows/configuration/images/provisioning-runtime-manage-packages.png
rename to windows/configuration/provisioning-packages/images/provisioning-runtime-manage-packages.png
diff --git a/windows/configuration/images/provisioning-runtime-trust.png b/windows/configuration/provisioning-packages/images/provisioning-runtime-trust.png
similarity index 100%
rename from windows/configuration/images/provisioning-runtime-trust.png
rename to windows/configuration/provisioning-packages/images/provisioning-runtime-trust.png
diff --git a/windows/configuration/provisioning-packages/images/set-up-device-details-desktop.PNG b/windows/configuration/provisioning-packages/images/set-up-device-details-desktop.PNG
new file mode 100644
index 0000000000..97c8a1b704
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/set-up-device-details-desktop.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/set-up-network-details-desktop.PNG b/windows/configuration/provisioning-packages/images/set-up-network-details-desktop.PNG
new file mode 100644
index 0000000000..83911ccbd0
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/set-up-network-details-desktop.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/wcd-app-commands.PNG b/windows/configuration/provisioning-packages/images/wcd-app-commands.PNG
new file mode 100644
index 0000000000..e52908960f
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/wcd-app-commands.PNG differ
diff --git a/windows/configuration/provisioning-packages/images/wcd-app-name.PNG b/windows/configuration/provisioning-packages/images/wcd-app-name.PNG
new file mode 100644
index 0000000000..23ff06eada
Binary files /dev/null and b/windows/configuration/provisioning-packages/images/wcd-app-name.PNG differ
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 46ddabb9da..7d869e903f 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,37 +1,22 @@
---
-title: Provision PCs with common settings (Windows 10/11)
-description: Create a provisioning package to apply common settings to a PC running Windows 10.
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
+title: Provision PCs with common settings
+description: Create a provisioning package to apply common settings to a PC running Windows 10.
ms.topic: article
-ms.localizationpriority: medium
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Provision PCs with common settings for initial deployment (desktop wizard)
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows client except Home.
-You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
+You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
## Advantages
-- You can configure new devices without reimaging.
-- Works on desktop devices.
-
-- No network connectivity required.
-
-- Simple to apply.
+- You can configure new devices without reimaging
+- Works on desktop devices
+- No network connectivity required
+- Simple to apply
[Learn more about the benefits and uses of provisioning packages.](provisioning-packages.md)
@@ -43,20 +28,20 @@ The desktop wizard helps you configure the following settings in a provisioning
- Upgrade product edition
- Configure the device for shared use
- Remove pre-installed software
-- Configure Wi-Fi network
-- Enroll device in Active Directory or Microsoft Entra ID
-- Create local administrator account
+- Configure Wi-Fi network
+- Enroll device in Active Directory or Microsoft Entra ID
+- Create local administrator account
- Add applications and certificates
>[!WARNING]
>You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
-Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
+Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
> [!TIP]
> Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
>
-> :::image type="content" source="../images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor.":::
+> :::image type="content" source="images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor.":::
## Create the provisioning package
@@ -64,14 +49,15 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
1. Open Windows Configuration Designer (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
-2. Click **Provision desktop devices**.
+1. Click **Provision desktop devices**.
- :::image type="content" source="../images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options.":::
+ :::image type="content" source="images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options.":::
+
+1. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps.
+
+ :::image type="content" source="images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning.":::
-3. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps.
- :::image type="content" source="../images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning.":::
-
> [!IMPORTANT]
> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
@@ -79,7 +65,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
1. Enable device setup:
- :::image type="content" source="../images/set-up-device-details-desktop.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
+ :::image type="content" source="images/set-up-device-details-desktop.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
If you want to enable device setup, select **Set up device**, and configure the following settings:
@@ -88,9 +74,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
- **Configure devices for shared use**: Select **Yes** or **No** to optimize the Windows client for shared use scenarios.
- **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
-2. Set up the network:
+1. Set up the network:
- :::image type="content" source="../images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
+ :::image type="content" source="images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
If you want to enable network setup, select **Set up network**, and configure the following settings:
@@ -98,9 +84,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
- **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
- **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
-3. Enable account management:
+1. Enable account management:
- :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Microsoft Entra ID, or create a local admin account.":::
+ :::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Microsoft Entra ID, or create a local admin account.":::
If you want to enable account management, select **Account Management**, and configure the following settings:
@@ -114,24 +100,24 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
- **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
-4. Add applications:
+1. Add applications:
- :::image type="content" source="../images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application.":::
+ :::image type="content" source="images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application.":::
To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provision-pcs-with-apps.md).
-5. Add certificates:
+1. Add certificates:
- :::image type="content" source="../images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
+ :::image type="content" source="images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
To add a certificate to the devices, select **Add certificates**, and configure the following settings:
- **Certificate name**: Enter a name for the certificate.
- **Certificate path**: Browse and select the certificate you want to add.
-6. Finish:
+1. Finish:
- :::image type="content" source="../images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
+ :::image type="content" source="images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
To complete the wizard, select **Finish**, and configure the following setting:
@@ -139,17 +125,4 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
- **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+ **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 8efef893cd..99f20c85aa 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,25 +1,11 @@
---
-title: Provision PCs with apps (Windows 10/11)
+title: Provision PCs with apps
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.author: lizlong
ms.topic: article
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
-# Provision PCs with apps
-
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
+# Provision PCs with apps
You can install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. This article explains the various settings in [Windows Configuration Designer](provisioning-install-icd.md) for app install.
@@ -30,11 +16,9 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
## Settings for UWP apps
-- **License Path**: Specify the license file if it is an app from the Microsoft Store. This is optional if you have a certificate for the app.
-
-- **Package family name**: Specify the package family name if you don’t specify a license. This field will be autopopulated after you specify a license.
-
-- **Required appx dependencies**: Specify the appx dependency packages that are required for the installation of the app
+- **License Path**: Specify the license file if it is an app from the Microsoft Store. This is optional if you have a certificate for the app.
+- **Package family name**: Specify the package family name if you don't specify a license. This field will be autopopulated after you specify a license.
+- **Required appx dependencies**: Specify the appx dependency packages that are required for the installation of the app
## Settings for Windows desktop applications
@@ -43,64 +27,64 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
> [!NOTE]
> You can find more information about command-line options for Msiexec.exe [here](/windows/win32/msi/command-line-options).
-- **Command line arguments**: Optionally, append more command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE
+- **Command line arguments**: Optionally, append more command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE
-- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
-- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
### Exe or other installer
-- **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append more flags
+- **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append more flags
-- **Return Codes**: Specify the return codes for success and success with restart (0 and 3010 by default respectively) Any return code that is not listed will be interpreted as failure. The text boxes are space delimited.
+- **Return Codes**: Specify the return codes for success and success with restart (0 and 3010 by default respectively) Any return code that is not listed will be interpreted as failure. The text boxes are space delimited.
-- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install
-- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app
- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
-
## Add a Windows desktop application using advanced editor in Windows Configuration Designer
+1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **PrimaryContext** > **Command**.
-1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **PrimaryContext** > **Command**.
+1. Enter a name for the first app, and then select **Add**.
-2. Enter a name for the first app, and then select **Add**.
+ 
- 
+1. Configure the settings for the appropriate installer type.
-3. Configure the settings for the appropriate installer type.
-
- 
+ 
## Add a universal app to your package
-Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Microsoft Store for Business apps that you acquire with [offline licensing](/microsoft-store/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Microsoft Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
+Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Microsoft Store for Business apps that you acquire with [offline licensing](/microsoft-store/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Microsoft Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
-1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**.
+1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**.
-2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
+1. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
-3. For **ApplicationFile**, select **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
+1. For **ApplicationFile**, select **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
-4. For **DependencyAppxFiles**, select **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page.
+1. For **DependencyAppxFiles**, select **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page.
+
+1. For **DeviceContextAppLicense**, enter the **LicenseProductID**.
+
+ - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page.
-5. For **DeviceContextAppLicense**, enter the **LicenseProductID**.
- - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page.
-
- Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and select **Add**.
-
-6. In the **Available customizations** pane, select the **LicenseProductId** that you just added.
-7. For **LicenseInstall**, select **Browse**, navigate to the license file that you renamed *\
**Disabled** is using EnableSharedPCModeWithOneDriveSync |
| Windows Components/Windows Hello for Business/Use biometrics | Disabled |
| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
-| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
+| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
| Extra registry setting | Status |
|-------------------------------------------------------------------------------------------------------------------|----------|
| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
-| Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
+| Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
-## SetEDUPolicy
+## SetEDUPolicy
-By enabling SetEDUPolicy, the following settings in the local GPO are configured:
+By enabling SetEDUPolicy, the following settings in the local GPO are configured:
| Policy setting | Status |
|--|--|
| System/User Profiles/Turn off the advertising ID | Enabled |
| Windows Components/Cloud Content/Do not show Windows tips | Enabled |
-| Windows Components/Cloud Content/Turn off Microsoft consumer experiences | Enabled |
+| Windows Components/Cloud Content/Turn off Microsoft consumer experiences | Enabled |
-## SetPowerPolicies
+## SetPowerPolicies
-By enabling SetPowerPolicies, the following settings in the local GPO are configured:
+By enabling SetPowerPolicies, the following settings in the local GPO are configured:
| Policy setting | Status|
|--|--|
@@ -89,41 +77,42 @@ By enabling SetPowerPolicies, the following settings in the local GPO are config
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Hibernation disabled) |
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Hibernation disabled) |
| System/Power Management/Sleep Settings/Turn off hybrid sleep (on battery) | Enabled |
-| System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
+| System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
-## MaintenanceStartTime
+## MaintenanceStartTime
-By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
+By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
| Policy setting | Status|
|--------------------------------------------------------------------------------------|--------------------------------|
| Windows Components/Maintenance Scheduler/Automatic Maintenance Activation Boundary | 2000-01-01T00:00:00 (midnight) |
| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay | Enabled PT2H (2 hours) |
-| Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled |
+| Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled |
-## SignInOnResume
+## SignInOnResume
-By enabling SignInOnResume, the following settings in the local GPO are configured:
+By enabling SignInOnResume, the following settings in the local GPO are configured:
| Policy setting | Status|
|--|--|
| System/Logon/Allow users to select when a password is required when resuming from connected standby | Disabled |
| System/Power Management/Sleep Settings/Require a password when a computer wakes (on battery) | Enabled |
-| System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
+| System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
-## EnableAccountManager
+## EnableAccountManager
-By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`.
+By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`.
-## Shared PC APIs and app behavior
+## Shared PC APIs and app behavior
-Applications can take advantage of Shared PC mode with the following three APIs:
+Applications can take advantage of Shared PC mode with the following three APIs:
- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.
-- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
------------
+- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
+
+-----------
[API-1]: /uwp/api/windows.system.profile.sharedmodesettings.isenabled
[API-2]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
diff --git a/windows/configuration/shared-pc/toc.yml b/windows/configuration/shared-pc/toc.yml
new file mode 100644
index 0000000000..87e0ba65f6
--- /dev/null
+++ b/windows/configuration/shared-pc/toc.yml
@@ -0,0 +1,7 @@
+items:
+- name: Shared devices concepts
+ href: shared-devices-concepts.md
+- name: Configure shared devices with Shared PC
+ href: set-up-shared-or-guest-pc.md
+- name: Shared PC technical reference
+ href: shared-pc-technical.md
\ No newline at end of file
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/start/customize-and-export-start-layout.md
similarity index 78%
rename from windows/configuration/customize-and-export-start-layout.md
rename to windows/configuration/start/customize-and-export-start-layout.md
index c7298fc1d3..725c7c8756 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/start/customize-and-export-start-layout.md
@@ -1,26 +1,16 @@
---
title: Customize and export Start layout
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: how-to
-ms.localizationpriority: medium
+appliesto:
+- ✅ Windows 10
ms.date: 08/18/2023
ms.collection:
- - highpri
- tier1
-ms.technology: itpro-configure
---
# Customize and export Start layout
-**Applies to**:
-
-- Windows 10
-
>**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
@@ -37,37 +27,28 @@ When [a partial Start layout](#configure-a-partial-start-layout) is applied, the
You can deploy the resulting .xml file to devices using one of the following methods:
- [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-
- [Windows Configuration Designer provisioning package](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-
- [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-### Customize the Start screen on your test computer
+## Customize the Start screen on your test computer
To prepare a Start layout for export, you simply customize the Start layout on a test computer.
-**To prepare a test computer**
+To prepare a test computer:
1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users' computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
-
1. Create a new user account that you'll use to customize the Start layout.
-**To customize Start**
+To customize Start:
1. Sign in to your test computer with the user account that you created.
-
1. Customize the Start layout as you want users to see it by using the following techniques:
- **Pin apps to Start**. From Start, type the name of the app. When the app appears in the search results, right-click the app, and then select **Pin to Start**.
-
To view all apps, select **All apps** in the bottom-left corner of Start. Right-click any app, and pin or unpin it from Start.
-
- **Unpin apps** that you don't want to display. To unpin an app, right-click the app, and then select **Unpin from Start**.
-
- **Drag tiles** on Start to reorder or group apps.
-
- **Resize tiles**. To resize tiles, right-click the tile and then select **Resize.**
-
- **Create your own app groups**. Drag the apps to an empty area. To name a group, select above the group of tiles and then type the name in the **Name group** field that appears above the group.
> [!IMPORTANT]
@@ -82,10 +63,9 @@ When you have the Start layout that you want your users to see, use the [Export-
> [!IMPORTANT]
> If you include secondary Microsoft Edge tiles (tiles that link to specific websites in Microsoft Edge), see [Add custom images to Microsoft Edge secondary tiles](start-secondary-tiles.md) for instructions.
-**To export the Start layout to an .xml file**
+To export the Start layout to an .xml file:
1. While signed in with the same account that you used to customize Start, right-click Start, and select **Windows PowerShell**.
-
1. On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command:
`Export-StartLayout -path
Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). |
| start:DesktopApplicationTileParent:AppendGroup | DesktopApplicationIDDesktopApplicationLinkPathSizeRowColumn | Use to specify any of the following:- A Windows desktop application with a known AppUserModelID- An application in a known folder with a link in a legacy Start Menu folder- A Windows desktop application link in a legacy Start Menu folder- A Web link tile with an associated `.url` file that is in a legacy Start Menu folder |
| start:SecondaryTileParent:AppendGroup | AppUserModelIDTileIDArgumentsDisplayNameSquare150x150LogoUriShowNameOnSquare150x150LogoShowNameOnWide310x150LogoWide310x150LogoUriBackgroundColorForegroundTextIsSuggestedAppSizeRowColumn | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. |
-| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).Don't use this tag with AppendDownloadOfficeTile. |
| AppendDownloadOfficeTileParent:LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in StartDo not use this tag with AppendOfficeSuite |
@@ -89,11 +77,11 @@ The following table lists the supported elements and attributes for the LayoutMo
New devices running Windows 10 for desktop editions will default to a Start menu with two columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features:
-- Boot to tablet mode can be set on or off.
-- Set full screen Start on desktop to on or off.
- To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false.
-- Specify the number of columns in the Start menu to 1 or 2.
- To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2.
+- Boot to tablet mode can be set on or off
+- Set full screen Start on desktop to on or off
+ To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false
+- Specify the number of columns in the Start menu to 1 or 2
+ To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2
The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use one column in the Start menu:
@@ -117,33 +105,33 @@ For devices being upgraded to Windows 10 for desktop editions:
### RequiredStartGroups
-The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout.
+The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout.
>[!IMPORTANT]
->For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag.
+>For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag.
-You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example:
+You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example:
```XML
The setting values for **desktop applications** are stored when the user closes the application.
Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.
The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
-| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. |
-| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications).
**Note** Settings location templates are not required for Windows applications. |
-| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). |
+| **Component** | **Function** |
+|--|--|
+| **UE-V service** | Enabled on every device that needs to synchronize settings, the **UE-V service** monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices. |
+| **Settings packages** | Application settings and Windows settings are stored in **settings packages** created by the UE-V service. Settings packages are built, locally stored, and copied to the settings storage location.
The setting values for **desktop applications** are stored when the user closes the application.
Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.
The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
+| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. |
+| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications).
**Note** Settings location templates are not required for Windows applications. |
+| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). |
## Manage settings synchronization for custom applications
Use these UE-V components to create and manage custom templates for your third-party or line-of-business applications.
-| Component | Description |
-|-------------------------------|---------------|
-| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor.
With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
-| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.
If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md).|
+| Component | Description |
+|--|--|
+| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor.
With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
If you are upgrading from an existing UE-V installation, you'll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
+| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.
If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md). |
-### Planning a UE-V deployment
+### Planning a UE-V deployment
Review the following articles to determine which UE-V components you'll be deploying.
-- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
+- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
If you want to synchronize settings for custom applications, you'll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involve the following tasks:
- - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+ - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+ - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
- - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
-
-- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
-
-- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
+- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
+- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
## Decide whether to synchronize settings for custom applications
@@ -77,11 +60,9 @@ Deciding if you want UE-V to synchronize settings for custom applications is an
This section explains which settings are synchronized by default in UE-V, including:
-- Desktop applications that are synchronized by default
-
-- Windows desktop settings that are synchronized by default
-
-- A statement of support for Windows applications setting synchronization
+- Desktop applications that are synchronized by default
+- Windows desktop settings that are synchronized by default
+- A statement of support for Windows applications setting synchronization
For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367)
@@ -90,16 +71,15 @@ For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) set
When you enable the UE-V service on user devices, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
| Application category | Description |
-|-----------------------------|-------------------|
+|--|--|
| Microsoft Office 2016 applications | Microsoft Access 2016
Microsoft Lync 2016
Microsoft Excel 2016
Microsoft OneNote 2016
Microsoft Outlook 2016
Microsoft PowerPoint 2016
Microsoft Project 2016
Microsoft Publisher 2016
Microsoft SharePoint Designer 2013 (not updated for 2016)
Microsoft Visio 2016
Microsoft Word 2016
Microsoft Office Upload Manager
Microsoft Infopath has been removed (deprecated) from the Office 2016 suite |
-| Microsoft Office 2013 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013
Microsoft Excel 2013
Microsoft Outlook 2013
Microsoft Access 2013
Microsoft Project 2013
Microsoft PowerPoint 2013
Microsoft Publisher 2013
Microsoft Visio 2013
Microsoft InfoPath 2013
Microsoft Lync 2013
Microsoft OneNote 2013
Microsoft SharePoint Designer 2013
Microsoft Office 2013 Upload Center
Microsoft OneDrive for Business 2013
-| Microsoft Office 2010 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010
Microsoft Excel 2010
Microsoft Outlook 2010
Microsoft Access 2010
Microsoft Project 2010
Microsoft PowerPoint 2010
Microsoft Publisher 2010
Microsoft Visio 2010
Microsoft SharePoint Workspace 2010
Microsoft InfoPath 2010
Microsoft Lync 2010
Microsoft OneNote 2010
Microsoft SharePoint Designer 2010 |
+| Microsoft Office 2013 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013
Microsoft Excel 2013
Microsoft Outlook 2013
Microsoft Access 2013
Microsoft Project 2013
Microsoft PowerPoint 2013
Microsoft Publisher 2013
Microsoft Visio 2013
Microsoft InfoPath 2013
Microsoft Lync 2013
Microsoft OneNote 2013
Microsoft SharePoint Designer 2013
Microsoft Office 2013 Upload Center
Microsoft OneDrive for Business 2013 |
+| Microsoft Office 2010 applications
[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010
Microsoft Excel 2010
Microsoft Outlook 2010
Microsoft Access 2010
Microsoft Project 2010
Microsoft PowerPoint 2010
Microsoft Publisher 2010
Microsoft Visio 2010
Microsoft SharePoint Workspace 2010
Microsoft InfoPath 2010
Microsoft Lync 2010
Microsoft OneNote 2010
Microsoft SharePoint Designer 2010 |
| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars.
**Note**
UE-V doesn't roam settings for Internet Explorer cookies. |
| Windows accessories | Microsoft NotePad, WordPad |
> [!NOTE]
> - An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
->
> - UE-V doesn't synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
### Windows settings synchronized by default
@@ -107,22 +87,22 @@ When you enable the UE-V service on user devices, it registers a default group o
UE-V includes settings location templates that capture settings values for these Windows settings.
| Windows settings | Description | Apply on | Export on | Default state |
-|----------------------|-----------------|--------------|---------------|-------------------|
-| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
-| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
-| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
+|--|--|--|--|--|
+| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
+| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
+| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
> [!IMPORTANT]
> UE-V roams taskbar settings between Windows 10 devices. However, UE-V doesn't synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions.
| Settings group | Category | Capture | Apply |
-|--------------------------|----------------|----------------|--------------|
-| **Application Settings** | Windows applications | Close application
Windows application settings change event | Start the UE-V App Monitor at startup
Open app
Windows application settings change event
Arrival of a settings package |
-| | Desktop applications | Application closes | Application opens and closes |
-| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
-| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Desktop settings | Lock or log off | Log on |
+|--|--|--|--|
+| **Application Settings** | Windows applications | Close application
Windows application settings change event | Start the UE-V App Monitor at startup
Open app
Windows application settings change event
Arrival of a settings package |
+| | Desktop applications | Application closes | Application opens and closes |
+| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
+| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+| | Desktop settings | Lock or log off | Log on |
### UE-V-support for Windows applications
@@ -139,28 +119,24 @@ Users can print to their saved network printers, including their default network
Printer roaming in UE-V requires one of these scenarios:
-- The print server can download the required driver when it roams to a new device.
-
-- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
-
-- The printer driver can be imported from Windows Update.
+- The print server can download the required driver when it roams to a new device.
+- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
+- The printer driver can be imported from Windows Update.
> [!NOTE]
> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
### Determine whether you need settings synchronized for other applications
-After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
+After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you'll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can be synchronized safely across multiple devices or environments.
In general, you can synchronize settings that meet the following criteria:
-- Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
-
-- Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
-
-- Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
+- Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
+- Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
+- Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
### Checklist for evaluating custom applications
@@ -172,7 +148,7 @@ If you've decided that you need to synchronize settings for custom applications,
|  | Is it important for the user that these settings are synchronized? |
|  | Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings. |
|  | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations don't consistently synchronize across sessions and can cause a poor application experience. |
-|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
+|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\ \[User name\] \**AppData**\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
|  | Does the application store any settings in a file that contains other application data that shouldn't synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this extra data can cause a poor application experience.|
|  | How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization. |
@@ -180,21 +156,15 @@ If you've decided that you need to synchronize settings for custom applications,
You should also consider these things when you're preparing to deploy UE-V:
-- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+- [Windows applications settings synchronization](#windows-applications-settings-synchronization)
+- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
+- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
+- [Performance and capacity](#performance-and-capacity-planning)
+- [High availability](#high-availability-for-ue-v)
+- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
-- [Windows applications settings synchronization](#windows-applications-settings-synchronization)
-
-- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
-
-- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
-
-- [Performance and capacity](#performance-and-capacity-planning)
-
-- [High availability](#high-availability-for-ue-v)
-
-- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
-
-### Managing credentials synchronization in UE-V
+### Managing credentials synchronization in UE-V
Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid reentering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V.
@@ -230,25 +200,19 @@ Copy
[Group Policy](uev-configuring-uev-with-group-policy-objects.md)**:** You must edit the Group Policy administrative template for UE-V, which is included in Windows 10, version 1607, to enable credential synchronization through group policy. Credentials synchronization is managed in Windows settings. To manage this feature with Group Policy, enable the **Synchronize Windows** settings policy.
-1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
-
-2. Double-click **Synchronize Windows settings**.
-
-3. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
-
-4. Select **OK**.
+1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
+1. Double-click **Synchronize Windows settings**.
+1. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
+1. Select **OK**.
### Credential locations synchronized by UE-V
Credential files saved by applications into the following locations are synchronized:
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Credentials\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Crypto\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Protect\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\
+- %UserProfile%\AppData\Roaming\Microsoft\Credentials\
+- %UserProfile%\AppData\Roaming\Microsoft\Crypto\
+- %UserProfile%\AppData\Roaming\Microsoft\Protect\
+- %UserProfile%\AppData\Roaming\Microsoft\SystemCertificates\
Credentials saved to other locations aren't synchronized by UE-V.
@@ -256,17 +220,15 @@ Credentials saved to other locations aren't synchronized by UE-V.
UE-V manages Windows application settings synchronization in three ways:
-- **Sync Windows applications:** Allow or deny any Windows application synchronization
-
-- **Windows applications list:** Synchronize a list of Windows applications
-
-- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
+- **Sync Windows applications:** Allow or deny any Windows application synchronization
+- **Windows applications list:** Synchronize a list of Windows applications
+- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
For more information, see the [Windows Application List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
### Custom UE-V settings location templates
-If you're deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
+If you're deploying UE-V to synchronize settings for custom applications, you'll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
@@ -276,15 +238,11 @@ For more information about custom settings location templates, see [Deploy UE-V
UE-V downloads new user settings information from a settings storage location and applies the settings to the local device in these instances:
-- Each time an application is started that has a registered UE-V template
-
-- When a user signs in to a device
-
-- When a user unlocks a device
-
-- When a connection is made to a remote desktop device running UE-V
-
-- When the Sync Controller Application scheduled task is run
+- Each time an application is started that has a registered UE-V template
+- When a user signs in to a device
+- When a user unlocks a device
+- When a connection is made to a remote desktop device running UE-V
+- When the Sync Controller Application scheduled task is run
If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they're opened and closed with preferred settings.
@@ -306,21 +264,16 @@ By default, UE-V synchronization times out after 2 seconds to prevent excessive
The UE-V settings storage location and settings template catalog support storing user data on any writable share. To ensure high availability, follow these criteria:
-- Format the storage volume with an NTFS file system.
-
-- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
-
+- Format the storage volume with an NTFS file system.
+- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
- [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles)
-
- [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](/troubleshoot/windows-server/networking/support-policy-for-dfsr-dfsn-deployment)
In addition, because SYSVOL uses DFSR for replication, SYSVOL can't be used for UE-V data file replication.
-- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
-
-- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
-
-- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
+- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
+- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
+- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
### Synchronize computer clocks for UE-V settings synchronization
@@ -331,15 +284,14 @@ Computers that run the UE-V service must use a time server to maintain a consist
Before you proceed, ensure that your environment meets these requirements for using UE-V.
| Operating system | Edition | Service pack | System architecture | Windows PowerShell | Microsoft .NET Framework |
-|--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------|
-| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
-| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
-| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+|--|--|--|--|--|--|
+| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
> [!NOTE]
> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
->
-> - The “Delete Roaming Cache” policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
+> - The "Delete Roaming Cache" policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
There are no special random access memory (RAM) requirements specific to UE-V.
@@ -347,13 +299,10 @@ There are no special random access memory (RAM) requirements specific to UE-V.
Sync Provider is the default setting for users and synchronizes a local cache with the settings storage location in these instances:
-- Log on/log off
-
-- Lock/unlock
-
-- Remote desktop connect/disconnect
-
-- Application open/close
+- Log on/log off
+- Lock/unlock
+- Remote desktop connect/disconnect
+- Application open/close
A scheduled task manages this synchronization of settings every 30 minutes or through trigger events for certain applications. For more information, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md).
@@ -364,7 +313,6 @@ The UE-V service synchronizes user settings for devices that aren't always conne
Enable this configuration using one of these methods:
- After you enable the UE-V service, use the Settings Management feature in Microsoft Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
-
- Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration.
Restart the device to allow the settings to synchronize.
@@ -372,7 +320,6 @@ Restart the device to allow the settings to synchronize.
> [!NOTE]
> These methods do not work for pooled virtual desktop infrastructure (VDI) environments.
-
> [!NOTE]
> If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path.
@@ -389,22 +336,13 @@ The VDI template is provided with UE-V and is typically available here after ins
Install the UE-V template generator on the device that is used to create custom settings location templates. This device should be able to run the applications that you want to synchronize settings for. You must be a member of the Administrators group on the device that runs the UE-V template generator software.
-The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 4. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
-
-
-
-
+The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 1. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
## Other resources for this feature
-- [User Experience Virtualization overview](uev-for-windows.md)
-
-- [Get started with UE-V](uev-getting-started.md)
-
-- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [User Experience Virtualization overview](uev-for-windows.md)
+- [Get started with UE-V](uev-getting-started.md)
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 995f79f988..b59b289e49 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,24 +1,12 @@
---
title: User Experience Virtualization (UE-V) Release Notes
description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# User Experience Virtualization (UE-V) Release Notes
-**Applies to**
-- Windows 10, version 1607
-
This topic includes information required to successfully install and use UE-V that isn't included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
### Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -62,7 +50,7 @@ WORKAROUND: Install only one version of Office or limit which settings are synch
### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
-While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application's settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application's settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
WORKAROUND: None.
@@ -103,17 +91,10 @@ WORKAROUND: None
**Additional resources for this feature**
- [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings)
-
- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)](/troubleshoot/windows-client/ue-v/enable-debug-logging)
-
-- [User Experience Virtualization](uev-for-windows.md)
-
-- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
-- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [User Experience Virtualization](uev-for-windows.md)
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index 0f2220b76e..b0ba65c8c5 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -1,48 +1,33 @@
---
title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Security Considerations for UE-V
-**Applies to**
-- Windows 10, version 1607
-
This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). For more information, follow the links that are provided here.
## Security considerations for UE-V configuration
-
> [!IMPORTANT]
> When you create the settings storage share, limit the share access to users who require access.
Because settings packages might contain personal information, you should take care to protect them as much as possible. In general, do the following steps:
-- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
+- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
-- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
-
-- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
-
-1. Set the following share-level SMB permissions for the setting storage location folder.
+1. Set the following share-level SMB permissions for the setting storage location folder.
|User account|Recommended permissions|
|--- |--- |
|Everyone|No permissions|
|Security group of UE-V|Full control|
-2. Set the following NTFS file system permissions for the settings storage location folder.
+1. Set the following NTFS file system permissions for the settings storage location folder.
|User account|Recommended permissions|Folder|
|--- |--- |--- |
@@ -51,7 +36,7 @@ Because settings packages might contain personal information, you should take ca
|Security group of UE-V users|List folder/read data, create folders/append data|This folder only|
|Everyone|Remove all permissions|No permissions|
-3. Set the following share-level SMB permissions for the settings template catalog folder.
+1. Set the following share-level SMB permissions for the settings template catalog folder.
|User account|Recommend permissions|
|--- |--- |
@@ -59,7 +44,7 @@ Because settings packages might contain personal information, you should take ca
|Domain computers|Read permission Levels|
|Administrators|Read/write permission levels|
-4. Set the following NTFS permissions for the settings template catalog folder.
+1. Set the following NTFS permissions for the settings template catalog folder.
|User account|Recommended permissions|Apply to|
|--- |--- |--- |
@@ -68,25 +53,23 @@ Because settings packages might contain personal information, you should take ca
|Everyone|No permissions|No permissions|
|Administrators|Full Control|This folder, subfolders, and files|
-### Use Windows Server as of Windows Server 2003 to host redirected file shares
+### Use Windows Server as of Windows Server 2003 to host redirected file shares
User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this process, you should ensure that the data is protected while it travels over the network.
User settings data is vulnerable to these potential threats: interception of the data as it passes over the network, tampering with the data as it passes over the network, and spoofing of the server that hosts the data.
-As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
+As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
-- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
+- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2001. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
-- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
+- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
- - Roamed data is safe from data modification while data is en route.
+ - Roamed data is safe from data modification while data is en route.
+ - Roamed data is safe from interception, viewing, or copying.
+ - Roamed data is safe from access by unauthenticated parties.
- - Roamed data is safe from interception, viewing, or copying.
-
- - Roamed data is safe from access by unauthenticated parties.
-
-- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
+- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
### Always use the NTFS file system for volumes that hold user data
@@ -107,20 +90,18 @@ This permission configuration enables users to create folders for settings stora
> [!NOTE]
> Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
-1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
-
-2. Set the registry key value to *1*.
+1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
+1. Set the registry key value to *1*.
When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service doesn't grant access to the folder.
-
If you must create folders for the users, ensure that you have the correct permissions set.
We strongly recommend that you don't pre-create folders. Instead, let the UE-V service create the folder for the user.
### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory
-If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
+If you redirect UE-V settings to a user's home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
### Review the contents of settings location templates and control access to them as needed
@@ -128,9 +109,8 @@ When a settings location template is being created, the UE-V generator uses a Li
If you plan to share settings location templates with anyone outside your organization, you should review all the settings locations and ensure the settings location templates don't contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
-- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
-
-- **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template.
+- **Template Author Name** - Specify a general, non-identifying name for the template author name or exclude this data from the template.
+- **Template Author Email** - Specify a general, non-identifying template author email or exclude this data from the template.
To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 17d2bba46f..c009f76e63 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -1,50 +1,26 @@
---
title: Sync Methods for UE-V
-description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users' application and Windows settings with the settings storage location.
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Sync Methods for UE-V
-**Applies to**
-- Windows 10, version 1607
-
-The User Experience Virtualization (UE-V) service lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
+The User Experience Virtualization (UE-V) service lets you synchronize users' application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
## SyncMethod Configuration
This table provides a description of each SyncMethod configuration:
-| **SyncMethod Configuration** | **Description** |
-|------------------------------|---------------------|
-| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.
This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time.
This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
-| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
-| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
+| **SyncMethod Configuration** | **Description** |
+|--|--|
+| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.
This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn't delayed for a long period of time.
This functionality is also tied to the Scheduled task - Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
+| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
+| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
You can configure the sync method in these ways:
-- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-
-- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
-
-- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
-
-
-
-
-
-## Related topics
-
-[Deploy Required UE-V Features](uev-deploy-required-features.md)
-
-[Technical Reference for UE-V](uev-technical-reference.md)
+- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 6cae6d66bf..a7347846ca 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -1,24 +1,12 @@
---
title: Sync Trigger Events for UE-V
description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Sync Trigger Events for UE-V
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V service synchronizes those settings with the settings storage location. For more information about Sync Method configuration, see [Sync Methods for UE-V](uev-sync-methods.md).
## UE-V Sync Trigger Events
@@ -38,18 +26,6 @@ The following table explains the trigger events for classic applications and Win
## Related topics
-
[Technical Reference for UE-V](uev-technical-reference.md)
-
[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
-
[Choose the Configuration Method for UE-V](uev-deploy-required-features.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index e06e33e471..8fb7fae374 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -1,37 +1,22 @@
---
title: Synchronizing Microsoft Office with UE-V
description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Synchronizing Office with UE-V
-**Applies to**
-- Windows 10, version 1607
-
Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
-To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates and community-developed settings location templates.
-
## Microsoft Office support in UE-V
-UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
+UE-V includes settings location templates for Microsoft Office 2016, 2013, and 201. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
-These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
+These templates help synchronize users' Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
## Synchronized Office Settings
-
Review the following tables for details about Office support in UE-V:
### Supported UE-V templates for Microsoft Office
@@ -50,14 +35,11 @@ Review the following tables for details about Office support in UE-V:
You can deploy UE-V settings location template with the following methods:
-- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
-
+- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
```powershell
Register-UevTemplate -Path
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+| Kiosk Browser settings | Use this setting to |
+|--|--|
+| Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs. |
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
->
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+1. Insert the null character string in between each URL (e.g https://www.bing.com``https://www.contoso.com).
+1. Save the XML file.
+1. Open the project again in Windows Configuration Designer.
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index a2135a483b..183f46a056 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -1,28 +1,20 @@
---
-title: Licensing (Windows 10)
+title: Licensing
description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Licensing (Windows Configuration Designer reference)
-Use for settings related to Microsoft licensing programs.
+Use for settings related to Microsoft licensing programs.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | |
-| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | |
+| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✅ | | | |
+| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✅ | | | |
## AllowWindowsEntitlementReactivation
@@ -30,4 +22,5 @@ Enable or disable Windows license reactivation.
## DisallowKMSClientOnlineAVSValidation
-Enable this setting to prevent the device from sending data to Microsoft regarding its activation state.
+Enable this setting to prevent the device from sending data to Microsoft regarding its activation state.
+
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index bbc00f2648..577c704fa4 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -1,16 +1,8 @@
---
-title: Location (Windows 10)
+title: Location
description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Location (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use Location settings to configure location services.
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [EnableLocation](#enablelocation) | | | | ✔️ |
+| [EnableLocation](#enablelocation) | | | | ✅ |
## EnableLocation
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index bf3aeccaf3..df82391f94 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -1,30 +1,21 @@
---
-title: Maps (Windows 10)
+title: Maps
description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Maps (Windows Configuration Designer reference)
-Use for settings related to Maps.
+Use for settings related to Maps.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | | |
-| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | | |
-| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [ChinaVariantWin10](#chinavariantwin10) | ✅ | ✅ | | |
+| [UseExternalStorage](#useexternalstorage) | ✅ | ✅ | | |
+| [UseSmallerCache](#usesmallercache) | ✅ | ✅ | | |
## ChinaVariantWin10
@@ -32,7 +23,6 @@ Use **ChinaVariantWin10** to specify that the Windows device is intended to ship
This customization may result in different maps, servers, or other configuration changes on the device.
-
## UseExternalStorage
Use to store map data on an SD card.
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 3e2ac6dce1..6f49b60792 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -1,35 +1,26 @@
---
-title: NetworkProxy (Windows 10)
+title: NetworkProxy
description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# NetworkProxy (Windows Configuration Designer reference)
-Use for settings related to NetworkProxy.
+Use for settings related to NetworkProxy.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
## AutoDetect
-Automatically detect network proxy settings.
+Automatically detect network proxy settings.
-| Value | Description |
-| --- | --- |
+| Value | Description |
+|--|--|
| 0 | Disabled. Don't automatically detect settings. |
| 1 | Enabled. Automatically detect settings. |
@@ -38,16 +29,14 @@ Automatically detect network proxy settings.
Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings don't apply to VPN connections.
| Setting | Description |
-| --- | --- |
+|--|--|
| ProxyAddress | Address to the proxy server. Specify an address in the format `server:port`. |
| ProxyExceptions | Addresses that shouldn't use the proxy server. The system won't use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
-| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
-
+| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
## SetupScriptUrl
-Address to the PAC script you want to use.
-
+Address to the PAC script you want to use.
## Related topics
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index eb78b8e3fe..1eac44b82c 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -1,38 +1,30 @@
---
-title: NetworkQoSPolicy (Windows 10)
+title: NetworkQoSPolicy
description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# NetworkQoSPolicy (Windows Configuration Designer reference)
-Use to create network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions.
+Use to create network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
1. In **Available customizations**, select **NetworkQoSPolicy**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure.
+1. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure.
| Setting | Description |
-| --- | --- |
-| AppPathNameMatchCondition | Enter the name of an application to be sued to match the network traffic, such as application.exe or %ProgramFiles%\application.exe. |
+|--|--|
+| AppPathNameMatchCondition | Enter the name of an application to be sued to match the network traffic, such as application.exe or %ProgramFiles%\application.exe. |
| DestinationPortMatchCondition | Specify a port or a range of ports to be used to match the network traffic. Valid values are [first port number]-[last port number], or [port number]. |
-| DSCPAction | Enter the differentiated services code point (DSCP) value to apply to match with network traffic. Valid values are 0-63. |
-| IPProtocolMatchCondition | Select between **Both TCP and UDP**, **TCP**, and **UDP** to specify the IP protocol used to match the network traffic. |
-| PriorityValue8021Action | Specify the IEEE 802.1p value. Valid values are 0 through 7. |
+| DSCPAction | Enter the differentiated services code point (DSCP) value to apply to match with network traffic. Valid values are 0-61. |
+| IPProtocolMatchCondition | Select between **Both TCP and UDP**, **TCP**, and **UDP** to specify the IP protocol used to match the network traffic. |
+| PriorityValue8021Action | Specify the IEEE 802.1p value. Valid values are 0 through 1. |
| SourcePortMatchCondition | Specify a single port or range of ports. Valid values are [first port number]-[last port number], or [port number]. |
## Related topics
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 61c6c77b95..b5c47a481d 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -1,16 +1,8 @@
---
-title: OOBE (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: OOBE
description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# OOBE (Windows Configuration Designer reference)
@@ -19,10 +11,10 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | |
-| [Desktop > HideOobe](#hideoobe-for-desktop) | ✔️ | | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✅ | | | |
+| [Desktop > HideOobe](#hideoobe-for-desktop) | ✅ | | | |
## EnableCortanaVoice
@@ -30,10 +22,9 @@ Use this setting to control whether Cortana voice-over is enabled during OOBE. T
## HideOobe for desktop
-When set to **True**, it hides the interactive OOBE flow for Windows 10.
+When set to **True**, it hides the interactive OOBE flow for Windows 1.
> [!NOTE]
> You must create a user account if you set the value to true or the device will not be usable.
When set to **False**, the OOBE screens are displayed.
-
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index c6ab55142e..839b03e277 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -1,16 +1,8 @@
---
-title: Personalization (Windows 10)
+title: Personalization
description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Personalization (Windows Configuration Designer reference)
@@ -21,16 +13,16 @@ Use to configure settings to personalize a PC.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | |
-| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | |
-| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | |
-| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | |
+| [DeployDesktopImage](#deploydesktopimage) | ✅ | | | |
+| [DeployLockScreenImage](#deploylockscreenimage) | ✅ | | | |
+| [DesktopImageUrl](#desktopimageurl) | ✅ | | | |
+| [LockScreenImageUrl](#lockscreenimageurl) | ✅ | | | |
## DeployDesktopImage
Deploy a .jpg, .jpeg, or .png image to the device to be used as a desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
-When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different.
+When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different.
## DeployLockScreenImage
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 449ba3ba75..6ef6203e11 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -1,351 +1,328 @@
---
-title: Policies (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: Policies
description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Policies (Windows Configuration Designer reference)
-This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider).
+This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider).
## AboveLock
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | |
-| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | | | |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | |
+| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✅ | | | |
## Accounts
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | | | |
-| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | | ✔️ | |
-| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | | | |
-| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | | | |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✅ | | | |
+| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✅ | | ✅ | |
+| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✅ | | | |
+| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✅ | | | |
## ApplicationDefaults
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✅ | | | |
## ApplicationManagement
-
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ |
-| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ |
-| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting are allowed | ✔️ | | | |
-| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | |
-| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
-| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
-| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | |
-| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ |
-| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ |
-
-
-
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✅ | | | ✅ |
+| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✅ | | | ✅ |
+| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✅ | ✅ | ✅ | ✅ |
+| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) | Whether DVR and broadcasting are allowed | ✅ | | | |
+| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✅ | | | |
+| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
+| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
+| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) | Whether to launch an app or apps when the user signs in. | ✅ | | | |
+| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✅ | | | ✅ |
+| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✅ | | | ✅ |
## Authentication
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ |
-| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✔️ | ✔️ | | ✔️ |
-| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✅ | ✅ | ✅ | ✅ |
+| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✅ | ✅ | | ✅ |
+| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✅ | ✅ | | ✅ |
+| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✅ | ✅ | | ✅ |
## BitLocker
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✅ | | | |
## Bluetooth
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ |
-| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ |
-| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✅ | ✅ | ✅ | ✅ |
+| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✅ | ✅ | ✅ | ✅ |
+| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✅ | ✅ | ✅ | ✅ |
+| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✅ | ✅ | ✅ | ✅ |
+| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✅ | ✅ | ✅ | ✅ |
+| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✅ | ✅ | ✅ | ✅ |
## Browser
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | |
-| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | | | |
-[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | |
-| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | |
-| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | |
-| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | |
-| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | |
-| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | | ✔️ |
-| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | ✔️ | |
-| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | |
-| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | |
-| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
-| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | | ✔️ |
-| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | |
-| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | |
-| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ |
-[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | |
-| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | |
-| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
-| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | |
-| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
-| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | |
-| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | |
-| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | |
-| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | |
-| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | |
-[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
-| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | |
-| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | |
-| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✔️ | | | |
-| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | |
-[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | |
-| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ |
-| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | | ✔️ |
-| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | |
-| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ |
-| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ |
-PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | |
-| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
-| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ |
-[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✔️ | | | |
-| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | |
-| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ |
-| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | |
-| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | |
-| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | |
-| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | |
-| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | |
-[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✅ | | | |
+| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✅ | ✅ | | ✅ |
+| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✅ | | | |
+| [AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✅ | | | |
+| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✅ | ✅ | | ✅ |
+| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✅ | | | |
+| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✅ | ✅ | | ✅ |
+| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✅ | | | |
+| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✅ | | | |
+| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✅ | | | |
+| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✅ | ✅ | | ✅ |
+| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✅ | ✅ | | ✅ |
+| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✅ | ✅ | | ✅ |
+| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✅ | | ✅ | |
+| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✅ | | | |
+| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✅ | | | |
+| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✅ | ✅ | | ✅ |
+| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✅ | ✅ | | ✅ |
+| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✅ | | | |
+| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✅ | ✅ | ✅ | ✅ |
+| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✅ | | | |
+| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✅ | ✅ | | ✅ |
+| [AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✅ | | | |
+| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✅ | | | |
+| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✅ | ✅ | | ✅ |
+| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✅ | | | |
+| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✅ | | | |
+| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✅ | | | |
+| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✅ | | | |
+| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✅ | | | |
+| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✅ | | | |
+| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✅ | | | |
+| [EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✅ | ✅ | | |
+| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✅ | | | |
+| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✅ | | | |
+| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✅ | | | |
+| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✅ | | | |
+| [LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✅ | | | |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✅ | ✅ | | ✅ |
+| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✅ | ✅ | | ✅ |
+| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✅ | | | |
+| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✅ | ✅ | | ✅ |
+| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✅ | ✅ | | ✅ |
+| PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✅ | | | |
+| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✅ | | | |
+| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✅ | ✅ | | ✅ |
+| [ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✅ | | | |
+| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✅ | | | |
+| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✅ | ✅ | | ✅ |
+| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✅ | | | |
+| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✅ | | | |
+| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✅ | | | |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✅ | | | |
+| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✅ | | | |
+| [UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✅ | | | |
## Camera
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | | |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✅ | ✅ | | |
## Connectivity
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | | ✔️ |
-| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | | ✔️ |
-| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | | ✔️ |
-| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✔️ |
-| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✔️ |
-| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ |
-| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | | ✔️ |
-| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | | ✔️ |
-| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | | ✔️ |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✅ | ✅ | ✅ | ✅ |
+| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✅ | ✅ | | ✅ |
+| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✅ | ✅ | | ✅ |
+| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✅ | ✅ | | ✅ |
+| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✅ |
+| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✅ |
+| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. | ✅ | ✅ | | ✅ |
+| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✅ | ✅ | | ✅ |
+| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✅ | ✅ | | ✅ |
+| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✅ | ✅ | | ✅ |
## CredentialProviders
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✔️ | | | |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✅ | | | |
## Cryptography
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | | | |
-| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✅ | | | |
+| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✅ | | | |
## Defender
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | |
-| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | |
-| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | |
-| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | |
-| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | |
-| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | |
-| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✔️ | | | |
-| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | |
-| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | |
-| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | |
-| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | |
-| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | |
-| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | |
-| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✔️ | | | |
-| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | |
-| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | |
-| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | |
-| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
-| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | |
-| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | |
-| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | |
-| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | |
-| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | |
-| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | |
-| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | |
-| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | |
+| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✅ | | | |
+| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✅ | | | |
+| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✅ | | | |
+| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✅ | | | |
+| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✅ | | | |
+| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✅ | | | |
+| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✅ | | | |
+| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✅ | | | |
+| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✅ | | | |
+| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✅ | | | |
+| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✅ | | | |
+| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✅ | | | |
+| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✅ | | | |
+| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✅ | | | |
+| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✅ | | | |
+| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✅ | | | |
+| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✅ | | | |
+| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✅ | | | |
+| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✅ | | | |
+| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✅ | | | |
+| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✅ | | | |
+| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✅ | | | |
+| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✅ | | | |
+| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✅ | | | |
+| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✅ | | | |
+| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✅ | | | |
## DeliveryOptimization
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | |
-| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | |
-| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | |
-| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | |
-| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | |
-| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | |
-| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | |
-| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | |
-| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | |
-| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | |
-| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✔️ | | | |
-| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | |
-| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | |
-| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✔️ | | | |
-| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | |
-| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✔️ | | | |
-| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | |
-| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | |
-| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | |
-| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
+| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✅ | | | |
+| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✅ | | | |
+| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✅ | | | |
+| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✅ | | | |
+| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✅ | | | |
+| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✅ | | | |
+| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✅ | | | |
+| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✅ | | | |
+| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✅ | | | |
+| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✅ | | | |
+| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✅ | | | |
+| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✅ | | | |
+| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✅ | | | |
+| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✅ | | | |
+| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✅ | | | |
+| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✅ | | | |
+| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✅ | | | |
+| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✅ | | | |
+| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✅ | | | |
+| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
## DeviceGuard
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | |
+[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✅ | | | |
## DeviceLock
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
+| --- | --- | :---: | :---: | :---: | :---: |
| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | | | |
| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | | | |
-| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | | ✔️ | |
-|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | | ✔️ | |
-| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | | ✔️ | |
-| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | | ✔️ | |
-| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | | ✔️ | |
-| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | | ✔️ | |
-| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | | ✔️ | |
-| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | | ✔️ | |
-| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | | ✔️ | |
+| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✅ | | ✅ | |
+|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✅ | | ✅ | |
+| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✅ | | ✅ | |
+| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✅ | | ✅ | |
+| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✅ | | ✅ | |
+| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✅ | | ✅ | |
+| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✅ | | ✅ | |
+| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✅ | | ✅ | |
+| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✅ | | ✅ | |
| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | | | |
-
## DeviceManagement
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | |
-
-
+| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✅ | | | |
## Experience
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste are allowed. | | | | |
-| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | |
-| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | |
-| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | |
-| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | | ✔️ | |
+| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✅ | | ✅ | |
+| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✅ | | | |
+| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✅ | | | |
+| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✅ | | ✅ | |
| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | | | |
| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | | | |
-| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | | | |
-| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | |
+| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✅ | | | |
+| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✅ | | | |
| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | | | |
-| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | |
+| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✅ | | | |
| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | | | |
-| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | |
-| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | |
-| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | |
-| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | |
-| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | |
-| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | |
+| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✅ | | | |
+| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✅ | | | |
+| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✅ | | | |
+| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✅ | | | |
+| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✅ | | | |
+| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✅ | | | |
## ExploitGuard
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | | | |
-
+| --- | --- | :---: | :---: | :---: | :---: |
+| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✅ | | | |
## Games
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | |
-
+| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✅ | | | |
## KioskBrowser
-These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
+These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../kiosk/guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
-|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✔️ | | | |
-|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | |
-|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | |
-|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | |
-|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | |
-|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✅ | | | |
+|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✅ | | | |
+|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✅ | | | |
+|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✅ | | | |
+|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✅ | | | |
+|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✅ | | | |
+|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✅ | | | |
To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com).
-4. Save the XML file.
-5. Open the project again in Windows Configuration Designer.
-6. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+1. Insert the null character string in between each URL (e.g https://www.bing.comwww.contoso.com).
+1. Save the XML file.
+1. Open the project again in Windows Configuration Designer.
+1. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
## LocalPoliciesSecurityOptions
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | |
-| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | |
-| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | |
+| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✅ | | | |
+| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✅ | | | |
+| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✅ | | | |
## Location
@@ -356,69 +333,66 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
## Power
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | |
-| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | |
-| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | |
-| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | |
-| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | |
-| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | |
-| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | |
-| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | |
-| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | |
-| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | |
-| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | |
-| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | |
-| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | |
-| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | |
-| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | |
-| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | |
-| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | |
-| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | |
-| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | |
-| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | |
-| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✔️ | | | |
-| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✅ | | | |
+| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✅ | | | |
+| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✅ | | | |
+| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✅ | | | |
+| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✅ | | | |
+| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✅ | | | |
+| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✅ | | | |
+| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✅ | | | |
+| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✅ | | | |
+| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✅ | | | |
+| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✅ | | | |
+| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✅ | | | |
+| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✅ | | | |
+| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✅ | | | |
+| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✅ | | | |
+| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✅ | | | |
+| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✅ | | | |
+| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✅ | | | |
+| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✅ | | | |
+| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✅ | | | |
+| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✅ | | | |
+| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✅ | | | |
## Privacy
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | | | |
-| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | | ✔️ | |
-
+| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✅ | | ✅ | |
## Search
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | |
-[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
-| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | |
-| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | |
-| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | |
-| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
-| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | |
-| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | |
-| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | |
-| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | | | |
-| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | | | |
-| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | | | |
-| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | |
-
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✅ | | | |
+| [AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✅ | | | |
+| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✅ | | | |
+| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✅ | | ✅ | |
+| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✅ | | | |
+| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✅ | | | |
+| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✅ | | | |
+| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✅ | | | |
+| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✅ | | | |
+| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✅ | | | |
+| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✅ | | | |
+| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✅ | | | |
+| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | |
## Security
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | | ✔️ |
+| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✅ | ✅ | | ✅ |
| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | | | |
-| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | | ✔️ |
+| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✅ | ✅ | | ✅ |
| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | | | |
-| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | | ✔️ |
-| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | | | |
+| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✅ | ✅ | ✅ | ✅ |
+| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✅ | ✅ | | ✅ |
+| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✅ | | | |
## Settings
@@ -426,168 +400,163 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | |
| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | |
-| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | |
-| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
-[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | |
+| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✅ | |
+| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✅ | | | |
+[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✅ | | | |
## Start
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | |
-| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | |
-| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | |
-| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | |
-| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | |
-| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | |
-| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | |
-| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | |
-| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
-| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | |
-| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | |
-| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | |
-| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | |
-| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | |
-| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | |
-| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | |
-| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | |
-| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | |
-| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | |
-| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | |
-| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | |
+| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✅ | | | |
+| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✅ | | | |
+| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✅ | | | |
+| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✅ | | | |
+| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✅ | | | |
+| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✅ | | | |
+| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✅ | | | |
+| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✅ | | | |
+| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✅ | | | |
+| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✅ | | | |
+| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✅ | | | |
+| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✅ | | | |
+| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✅ | | | |
+| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✅ | | | |
+| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✅ | | | |
+| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✅ | | | |
+| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✅ | | | |
+| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✅ | | | |
+| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✅ | | | |
+| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✅ | | | |
+| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✅ | | | |
## System
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | | | |
-| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | | ✔️ |
-| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | | | |
-| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | | ✔️ |
-| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | | ✔️ | |
-| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | | | |
-ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | | | |
-ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | | | |
-| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | |
-| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | |
-| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
-
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✅ | | | |
+| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✅ | ✅ | | ✅ |
+| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✅ | | | |
+| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✅ | ✅ | ✅ | ✅ |
+| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✅ | ✅ | | ✅ |
+| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✅ | | ✅ | |
+| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✅ | | | |
+ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✅ | | | |
+ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✅ | | | |
+| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✅ | | | |
+| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✅ | | | |
+| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✅ | | | |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✅ | | | |
## TextInput
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | |
-| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✔️ | | | |
-| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | |
-| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | |
-| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | |
-| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | |
-| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | |
-| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | |
-| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | |
-| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
-| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-
+| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✅ | | | |
+| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✅ | | | |
+| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✅ | | | |
+| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✅ | | | |
+| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✅ | | | |
+| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✅ | | | |
+| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✅ | | | |
+| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✅ | | | |
+| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✅ | | | |
+| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
+| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
+| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
+| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
## TimeLanguageSettings
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
+| --- | --- | :---: | :---: | :---: | :---: |
| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | | | |
-
## Update
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
|---------|-------------|:--------------:|:-----------:|:--------:|:--------:|
-| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
-| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ |
-| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ |
-| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
-| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
-| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
-| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ |
-| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✔️ | ✔️ | | ✔️ |
-| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ |
-| PhoneUpdateRestrictions | Deprecated | | ✔️ | | |
-| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ |
-| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ |
-| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ |
-| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ |
-| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ |
-| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ |
-| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✅ | ✅ | | ✅ |
+| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✅ | ✅ | | ✅ |
+| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✅ | ✅ | | ✅ |
+| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✅ | ✅ | ✅ | ✅ |
+| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✅ | ✅ | | ✅ |
+| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
+| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✅ | ✅ | | ✅ |
+| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✅ | ✅ | ✅ | ✅ |
+| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✅ | ✅ | | ✅ |
+| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✅ | ✅ | | ✅ |
+| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✅ | ✅ | | ✅ |
+| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✅ | ✅ | ✅ | ✅ |
+| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✅ | ✅ | | ✅ |
+| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✅ | ✅ | | ✅ |
+| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✅ | ✅ | ✅ | ✅ |
+| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✅ | ✅ | ✅ | ✅ |
+| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✅ | ✅ | ✅ | ✅ |
+| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✅ | ✅ | | ✅ |
+| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✅ | ✅ | | ✅ |
+| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✅ | ✅ | | ✅ |
+| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✅ | ✅ | | ✅ |
+| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✅ | ✅ | | ✅ |
+| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✅ | ✅ | | ✅ |
+| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✅ | ✅ | | ✅ |
+| ManagePreviewBuilds | Use to enable or disable preview builds. | ✅ | ✅ | ✅ | ✅ |
+| PhoneUpdateRestrictions | Deprecated | | ✅ | | |
+| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✅ | ✅ | | ✅ |
+| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✅ | ✅ | | ✅ |
+| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✅ | ✅ | | ✅ |
+| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✅ | ✅ | | ✅ |
+| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✅ | ✅ | | ✅ |
+| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✅ | ✅ | | ✅ |
+| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✅ | ✅ | | ✅ |
+| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
+| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
## WiFi
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | | | |
-| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | | | |
+| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✅ | | | |
+| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✅ | | | |
| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | | | |
| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | | | |
-| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | | ✔️ |
+| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✅ | ✅ | | ✅ |
## WindowsInkWorkspace
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | |
-| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | |
-
+| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✅ | | | |
+| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✅ | | | |
## WindowsLogon
-
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✅ | | | |
## WirelessDisplay
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | | | |
+| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✅ | | | |
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index 13962db09d..f1cf11e992 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -1,15 +1,8 @@
---
-title: Privacy (Windows 10)
+title: Privacy
description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Privacy (Windows Configuration Designer reference)
@@ -20,7 +13,7 @@ Use **Privacy** to configure settings for app activation with voice.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | ✔️ |
+| All settings | ✅ | ✅ | | ✅ |
## LetAppsActivateWithVoice
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index e79eb9f7f3..f10116f137 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -1,30 +1,19 @@
---
-title: ProvisioningCommands (Windows 10)
+title: ProvisioningCommands
description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
+
---
# ProvisioningCommands (Windows Configuration Designer reference)
-Use ProvisioningCommands settings to install Windows desktop applications using a provisioning package.
+Use ProvisioningCommands settings to install Windows desktop applications using a provisioning package.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).
-
-
-
-
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index 9bff17847b..64e884bf46 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -1,16 +1,8 @@
---
title: SharedPC
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 10/16/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# SharedPC (Windows Configuration Designer reference)
@@ -20,8 +12,8 @@ Use SharedPC settings to optimize Windows devices for shared use scenarios, such
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
## AccountManagement
@@ -46,7 +38,6 @@ Set as **True** to enable **Shared PC Mode**. This setting controls this API: [I
Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
-
## PolicyCustomization
Use these settings to configure additional Shared PC policies.
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 1e5fe77243..a1b396a24b 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -1,16 +1,8 @@
---
-title: SMISettings (Windows 10)
+title: SMISettings
description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
ms.date: 03/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
---
# SMISettings (Windows Configuration Designer reference)
@@ -20,8 +12,8 @@ Use SMISettings settings to customize the device with custom shell, suppress Win
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
## All settings in SMISettings
@@ -59,7 +51,7 @@ The default value is **17**, which disables all Welcome screen UI elements and t
| 8 | Disables the Ease of access button |
| 16 | Disables the Switch user button |
| 32 | Disables the blocked shutdown resolver (BSDR) screen. Restarting or shutting down the system causes the OS to immediately force close any applications that are blocking the system shutdown. No UI is displayed, and users aren't given a chance to cancel the shutdown process. This value can result in a loss of data if any open applications have unsaved data. |
-
+
## CrashDumpEnabled values
If the system stops unexpectedly, choose the type of information to capture in a dump (.dmp) file.
@@ -73,10 +65,10 @@ Set CrashDumpEnabled to one of the following values:
| 1 | Records all the contents of system memory. This dump file may contain data from processes that were running when the information was collected. |
| 2 | Records only the kernel memory. This dump file includes only memory that's allocated to the kernel, kernel-mode drivers, and other kernel-mode programs. It doesn't include unallocated memory, or any memory that's allocated to user-mode programs. For most purposes, this kind of dump file is the most useful because it's smaller than the complete memory dump file. It also includes information that's most likely involved in the issue. If a second problem occurs, the dump file is overwritten with new information. |
| 3 | Records the smallest amount of useful information that may help identify why the device stopped unexpectedly. This type of dump file includes the following information:- A list of loaded drivers- The processor context (PRCB) for the processor that stopped- The process information and kernel context (EPROCESS) for the process that stopped- The process information and kernel context (ETHREAD) for the thread that stopped- The kernel-mode call stack for the thread that stoppedThis dump file can be useful when space is limited. Because of the limited information, errors that aren't directly caused by the running thread at the time of the problem may not be discovered by analyzing this file. The date is encoded in the file name. If a second problem occurs, the previous file is preserved and the new file is given a distinct name. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder. |
-| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 3. |
-| 7 | Records only the kernel memory. This value produces the same results as entering a value of 2. This is the default value. |
+| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 1. |
+| 7 | Records only the kernel memory. This value produces the same results as entering a value of 1. This is the default value. |
| Any other value | Disables crash dump and doesn't record anything. |
-
+
## KeyboardFilter settings
Use these settings to suppress undesirable key presses or key combinations. KeyboardFilter works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard.
@@ -98,7 +90,7 @@ When you **enable** KeyboardFilter, many other settings become available for con
Use ShellLauncher to specify the application or executable to use as the default custom shell. One use of ShellLauncher is to [create a kiosk (fixed-purpose) device running a Windows desktop application](/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions#shell-launcher-for-classic-windows-applications).
>[!WARNING]
->Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
+>Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
You can also configure ShellLauncher to launch different shell applications for different users or user groups.
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index b8d84f5b0c..aab20c09ae 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -1,16 +1,8 @@
---
-title: Start (Windows 10)
+title: Start
description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Start (Windows Configuration Designer reference)
@@ -19,9 +11,9 @@ Use Start settings to apply a customized Start screen to devices.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| StartLayout | ✔️ | | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| StartLayout | ✅ | | | |
>[!IMPORTANT]
>The StartLayout setting is available in the advanced provisioning for Windows 10, but shouldn't be used. For Windows client, use [Policies > StartLayout](wcd-policies.md#start).
@@ -29,4 +21,3 @@ Use Start settings to apply a customized Start screen to devices.
## StartLayout
Use StartLayout to select the `LayoutModification.xml` file that applies a customized Start screen.
-
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 55c8fcc8f3..7f4c1c4709 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -1,16 +1,8 @@
---
-title: StartupApp (Windows 10)
+title: StartupApp
description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# StartupApp (Windows Configuration Designer reference)
@@ -20,7 +12,7 @@ Use StartupApp settings to configure the default app that will run on start for
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| Default | | | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| Default | | | | ✅ |
Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app.
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 6838b63730..95022798c2 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -1,16 +1,8 @@
---
-title: StartupBackgroundTasks (Windows 10)
+title: StartupBackgroundTasks
description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# StartupBackgroundTasks (Windows Configuration Designer reference)
@@ -21,5 +13,4 @@ Documentation not available at this time.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | | | | ✔️ |
-
+| All settings | | | | ✅ |
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 397c14a4f5..7daa17c986 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -1,15 +1,8 @@
---
-title: StorageD3InModernStandby (Windows 10)
+title: StorageD3InModernStandby
description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# StorageD3InModernStandby (Windows Configuration Designer reference)
@@ -24,5 +17,5 @@ Use **StorageD3InModernStandby** to enable or disable low-power state (D3) durin
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | ✅ | | ✅ |
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index cd0bdc4208..7a8db5a247 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -1,16 +1,8 @@
---
-title: SurfaceHubManagement (Windows 10)
+title: SurfaceHubManagement
description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# SurfaceHubManagement (Windows Configuration Designer reference)
@@ -20,14 +12,11 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
>[!IMPORTANT]
>These settings should be used only in provisioning packages that are applied during OOBE.
-
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
-
+| --- | :---: | :---: | :---: | :---: |
+| All settings | | ✅ | | |
## GroupName
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 9934c78fd0..04aeb1232a 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -1,16 +1,8 @@
---
-title: TabletMode (Windows 10)
+title: TabletMode
description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# TabletMode (Windows Configuration Designer reference)
@@ -21,11 +13,11 @@ Use TabletMode to configure settings related to tablet mode.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | |
+| All settings | ✅ | ✅ | | |
## ConvertibleSlateModePromptPreference
-Set the default for hardware-based prompts.
+Set the default for hardware-based prompts.
## SignInMode
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index d5071fb0e0..79a7405207 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -1,16 +1,8 @@
---
-title: TakeATest (Windows 10)
+title: TakeATest
description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# TakeATest (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| All settings | ✅ | | | |
## AllowScreenMonitoring
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 1bb981193e..39bb291ce0 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -1,26 +1,19 @@
---
-title: Time (Windows 10)
+title: Time
description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Time
-Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
+Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | |
+| [ProvisionSetTimeZone](#provisionsettimezone) | ✅ | | | |
## ProvisionSetTimeZone
@@ -33,6 +26,3 @@ Set to **False** for time zone assignment to occur when the first user signs in.
>[!NOTE]
>Do not set **Time > ProvisionSetTimeZone** to **False** and also set a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone**.
-
-
-
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 2c03844e3f..a7aea5e4ed 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -1,21 +1,12 @@
---
-title: UnifiedWriteFilter (Windows 10)
+title: UnifiedWriteFilter
description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UnifiedWriteFilter (reference)
-
Use UnifiedWriteFilter to configure settings for the Unified Write Filter (UWF). It helps protect your physical storage media, including most standard writable storage types that are supported by the OS, such as:
- Physical hard disks
@@ -34,16 +25,15 @@ UWF intercepts all write attempts to a protected volume and redirects these writ
The overlay doesn't mirror the entire volume. It dynamically grows to keep track of redirected writes. Generally, the overlay is stored in system memory. You can cache a portion of the overlay on a physical volume.
>[!NOTE]
->UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
+>UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
[Learn more about the Unified Write Filter feature.](/windows-hardware/customize/enterprise/unified-write-filter)
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | ✔️ |
+| All settings | ✅ | | | ✅ |
## FilterEnabled
@@ -51,7 +41,7 @@ Set to **True** to enable UWF.
## OverlayFlags
-OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
+OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
- Value `0` (default value when [OverlayType](#overlaytype) isn't **Disk**): writes are redirected to the overlay file
- Value `1`(default value when [OverlayType](#overlaytype) is **Disk**): writes to unused space on the volume are allowed to pass through without being redirected to the overlay file.
@@ -65,7 +55,7 @@ Enter the maximum overlay size, in megabytes (MB), for the UWF overlay. The mini
## OverlayType
-OverlayType specifies where the overlay is stored. Select between **RAM** (default) and **Disk** (pre-allocated file on the system volume).
+OverlayType specifies where the overlay is stored. Select between **RAM** (default) and **Disk** (pre-allocated file on the system volume).
## RegistryExclusions
@@ -81,7 +71,7 @@ Set to **True** to reset UWF settings to the original state that was captured at
## Volumes
-Enter a drive letter for a volume to be protected by UWF.
+Enter a drive letter for a volume to be protected by UWF.
>[!NOTE]
>In the current OS release, Windows Configuration Designer contains a validation bug. To work around this issue, you must include a ":" after the drive letter when specifying the value for the setting. For example, if you are specifying the C drive, you must set DriveLetter to "C:" instead of just "C".
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 2e3a68fe9f..2afe56cfb4 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -1,35 +1,26 @@
---
-title: UniversalAppInstall (Windows 10)
+title: UniversalAppInstall
description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UniversalAppInstall (reference)
-
-Use UniversalAppInstall settings to install Windows apps from the Microsoft Store or a hosted location.
+Use UniversalAppInstall settings to install Windows apps from the Microsoft Store or a hosted location.
>[!NOTE]
>You can only use the Windows provisioning settings and provisioning packages for apps where you have the available installation files, namely with sideloaded apps that have an offline license. [Learn more about offline app distribution.](/microsoft-store/distribute-offline-apps)
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [DeviceContextApp](#devicecontextapp) | ✔️ | ✔️ | | |
-| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | ✔️ | | |
-| [StoreInstall](#storeinstall) | ✔️ | ✔️ | | ✔️ |
-| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | | ✔️ |
-| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | | ✔️ |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [DeviceContextApp](#devicecontextapp) | ✅ | ✅ | | |
+| [DeviceContextAppLicense](#devicecontextapplicense) | ✅ | ✅ | | |
+| [StoreInstall](#storeinstall) | ✅ | ✅ | | ✅ |
+| [UserContextApp](#usercontextapp) | ✅ | ✅ | | ✅ |
+| [UserContextAppLicense](#usercontextapplicense) | ✅ | ✅ | | ✅ |
## DeviceContextApp
@@ -41,56 +32,52 @@ Enter an app package family name to install an app for all device users. You can
For each app that you add to the package, configure the settings in the following table.
| Setting | Value | Description |
-| --- | --- | --- |
-| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
-| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
-| DeploymentOptions | - None-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. - Development mode: Don't use. - Install all resources: When you set this option, the app is instructed to skip resource applicability checks.- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
-| LaunchAppAtLogin | - Don't launch app- Launch app | Set the value for app behavior when a user signs in. |
-| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
+|--|--|--|
+| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
+| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
+| DeploymentOptions | - None-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. - Development mode: Don't use. - Install all resources: When you set this option, the app is instructed to skip resource applicability checks.- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
+| LaunchAppAtLogin | - Don't launch app- Launch app | Set the value for app behavior when a user signs in. |
+| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
For more information on deployment options, see [DeploymentOptions Enum](/uwp/api/windows.management.deployment.deploymentoptions).
## DeviceContextAppLicense
-Use to specify the license file for the provisioned app.
+Use to specify the license file for the provisioned app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
-
-2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
-
+1. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
## StoreInstall
Use to install an app from the Microsoft Store for Business.
1. Enter a package family name, and then select **Add**.
-2. Configure the following required settings for the app package.
+1. Configure the following required settings for the app package.
-Setting | Description
---- | ---
-Flags | Description not available at this time.
-ProductID | Enter the product ID. [Learn how to find the product ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
-SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
+| Setting | Description |
+|--|--|
+| Flags | Description not available at this time. |
+| ProductID | Enter the product ID. [Learn how to find the product ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services) |
+| SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services) |
## UserContextApp
Use to add a new user context app.
1. Specify a **PackageFamilyName** for the app, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
-
-Setting | Value | Description
---- | --- | ---
-ApplicationFile | App file | Browse to, select, and add the application file,
-DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files.
-DeploymentOptions | - None- Force application shutdown- Development mode- Install all resources- Force target application shutdown | Select a deployment option.
-LaunchAppAtLogin | - Don't launch app- Launch app | Select whether the app should be started when a user signs in.
+1. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
+| Setting | Value | Description |
+|--|--|--|
+| ApplicationFile | App file | Browse to, select, and add the application file, |
+| DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files. |
+| DeploymentOptions | - None- Force application shutdown- Development mode- Install all resources- Force target application shutdown | Select a deployment option. |
+| LaunchAppAtLogin | - Don't launch app- Launch app | Select whether the app should be started when a user signs in. |
## UserContextAppLicense
-Use to specify the license file for the user context app.
+Use to specify the license file for the user context app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
-
-2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
+1. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 5889dc2d7e..1d4aec5200 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -1,43 +1,33 @@
---
-title: UniversalAppUninstall (Windows 10)
+title: UniversalAppUninstall
description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UniversalAppUninstall (reference)
-
Use UniversalAppUninstall settings to uninstall or remove Windows apps.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | |
-| [Uninstall](#uninstall) | ✔️ | ✔️ | | ✔️ |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [RemoveProvisionedApp](#removeprovisionedapp) | ✅ | | | |
+| [Uninstall](#uninstall) | ✅ | ✅ | | ✅ |
## RemoveProvisionedApp
-Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
+Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
Use **RemoveProvisionedApp** to remove app packages that are available on the device. Any instances of the app that have already been installed by a user aren't uninstalled. To uninstall provisioned apps that have been installed by a user, use the [Uninstall](#uninstall) setting.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
+1. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
## Uninstall
Use **Uninstall** to remove provisioned apps that have been installed by a user.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.
+1. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 9869da77b4..ac5ff4d4ee 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -1,29 +1,19 @@
---
-title: UsbErrorsOEMOverride (Windows 10)
+title: UsbErrorsOEMOverride
description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UsbErrorsOEMOverride (reference)
-
-Allows an OEM to hide the USB option UI in Settings and all USB device errors.
-
+Allows an OEM to hide the USB option UI in Settings and all USB device errors.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✅ | ✅ | ✅ | |
## HideUsbErrorNotifyOptionUI
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 211d170ce0..b9f60ef6bb 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -1,35 +1,24 @@
---
-title: WeakCharger (Windows 10)
+title: WeakCharger
description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WeakCharger (reference)
-
Use WeakCharger settings to configure the charger notification UI.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | | |
-| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✅ | ✅ | | |
+| [NotifyOnWeakCharger](#notifyonweakcharger) | ✅ | ✅ | | |
## HideWeakChargerNotifyOptionUI
-This setting determines whether the user sees the dialog that's displayed when the user connects the device to an incompatible charging source. By default, the OS shows the weak charger notification option UI.
+This setting determines whether the user sees the dialog that's displayed when the user connects the device to an incompatible charging source. By default, the OS shows the weak charger notification option UI.
Select between **Show Weak Charger Notifications UI** and **Hide Weak Charger Notifications UI**.
@@ -40,10 +29,9 @@ This setting shows a warning when the user connects the device to an incompatibl
An incompatible charging source is one that doesn't behave like one of the following port types:
- Charging downstream port
-- Standard downstream port
+- Standard downstream port
- Dedicated charging port
The port types are defined by the USB Battery Charging Specification, Revision 1.2, available at `USB.org`.
Select between **Disable Weak Charger Notifications UI** and **Enable Weak Charger Notifications UI**.
-
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index f69695122b..d4daca497d 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -1,28 +1,19 @@
---
-title: WindowsHelloForBusiness (Windows 10)
+title: WindowsHelloForBusiness
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WindowsHelloForBusiness (Windows Configuration Designer reference)
-
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to a Windows device configured for [Shared PC mode](wcd-sharedpc.md).
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [SecurityKeys](#securitykeys) | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| [SecurityKeys](#securitykeys) | ✅ | | | |
## SecurityKeys
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index f2ae2c2447..2615a85f97 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -1,36 +1,26 @@
---
-title: WindowsTeamSettings (Windows 10)
+title: WindowsTeamSettings
description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WindowsTeamSettings (reference)
-
Use WindowsTeamSettings settings to configure Surface Hub.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
## Connect
| Setting | Value | Description |
| --- | --- | --- |
| AutoLaunch | True or false | Open the Connect app automatically when someone projects. |
-| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
+| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 251. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
| Enabled | True or false | Enables wireless projection to the device. |
| PINRequired | True or false | Requires presenters to enter a PIN to connect wirelessly to the device. |
@@ -55,8 +45,6 @@ A device account is a Microsoft Exchange account that's connected with Skype for
Use these settings to configure 802.1x wired authentication. For details, see [Enable 802.1x wired authentication](/surface-hub/enable-8021x-wired-authentication).
-
-
## FriendlyName
Enter the name that users will see when they want to project wirelessly to the device.
@@ -72,7 +60,7 @@ Maintenance hours are the period of time when automatic maintenance tasks are ru
## OMSAgent
-Configures the Operations Management Suite workspace.
+Configures the Operations Management Suite workspace.
| Setting | Value | Description |
| --- | --- | --- |
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 6a2da109c1..6cfa3adaa3 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -1,27 +1,16 @@
---
-title: WLAN (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: WLAN
description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WLAN (reference)
-
Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connectivityprofiles.md#wlan)
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
| All settings | | | | |
-
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index 8e21def9dd..8f7a6dcdac 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -1,28 +1,19 @@
---
-title: Workplace (Windows 10)
+title: Workplace
description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Workplace (reference)
-
Use Workplace settings to configure bulk user enrollment to a mobile device management (MDM) service. For more information, see [Bulk enrollment step-by-step](/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool).
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Enrollments](#enrollments) | ✔️ | ✔️ | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| [Enrollments](#enrollments) | ✅ | ✅ | | ✅ |
## Enrollments
@@ -36,6 +27,3 @@ Select **Enrollments**, enter a UPN, and then select **Add** to configure the se
| PolicyServiceFullUrl | URL | The full URL for the policy service |
| Secret | - Password string for on-premises authentication enrollment- Federated security token for federated enrollment- Certificate thumb print for certificate-based enrollment | Enter the appropriate value for the selected AuthPolicy. |
-## Related articles
-
-- [Provisioning configuration service provider (CSP)](/windows/client-management/mdm/provisioning-csp)
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 3fe32ffa9b..3cbabeba2c 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -1,76 +1,67 @@
---
-title: Windows Configuration Designer provisioning settings (Windows 10)
+title: Windows Configuration Designer provisioning settings
description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Windows Configuration Designer provisioning settings (reference)
-This section describes the settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer.
+This section describes the settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer.
## Edition that each group of settings applies to
| Setting group | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [AccountManagement](wcd-accountmanagement.md) | | | ✔️ | |
-| [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ADMXIngestion](wcd-admxingestion.md) | ✔️ | | | |
-| [AssignedAccess](wcd-assignedaccess.md) | ✔️ | | ✔️ | |
-| [Browser](wcd-browser.md) | ✔️ | ✔️ | | |
-| [CellCore](wcd-cellcore.md) | ✔️ | | | |
-| [Cellular](wcd-cellular.md) | ✔️ | | | |
-| [Certificates](wcd-certificates.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [CleanPC](wcd-cleanpc.md) | ✔️ | | | |
-| [Connections](wcd-connections.md) | ✔️ | ✔️ | | |
-| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✔️ | ✔️ | ✔️ | |
-| [CountryAndRegion](wcd-countryandregion.md) | ✔️ | ✔️ | | |
-| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✔️ | | | |
-| [DeveloperSetup](wcd-developersetup.md) | | | ✔️ | |
-| [DeviceFormFactor](wcd-deviceformfactor.md) | ✔️ | ✔️ | | |
-| [DeviceManagement](wcd-devicemanagement.md) | ✔️ | ✔️ | ✔️ | |
-| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✔️ | | | |
-| [DMClient](wcd-dmclient.md) | ✔️ | ✔️ | | ✔️ |
-| [EditionUpgrade](wcd-editionupgrade.md) | ✔️ | | ✔️ | |
+| --- | :---: | :---: | :---: | :---: |
+| [AccountManagement](wcd-accountmanagement.md) | | | ✅ | |
+| [Accounts](wcd-accounts.md) | ✅ | ✅ | ✅ | ✅ |
+| [ADMXIngestion](wcd-admxingestion.md) | ✅ | | | |
+| [AssignedAccess](wcd-assignedaccess.md) | ✅ | | ✅ | |
+| [Browser](wcd-browser.md) | ✅ | ✅ | | |
+| [CellCore](wcd-cellcore.md) | ✅ | | | |
+| [Cellular](wcd-cellular.md) | ✅ | | | |
+| [Certificates](wcd-certificates.md) | ✅ | ✅ | ✅ | ✅ |
+| [CleanPC](wcd-cleanpc.md) | ✅ | | | |
+| [Connections](wcd-connections.md) | ✅ | ✅ | | |
+| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✅ | ✅ | ✅ | |
+| [CountryAndRegion](wcd-countryandregion.md) | ✅ | ✅ | | |
+| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✅ | | | |
+| [DeveloperSetup](wcd-developersetup.md) | | | ✅ | |
+| [DeviceFormFactor](wcd-deviceformfactor.md) | ✅ | ✅ | | |
+| [DeviceManagement](wcd-devicemanagement.md) | ✅ | ✅ | ✅ | |
+| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✅ | | | |
+| [DMClient](wcd-dmclient.md) | ✅ | ✅ | | ✅ |
+| [EditionUpgrade](wcd-editionupgrade.md) | ✅ | | ✅ | |
| [EmbeddedLockdownProfiles](https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5) | | | | |
-| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✔️ |
-| [FirstExperience](wcd-firstexperience.md) | | | ✔️ | |
-| [Folders](wcd-folders.md) |✔️ | ✔️ | | |
-| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✔️ |
-| [Licensing](wcd-licensing.md) | ✔️ | | | |
-| [Location](wcd-location.md) | | | | ✔️ |
-| [Maps](wcd-maps.md) |✔️ | ✔️ | | |
-| [NetworkProxy](wcd-networkproxy.md) | | ✔️ | | |
-| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✔️ | | |
-| [OOBE](wcd-oobe.md) | ✔️ | | | |
-| [Personalization](wcd-personalization.md) | ✔️ | | | |
-| [Policies](wcd-policies.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [Privacy](wcd-folders.md) |✔️ | ✔️ | | ✔️ |
-| [ProvisioningCommands](wcd-provisioningcommands.md) | ✔️ | | | |
-| [SharedPC](wcd-sharedpc.md) | ✔️ | | | |
-| [SMISettings](wcd-smisettings.md) | ✔️ | | | |
-| [Start](wcd-start.md) | ✔️ | | | |
-| [StartupApp](wcd-startupapp.md) | | | | ✔️ |
-| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✔️ |
-| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✔️ | ✔️ | | ✔️ |
-| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✔️ | | |
-| [TabletMode](wcd-tabletmode.md) |✔️ | ✔️ | | |
-| [TakeATest](wcd-takeatest.md) | ✔️ | | | |
-| [Time](wcd-time.md) | ✔️ | | | |
-| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✔️ | | | ✔️ |
-| [UniversalAppInstall](wcd-universalappinstall.md) | ✔️ | ✔️ | | ✔️ |
-| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✔️ | ✔️ | | ✔️ |
-| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✔️ | ✔️ | | |
-| [WeakCharger](wcd-weakcharger.md) |✔️ | ✔️ | | |
-| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✔️ | | | |
-| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✔️ | | |
-| [Workplace](wcd-workplace.md) |✔️ | ✔️ | | ✔️ |
-
+| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✅ |
+| [FirstExperience](wcd-firstexperience.md) | | | ✅ | |
+| [Folders](wcd-folders.md) |✅ | ✅ | | |
+| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✅ |
+| [Licensing](wcd-licensing.md) | ✅ | | | |
+| [Location](wcd-location.md) | | | | ✅ |
+| [Maps](wcd-maps.md) |✅ | ✅ | | |
+| [NetworkProxy](wcd-networkproxy.md) | | ✅ | | |
+| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✅ | | |
+| [OOBE](wcd-oobe.md) | ✅ | | | |
+| [Personalization](wcd-personalization.md) | ✅ | | | |
+| [Policies](wcd-policies.md) | ✅ | ✅ | ✅ | ✅ |
+| [Privacy](wcd-folders.md) |✅ | ✅ | | ✅ |
+| [ProvisioningCommands](wcd-provisioningcommands.md) | ✅ | | | |
+| [SharedPC](wcd-sharedpc.md) | ✅ | | | |
+| [SMISettings](wcd-smisettings.md) | ✅ | | | |
+| [Start](wcd-start.md) | ✅ | | | |
+| [StartupApp](wcd-startupapp.md) | | | | ✅ |
+| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✅ |
+| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✅ | ✅ | | ✅ |
+| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✅ | | |
+| [TabletMode](wcd-tabletmode.md) |✅ | ✅ | | |
+| [TakeATest](wcd-takeatest.md) | ✅ | | | |
+| [Time](wcd-time.md) | ✅ | | | |
+| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✅ | | | ✅ |
+| [UniversalAppInstall](wcd-universalappinstall.md) | ✅ | ✅ | | ✅ |
+| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✅ | ✅ | | ✅ |
+| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✅ | ✅ | | |
+| [WeakCharger](wcd-weakcharger.md) |✅ | ✅ | | |
+| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✅ | | | |
+| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✅ | | |
+| [Workplace](wcd-workplace.md) |✅ | ✅ | | ✅ |
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 5d7ac4a474..d96a476eb7 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -1,16 +1,14 @@
- name: Deploy and update Windows client
href: index.yml
- items:
+ items:
- name: Get started
- items:
- - name: What's new
- href: deploy-whats-new.md
+ items:
- name: Windows client deployment scenarios
href: windows-10-deployment-scenarios.md
- name: Quick guide to Windows as a service
- href: update/waas-quick-start.md
+ href: update/waas-quick-start.md
- name: Windows as a service overview
- href: update/waas-overview.md
+ href: update/waas-overview.md
- name: Update release cycle
href: update/release-cycle.md
- name: Basics of Windows updates, channels, and tools
@@ -18,7 +16,7 @@
- name: Prepare servicing strategy for Windows client updates
href: update/waas-servicing-strategy-windows-10-updates.md
- name: Deployment proof of concept
- items:
+ items:
- name: Deploy Windows 10 with MDT and Configuration Manager
items:
- name: 'Step by step guide: Configure a test lab to deploy Windows 10'
@@ -26,9 +24,9 @@
- name: Deploy Windows 10 in a test lab using MDT
href: windows-10-poc-mdt.md
- name: Deploy Windows 10 in a test lab using Configuration Manager
- href: windows-10-poc-sc-config-mgr.md
+ href: windows-10-poc-sc-config-mgr.md
- name: Deployment process posters
- href: windows-10-deployment-posters.md
+ href: windows-10-deployment-posters.md
- name: Plan
items:
@@ -41,7 +39,7 @@
- name: Evaluate infrastructure and tools
href: update/eval-infra-tools.md
- name: Determine application readiness
- href: update/plan-determine-app-readiness.md
+ href: update/plan-determine-app-readiness.md
- name: Define your servicing strategy
href: update/plan-define-strategy.md
- name: Delivery Optimization for Windows client updates
@@ -64,11 +62,11 @@
- name: Deprecated features
href: /windows/whats-new/deprecated-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Resources for deprecated features
- href: /windows/whats-new/deprecated-features-resources?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+ href: /windows/whats-new/deprecated-features-resources?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Removed features
- href: /windows/whats-new/removed-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+ href: /windows/whats-new/removed-features?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Prepare
- items:
+ items:
- name: Prepare for Windows 11
href: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Prepare to deploy Windows client updates
@@ -97,7 +95,7 @@
href: update/waas-manage-updates-wsus.md
- name: Deploy
- items:
+ items:
- name: Deploy Windows client
items:
- name: Deploy Windows client with Autopilot
@@ -139,11 +137,11 @@
- name: Safeguard holds
href: update/safeguard-holds.md
- name: Manage the Windows client update experience
- items:
+ items:
- name: Manage device restarts after updates
href: update/waas-restart.md
- name: Manage additional Windows Update settings
- href: update/waas-wu-settings.md
+ href: update/waas-wu-settings.md
- name: Use Windows Update for Business
items:
- name: What is Windows Update for Business?
@@ -151,7 +149,7 @@
- name: Configure Windows Update for Business
href: update/waas-configure-wufb.md
- name: Use Windows Update for Business and WSUS
- href: update/wufb-wsus.md
+ href: update/wufb-wsus.md
- name: Enforcing compliance deadlines for updates
href: update/wufb-compliancedeadlines.md
- name: Integrate Windows Update for Business with management solutions
@@ -165,7 +163,7 @@
- name: Prerequisites for Windows Update for Business deployment service
href: update/deployment-service-prerequisites.md
- name: Deploy updates with the deployment service
- items:
+ items:
- name: Deploy feature updates using Graph Explorer
href: update/deployment-service-feature-updates.md
- name: Deploy expedited updates using Graph Explorer
@@ -184,21 +182,21 @@
href: vda-subscription-activation.md
- name: Deploy Windows Enterprise licenses
href: deploy-enterprise-licenses.md
- - name: Volume Activation
+ - name: Volume Activation
items:
- name: Overview
href: volume-activation/volume-activation-windows-10.md
- - name: Plan for volume activation
+ - name: Plan for volume activation
href: volume-activation/plan-for-volume-activation-client.md
- - name: Activate using Key Management Service
+ - name: Activate using Key Management Service
href: volume-activation/activate-using-key-management-service-vamt.md
- - name: Activate using Active Directory-based activation
+ - name: Activate using Active Directory-based activation
href: volume-activation/activate-using-active-directory-based-activation-client.md
- name: Activate clients running Windows 10
href: volume-activation/activate-windows-10-clients-vamt.md
- - name: Monitor activation
+ - name: Monitor activation
href: volume-activation/monitor-activation-client.md
- - name: Use the Volume Activation Management Tool
+ - name: Use the Volume Activation Management Tool
href: volume-activation/use-the-volume-activation-management-tool-client.md
href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
- name: Volume Activation Management Tool (VAMT)
@@ -282,19 +280,19 @@
- name: Windows Update for Business reports
items:
- name: Windows Update for Business reports overview
- href: update/wufb-reports-overview.md
+ href: update/wufb-reports-overview.md
- name: Enable Windows Update for Business reports
- items:
+ items:
- name: Windows Update for Business reports prerequisites
href: update/wufb-reports-prerequisites.md
- name: Enable Windows Update for Business reports
- href: update/wufb-reports-enable.md
+ href: update/wufb-reports-enable.md
- name: Configure clients with a script
href: update/wufb-reports-configuration-script.md
- name: Configure clients manually
href: update/wufb-reports-configuration-manual.md
- name: Configure clients with Microsoft Intune
- href: update/wufb-reports-configuration-intune.md
+ href: update/wufb-reports-configuration-intune.md
- name: Use Windows Update for Business reports
items:
- name: Windows Update for Business reports workbook
@@ -302,13 +300,13 @@
- name: Delivery Optimization data in reports
href: update/wufb-reports-do.md
- name: Software updates in the Microsoft 365 admin center
- href: update/wufb-reports-admin-center.md
+ href: update/wufb-reports-admin-center.md
- name: Use Windows Update for Business reports data
href: update/wufb-reports-use.md
- name: FAQ for Windows Update for Business reports
- href: update/wufb-reports-faq.yml
- - name: Feedback and support
- href: update/wufb-reports-help.md
+ href: update/wufb-reports-faq.yml
+ - name: Feedback and support
+ href: update/wufb-reports-help.md
- name: Windows Update for Business reports schema reference
items:
- name: Windows Update for Business reports schema reference
@@ -316,25 +314,27 @@
- name: UCClient
href: update/wufb-reports-schema-ucclient.md
- name: UCClientReadinessStatus
- href: update/wufb-reports-schema-ucclientreadinessstatus.md
+ href: update/wufb-reports-schema-ucclientreadinessstatus.md
- name: UCClientUpdateStatus
href: update/wufb-reports-schema-ucclientupdatestatus.md
- name: UCDeviceAlert
href: update/wufb-reports-schema-ucdevicealert.md
- name: UCDOAggregatedStatus
- href: update/wufb-reports-schema-ucdoaggregatedstatus.md
+ href: update/wufb-reports-schema-ucdoaggregatedstatus.md
- name: UCDOStatus
- href: update/wufb-reports-schema-ucdostatus.md
+ href: update/wufb-reports-schema-ucdostatus.md
- name: UCServiceUpdateStatus
href: update/wufb-reports-schema-ucserviceupdatestatus.md
- name: UCUpdateAlert
- href: update/wufb-reports-schema-ucupdatealert.md
+ href: update/wufb-reports-schema-ucupdatealert.md
+ - name: Enumerated types
+ href: update/wufb-reports-schema-enumerated-types.md
- name: Troubleshooting
items:
- name: Resolve upgrade errors
items:
- - name: Resolve Windows client upgrade errors
- href: upgrade/resolve-windows-10-upgrade-errors.md
+ - name: Resolve Windows upgrade errors
+ href: upgrade/resolve-windows-upgrade-errors.md
- name: Quick fixes
href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: SetupDiag
@@ -360,7 +360,7 @@
- name: Determine the source of Windows Updates
href: ./update/how-windows-update-works.md
- name: Windows Update security
- href: ./update/windows-update-security.md
+ href: ./update/windows-update-security.md
- name: Common Windows Update errors
href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows Update error code reference
@@ -383,7 +383,7 @@
- name: Servicing stack updates
href: update/servicing-stack-updates.md
- name: Update CSP policies
- href: /windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+ href: /windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Additional Windows Update settings
href: update/waas-wu-settings.md
- name: Delivery Optimization reference
@@ -404,22 +404,6 @@
href: configure-a-pxe-server-to-load-windows-pe.md
- name: Windows ADK for Windows 10 scenarios for IT Pros
href: windows-adk-scenarios-for-it-pros.md
- - name: Windows To Go
- items:
- - name: Deploy Windows To Go in your organization
- href: deploy-windows-to-go.md
- - name: "Windows To Go: feature overview"
- href: planning/windows-to-go-overview.md
- - name: Best practice recommendations for Windows To Go
- href: planning/best-practice-recommendations-for-windows-to-go.md
- - name: Deployment considerations for Windows To Go
- href: planning/deployment-considerations-for-windows-to-go.md
- - name: Prepare your organization for Windows To Go
- href: planning/prepare-your-organization-for-windows-to-go.md
- - name: Security and data protection considerations for Windows To Go
- href: planning/security-and-data-protection-considerations-for-windows-to-go.md
- - name: "Windows To Go: frequently asked questions"
- href: planning/windows-to-go-frequently-asked-questions.yml
- name: User State Migration Tool (USMT) technical reference
items:
- name: USMT overview articles
@@ -448,7 +432,7 @@
href: usmt/usmt-reroute-files-and-settings.md
- name: Verify the Condition of a Compressed Migration Store
href: usmt/verify-the-condition-of-a-compressed-migration-store.md
-
+
- name: USMT Reference
items:
- name: USMT Requirements
@@ -590,4 +574,4 @@
- name: Install fonts in Windows client
href: windows-10-missing-fonts.md
- name: Customize Windows PE boot images
- href: customize-boot-image.md
+ href: customize-boot-image.md
\ No newline at end of file
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
deleted file mode 100644
index 674bd00551..0000000000
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: Windows Autopilot EULA dismissal – important information
-description: A notice about EULA dismissal through Windows Autopilot
-ms.prod: windows-client
-ms.localizationpriority: medium
-ms.date: 11/23/2022
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ROBOTS: NOINDEX
-ms.topic: article
-ms.technology: itpro-deploy
----
-# Windows Autopilot EULA dismissal – important information
-
-> [!IMPORTANT]
-> The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience).
-
-Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.
-
-By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This consent includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you didn't suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you haven't validly acquired a license for the software from Microsoft or its licensed distributors.
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f3f16802b4..8afd2c00f8 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,14 +1,14 @@
---
title: Configure a PXE server to load Windows PE (Windows 10)
description: This article describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Configure a PXE server to load Windows PE
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 3b52b209f3..fc07e5a9ba 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -1,14 +1,14 @@
---
title: Customize Windows PE boot images
description: This article describes how to customize a Windows PE (WinPE) boot image including updating with the latest cumulative update, adding drivers, and adding optional components.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.date: 09/05/2023
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 8ad4658ea1..8208704491 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -4,8 +4,8 @@ description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise lice
author: frankroj
ms.author: frankroj
manager: aaroncz
-ms.prod: windows-client
-ms.technology: itpro-fundamentals
+ms.service: windows-client
+ms.subservice: itpro-fundamentals
ms.localizationpriority: medium
ms.topic: how-to
ms.collection:
@@ -14,7 +14,7 @@ ms.collection:
appliesto:
- ✅ Windows 10
- ✅ Windows 11
-ms.date: 11/23/2022
+ms.date: 11/14/2023
---
# Deploy Windows Enterprise licenses
@@ -306,6 +306,6 @@ If a device isn't able to connect to Windows Update, it can lose activation stat
## Virtual Desktop Access (VDA)
-Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Azure or in another [qualified multitenant hoster](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
+Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Azure or in another qualified multitenant hoster.
Virtual machines (VMs) must be configured to enable Windows Enterprise subscriptions for VDA. Active Directory-joined and Microsoft Entra joined clients are supported. For more information, see [Enable VDA for Enterprise subscription activation](vda-subscription-activation.md).
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index b8025d4dc9..08eca15252 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -3,12 +3,12 @@ title: Deploy Windows 10 with Microsoft 365
manager: aaroncz
ms.author: frankroj
description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
ms.date: 11/23/2022
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Deploy Windows 10 with Microsoft 365
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
deleted file mode 100644
index f878a7d748..0000000000
--- a/windows/deployment/deploy-whats-new.md
+++ /dev/null
@@ -1,224 +0,0 @@
----
-title: What's new in Windows client deployment
-description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-deploy
-author: frankroj
-manager: aaroncz
-ms.author: frankroj
-ms.topic: conceptual
-ms.collection:
- - highpri
- - tier2
-ms.date: 11/23/2022
----
-
-# What's new in Windows client deployment
-
-*Applies to:*
-
-- Windows 10
-- Windows 11
-
-This article provides an overview of new solutions and online content related to deploying Windows client in your organization.
-
-- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](/windows/whats-new/index).
-
-## [Preview] Windows Autopilot diagnostics page
-
-When you deploy Windows 11 with Autopilot, you can enable users to view additional information about the Autopilot provisioning process. A new **Windows Autopilot diagnostics Page** is available to provide IT admins and end users with a user-friendly view to troubleshoot Autopilot failures. For more information, see [Windows Autopilot: What's new](/mem/autopilot/windows-autopilot-whats-new#preview-windows-autopilot-diagnostics-page).
-
-## Windows 11
-
-Check out the following new articles about Windows 11:
-
-- [Overview of Windows 11](/windows/whats-new/windows-11)
-- [Plan for Windows 11](/windows/whats-new/windows-11-plan)
-- [Prepare for Windows 11](/windows/whats-new/windows-11-prepare)
-
-The [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is available.
-
-## Deployment tools
-
-[SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later, and Windows 11.
-New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
-VPN support is added to [Windows Autopilot](#windows-autopilot)
-An in-place upgrade wizard is available in [Configuration Manager](#microsoft-configuration-manager).
-The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with more content added and more content coming soon.
-
-## The Modern Desktop Deployment Center
-
-The [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Microsoft 365 Apps for enterprise.
-
-## Microsoft 365
-
-Microsoft 365 is a new offering from Microsoft that combines
-
-- Windows 10
-- Office 365
-- Enterprise Mobility and Security (EMS).
-
-See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [Microsoft 365 Enterprise poster](deploy-m365.md#microsoft-365-enterprise-poster).
-
-## Windows 10 servicing and support
-
-### Delivery Optimization
-
-Windows PowerShell cmdlets for Delivery Optimization have been improved:
-
-- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
-- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
-- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
-
-Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
-
-- Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
-- Automatic cloud-based congestion detection is available for PCs with cloud service support.
-- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content.
-
-The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
-
-- Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth)
- - Reason: Replaced with separate policies for foreground and background
-- Max Upload Bandwidth (DOMaxUploadBandwidth)
- - Reason: impacts uploads to internet peers only, which isn't used in enterprises.
-- Absolute max throttle (DOMaxDownloadBandwidth)
- - Reason: separated to foreground and background
-
-### Windows Update for Business
-
-[Windows Update for Business](./update/waas-manage-updates-wufb.md) enhancements in this release include:
-
-- Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
-- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we've created a new policy that enables admins to opt devices out of the built-in safeguard holds.
-
-- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
-- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
-- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
-- **Pause updates**: We've extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you'll need to update your device before pausing again.
-- **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
-- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
-- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
-
-Microsoft previously announced that we're [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. These editions include all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there's no change for these editions). These support policies are summarized in the table below.
-
-
-
-## Windows 10 Enterprise upgrade
-
-Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md).
-
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. With Windows 10 Enterprise E3 in CSP, small and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
-
-For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md)
-
-## Deployment solutions and tools
-
-### Windows Autopilot
-
-[Windows Autopilot](/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose, and recover devices.
-
-With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
-
-If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, these language settings were only supported with self-deploying profiles.
-
-The following Windows Autopilot features are available in Windows 10, version 1903 and later:
-
-- [Windows Autopilot for white glove deployment](/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they're fully configured and business ready for your users.
-- The Intune [enrollment status page](/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
-- [Cortana voiceover](/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
-- Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
-
-### Microsoft Configuration Manager
-
-An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
-
-### Windows 10 Subscription Activation
-
-Windows 10 Education support has been added to Windows 10 Subscription Activation.
-
-With Windows 10, version 1903, you can step up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions - Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
-
-### SetupDiag
-
-[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When log files are being searched, SetupDiag uses a set of rules to match known issues.
-
-In Windows 10, version 2004, SetupDiag is now automatically installed.
-
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there's an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
-
-### Upgrade Readiness
-
-The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017.
-
-Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details.
-
-The development of Upgrade Readiness has been heavily influenced by input from the community; the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
-
-For more information about Upgrade Readiness, see the following articles:
-
-- [Windows Analytics blog](https://aka.ms/blog/WindowsAnalytics/)
-- [Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview)
-
-### Update Compliance
-
-Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date.
-
-Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues.
-
-For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md).
-
-### Device Health
-
-Device Health is the newest Windows Analytics solution that complements the existing Upgrade Readiness and Update Compliance solutions by helping to identify devices crashes and the cause. Device drivers that are causing crashes are identified along with alternative drivers that might reduce the number of crashes. Windows Information Protection misconfigurations are also identified. For more information, see [Monitor the health of devices with Device Health](/mem/configmgr/desktop-analytics/overview)
-
-### MBR2GPT
-
-MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT.
-
-There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface. Security features of Windows 10 that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
-
-For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
-
-### Microsoft Deployment Toolkit (MDT)
-
-MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There's currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation.
-
-For the latest information about MDT, see the [MDT release notes](/mem/configmgr/mdt/release-notes).
-
-### Windows Assessment and Deployment Kit (ADK)
-
-The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
-
-Download the Windows ADK and Windows PE add-on for Windows 11 [here](/windows-hardware/get-started/adk-install).
-
-For information about what's new in the ADK, see [What's new in the Windows ADK](/windows-hardware/get-started/what-s-new-in-kits-and-tools).
-
-Also see [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
-
-## Testing and validation guidance
-
-### Windows 10 deployment proof of concept (PoC)
-
-The Windows 10 PoC guide enables you to test Windows 10 deployment in a virtual environment and become familiar with deployment tools such as MDT and Configuration Manager. The PoC guide provides step-by-step instructions for installing and using Hyper-V to create a virtual lab environment. The guide makes extensive use of Windows PowerShell to streamline each phase of the installation and setup.
-
-For more information, see the following guides:
-
-- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
-- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
-
-## Troubleshooting guidance
-
-[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The article provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
-
-## Related articles
-
-[Overview of Windows as a service](update/waas-overview.md)
-[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
-[Windows 10 release information](/windows/windows-10/release-information)
-[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
-[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 94c3d4ad20..c5ed56316b 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Add a Windows 10 operating system image using Configuration Manager
description: Operating system images are typically the production image used for deployment throughout the organization.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 49a76b890d..40fdcea0df 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Add drivers to a Windows 10 deployment with Windows PE using Configuratio
description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 8c9f73f7e0..da7c70c515 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Create a custom Windows PE boot image with Configuration Manager (Windows
description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Configuration Manager.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 95074a8b3d..af5baf8233 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -3,11 +3,11 @@ title: Create a task sequence with Configuration Manager (Windows 10)
description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 8c8f05cc7c..7159edcbe3 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Create an app to deploy with Windows 10 using Configuration Manager
description: Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index e3a76f89f8..648a274ad0 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -3,11 +3,11 @@ title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
description: In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 603cdd71f6..4929876f5a 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Finalize operating system configuration for Windows 10 deployment
description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 2cbc8a589e..42526dd62d 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Prepare for Zero Touch Installation of Windows 10 with Configuration Mana
description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: how-to
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 2ea7c6d6a7..e31c4ebfb5 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manage
description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index f2a38e6125..48c9e2bcbb 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -3,11 +3,11 @@ title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manage
description: In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index 9de18e31aa..f74e065856 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -3,11 +3,11 @@ title: Perform in-place upgrade to Windows 10 via Configuration Manager
description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Configuration Manager task sequence.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/27/2022
---
diff --git a/windows/deployment/deploy-windows-mdt/TOC.yml b/windows/deployment/deploy-windows-mdt/TOC.yml
deleted file mode 100644
index 51493a1083..0000000000
--- a/windows/deployment/deploy-windows-mdt/TOC.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-- name: Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT)
- items:
- - name: Get started with MDT
- href: get-started-with-the-microsoft-deployment-toolkit.md
- - name: Deploy Windows 10 with MDT
- items:
- - name: Prepare for deployment with MDT
- href: prepare-for-windows-deployment-with-mdt.md
- - name: Create a Windows 10 reference image
- href: create-a-windows-10-reference-image.md
- - name: Deploy a Windows 10 image using MDT
- href: deploy-a-windows-10-image-using-mdt.md
- - name: Build a distributed environment for Windows 10 deployment
- href: build-a-distributed-environment-for-windows-10-deployment.md
- - name: Refresh a Windows 7 computer with Windows 10
- href: refresh-a-windows-7-computer-with-windows-10.md
- - name: Replace a Windows 7 computer with a Windows 10 computer
- href: replace-a-windows-7-computer-with-a-windows-10-computer.md
- - name: Perform an in-place upgrade to Windows 10 with MDT
- href: upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
- - name: Customize MDT
- items:
- - name: Configure MDT settings
- href: configure-mdt-settings.md
- - name: Set up MDT for BitLocker
- href: set-up-mdt-for-bitlocker.md
- - name: Configure MDT deployment share rules
- href: configure-mdt-deployment-share-rules.md
- - name: Configure MDT for UserExit scripts
- href: configure-mdt-for-userexit-scripts.md
- - name: Simulate a Windows 10 deployment in a test environment
- href: simulate-a-windows-10-deployment-in-a-test-environment.md
- - name: Use the MDT database to stage Windows 10 deployment information
- href: use-the-mdt-database-to-stage-windows-10-deployment-information.md
- - name: Assign applications using roles in MDT
- href: assign-applications-using-roles-in-mdt.md
- - name: Use web services in MDT
- href: use-web-services-in-mdt.md
- - name: Use Orchestrator runbooks with MDT
- href: use-orchestrator-runbooks-with-mdt.md
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
deleted file mode 100644
index 1f8a403732..0000000000
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ /dev/null
@@ -1,136 +0,0 @@
----
-title: Assign applications using roles in MDT (Windows 10)
-description: This article will show you how to add applications to a role in the MDT database and then assign that role to a computer.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Assign applications using roles in MDT
-
-This article will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this article, the application we're adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
-
-## Create and assign a role entry in the database
-
-1. On MDT01, using Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration** and then expand **Database**.
-
-2. In the **Database** node, right-click **Role**, select **New**, and create a role entry with the following settings:
-
- 1. Role name: Standard PC
- 2. Applications / Lite Touch Applications:
- 3. Install - Adobe Reader XI - x86
-
-
-
-Figure 12. The Standard PC role with the application added
-
-## Associate the role with a computer in the database
-
-After creating the role, you can associate it with one or more computer entries.
-
-1. Using Deployment Workbench, expand **MDT Production**, expand **Advanced Configuration**, expand **Database**, and select **Computers**.
-
-2. In the **Computers** node, double-click the **PC00075** entry, and add the following setting:
- - Roles: Standard PC
-
-
-
-Figure 13. The Standard PC role added to PC00075 (having ID 1 in the database).
-
-## Verify database access in the MDT simulation environment
-
-When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications aren't installed, but you can see which applications would be installed if you did a full deployment of the computer.
-
-1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
-
-2. Modify the C:\\MDT\\CustomSettings.ini file to look like below:
-
- ```ini
- [Settings]
- Priority=CSettings, CRoles, RApplications, Default
- [Default]
- _SMSTSORGNAME=Contoso
- OSInstall=Y
- UserDataLocation=AUTO
- TimeZoneName=Pacific Standard Time
- AdminPassword=P@ssw0rd
- JoinDomain=contoso.com
- DomainAdmin=CONTOSO\MDT_JD
- DomainAdminPassword=P@ssw0rd
- MachineObjectOU=OU=Workstations,OU=Computers,OU=Contoso,DC=contoso,DC=com
- SLShare=\\MDT01\Logs$
- ScanStateArgs=/ue:*\* /ui:CONTOSO\*
- USMTMigFiles001=MigApp.xml
- USMTMigFiles002=MigUser.xml
- HideShell=YES
- ApplyGPOPack=NO
- SkipAppsOnUpgrade=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=NO
- SkipDomainMembership=YES
- SkipUserData=NO
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=NO
- SkipBitLocker=YES
- SkipSummary=YES
- SkipCapture=YES
- SkipFinalSummary=NO
- EventService=http://MDT01:9800
- [CSettings]
- SQLServer=MDT01
- Instance=SQLEXPRESS
- Database=MDT
- Netlib=DBNMPNTW
- SQLShare=Logs$
- Table=ComputerSettings
- Parameters=UUID, AssetTag, SerialNumber, MacAddress
- ParameterCondition=OR
- [CRoles]
- SQLServer=MDT01
- Instance=SQLEXPRESS
- Database=MDT
- Netlib=DBNMPNTW
- SQLShare=Logs$
- Table=ComputerRoles
- Parameters=UUID, AssetTag, SerialNumber, MacAddress
- ParameterCondition=OR
- [RApplications]
- SQLServer=MDT01
- Instance=SQLEXPRESS
- Database=MDT
- Netlib=DBNMPNTW
- SQLShare=Logs$
- Table=RoleApplications
- Parameters=Role
- Order=Sequence
- ```
-
-3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-
- ```powershell
- Set-Location C:\MDT
- .\Gather.ps1
-
- ```
-
-
-
-Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe Reader XI application that would have been installed if you deployed this machine.
-
-## Related articles
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
deleted file mode 100644
index dbfe7666fd..0000000000
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ /dev/null
@@ -1,304 +0,0 @@
----
-title: Build a distributed environment for Windows 10 deployment (Windows 10)
-description: In this article, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Build a distributed environment for Windows 10 deployment
-
-**Applies to:**
-
-- Windows 10
-
-Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
-
-Four computers are used in this article: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation.
-
-For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-
-
-
-Computers used in this article.
-
-> [!NOTE]
-> HV01 is also used in this topic to host the PC0006 virtual machine.
-
-## Replicate deployment shares
-
-Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content.
-
-> [!NOTE]
-> Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target.
-
-### Linked deployment shares in MDT
-
-LDS is a built-in feature in MDT for replicating content. However, LDS works best with strong connections such as LAN connections with low latency. For most WAN links, DFS-R is the better option.
-
-### Why DFS-R is a better option
-
-DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your main deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
-
-## Set up Distributed File System Replication (DFS-R) for replication
-
-Setting up DFS-R for replication is a quick and straightforward process: Prepare the deployment servers, create a replication group, then configure some replication settings.
-
-### Prepare MDT01 for replication
-
-On **MDT01**:
-
-1. Install the DFS Replication role on MDT01 by entering the following at an elevated Windows PowerShell prompt:
-
- ```powershell
- Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
- ```
-
-2. Wait for installation to complete, and then verify that the installation was successful. See the following output:
-
-```output
-PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
-
-Success Restart Needed Exit Code Feature Result
-------- -------------- --------- --------------
-True No Success {DFS Replication, DFS Management Tools, Fi...
-```
-
-### Prepare MDT02 for replication
-
-On **MDT02**:
-
-1. Perform the same procedure on MDT02 by entering the following at an elevated Windows PowerShell prompt:
-
- ```powershell
- Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
- ```
-
-2. Wait for installation to complete, and then verify that the installation was successful. See the following output:
-
-```output
-PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
-
-Success Restart Needed Exit Code Feature Result
-------- -------------- --------- --------------
-True No Success {DFS Replication, DFS Management Tools, Fi...
-```
-
-### Create the MDTProduction folder on MDT02
-
-On **MDT02**:
-
-1. Create and share the **D:\\MDTProduction** folder using default permissions by entering the following at an elevated command prompt:
-
- ```powershell
- mkdir d:\MDTProduction
- New-SmbShare -Name "MDTProduction$" -Path "D:\MDTProduction"
- ```
-
-2. You should see the following output:
-
- ```output
- C:\> New-SmbShare -Name "MDTProduction$" -Path "D:\MDTProduction"
-
- Name ScopeName Path Description
- ---- --------- ---- -----------
- MDTProduction$ * D:\MDTProduction
- ```
-
-### Configure the deployment share
-
-When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT that can be done by using the **DefaultGateway** property.
-
-On **MDT01**:
-
-1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the `Boostrap.ini` file as follows. Under `[DefaultGateway]` enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (that is, server) to use.
-
- ```ini
- [Settings]
- Priority=DefaultGateway, Default
-
- [DefaultGateway]
- 10.10.10.1=NewYork
- 10.10.20.1=Stockholm
-
- [NewYork]
- DeployRoot=\\MDT01\MDTProduction$
-
- [Stockholm]
- DeployRoot=\\MDT02\MDTProduction$
-
- [Default]
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-
- > [!NOTE]
- > The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
-
-2. Save the `Bootstrap.ini` file.
-
-3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. Use the default settings for the Update Deployment Share Wizard. This process will take a few minutes.
-
-4. After the update is complete, use the Windows Deployment Services console on MDT01. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**.
-
-5. Browse and select the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings.
-
- 
-
- Replacing the updated boot image in WDS.
-
- > [!TIP]
- > If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
-
-## Replicate the content
-
-Once the MDT01 and MDT02 servers are prepared, you're ready to configure the actual replication.
-
-### Create the replication group
-
-1. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and select **New Replication Group**.
-
-2. On the **Replication Group Type** page, select **Multipurpose replication group**, and select **Next**.
-
-3. On the **Name and Domain** page, assign the **MDTProduction** name, and select **Next**.
-
-4. On the **Replication Group Members** page, select **Add**, add **MDT01** and **MDT02**, and then select **Next**.
-
- 
-
- Adding the Replication Group Members.
-
-5. On the **Topology Selection** page, select the **Full mesh** option and select **Next**.
-
-6. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and select **Next**.
-
-7. On the **Primary Member** page, select **MDT01** and select **Next**.
-
-8. On the **Folders to Replicate** page, select **Add**, enter **D:\\MDTProduction** as the folder to replicate, select **OK**, and then select **Next**.
-
-9. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and select **Edit**.
-
-10. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, select **OK**, and then select **Next**.
-
-11. On the **Review Settings and Create Replication Group** page, select **Create**.
-
-12. On the **Confirmation** page, select **Close**.
-
-### Configure replicated folders
-
-1. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
-
-2. In the middle pane, right-click the **MDT01** member and select **Properties**.
-
-3. On the **MDT01 (MDTProduction) Properties** page, configure the following and then select **OK**:
-
- 1. In the **Staging** tab, set the quota to **20480 MB**.
-
- 2. In the **Advanced** tab, set the quota to **8192 MB**.
-
- In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Below is a Windows PowerShell example that calculates the size of the 16 largest files in the D:\\MDTProduction deployment share:
-
- ```powershell
- (Get-ChildItem D:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
- ```
-
-4. In the middle pane, right-click the **MDT02** member and select **Properties**.
-
-5. On the **MDT02 (MDTProduction) Properties** page, configure the following and then select **OK**:
- 1. In the **Staging** tab, set the quota to **20480 MB**.
-
- 2. In the **Advanced** tab, set the quota to **8192 MB**.
-
- > [!NOTE]
- > It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly.
-
-6. Verify that MDT01 and MDT02 are members of the MDTProduction replication group, with MDT01 being primary as follows using an elevated command prompt:
-
- ```cmd
- C:\> dfsradmin membership list /rgname:MDTProduction /attr:MemName,IsPrimary
- MemName IsPrimary
- MDT01 Yes
- MDT02 No
- ```
-
-### Verify replication
-
-On **MDT02**:
-
-1. Wait until you start to see content appear in the **D:\\MDTProduction** folder.
-
-2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
-
-3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and select **Next**.
-
-4. On the **Path and Name** page, accept the default settings and select **Next**.
-
-5. On the **Members to Include** page, accept the default settings and select **Next**.
-
-6. On the **Options** page, accept the default settings and select **Next**.
-
-7. On the **Review Settings and Create Report** page, select **Create**.
-
-8. Open the report in Internet Explorer, and if necessary, select the **Allow blocked content** option.
-
- 
- The DFS Replication Health Report.
-
- > [!NOTE]
- > If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
-
-## Configure Windows Deployment Services (WDS) in a remote site
-
-Like you did in the previous article for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
-
-1. On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
-
-2. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
-
-## Deploy a Windows 10 client to the remote site
-
-Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure.
-
-> [!NOTE]
-> For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the `Boostrap.ini` file.
-
-1. Create a virtual machine with the following settings:
-
- 1. **Name**: PC0006
- 2. **Location**: C:\\VMs
- 3. **Generation**: 2
- 4. **Memory**: 2048 MB
- 5. **Hard disk**: 60 GB (dynamic disk)
- 6. Install an operating system from a network-based installation server
-
-2. Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
-
-3. After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
-
- 1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
- 2. Computer Name: PC0006
- 3. Applications: Select the Install - Adobe Reader
-
-4. Setup will now start and perform the following steps:
-
- 1. Install the Windows 10 Enterprise operating system.
- 2. Install applications.
- 3. Update the operating system using your local Windows Server Update Services (WSUS) server.
-
-
-
-## Related articles
-
-- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-- [Configure MDT settings](configure-mdt-settings.md)
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
deleted file mode 100644
index 36f7e1544c..0000000000
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: Configure MDT deployment share rules (Windows 10)
-description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Configure MDT deployment share rules
-
-In this article, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
-
-## Assign settings
-
-When using MDT, you can assign setting in three distinct ways:
-
-- You can pre-stage the information before deployment.
-- You can prompt the user or technician for information.
-- You can have MDT generate the settings automatically.
-
-In order to illustrate these three options, let's look at some sample configurations.
-
-## Sample configurations
-
-Before adding the more advanced components like scripts, databases, and web services, consider the commonly used configurations below; they demonstrate the power of the rules engine.
-
-### Set computer name by MAC Address
-
-If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. When you have many machines, it makes sense to use the database instead.
-
-```ini
-[Settings]
-Priority=MacAddress, Default
-[Default]
-OSInstall=YES
-[00:15:5D:85:6B:00]
-OSDComputerName=PC00075
-```
-
-In the preceding sample, you set the PC00075 computer name for a machine with a MAC Address of 00:15:5D:85:6B:00.
-
-### Set computer name by serial number
-
-Another way to assign a computer name is to identify the machine via its serial number.
-
-```ini
-[Settings]
-Priority=SerialNumber, Default
-[Default]
-OSInstall=YES
-[CND0370RJ7]
-OSDComputerName=PC00075
-```
-
-In this sample, you set the PC00075 computer name for a machine with a serial number of CND0370RJ7.
-
-### Generate a computer name based on a serial number
-
-You also can configure the rules engine to use a known property, like a serial number, to generate a computer name on the fly.
-
-```ini
-[Settings]
-Priority=Default
-[Default]
-OSInstall=YES
-OSDComputerName=PC-%SerialNumber%
-```
-
-In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7.
-
-> [!NOTE]
-> Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
-
-### Generate a limited computer name based on a serial number
-
-To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
-
-```ini
-[Settings]
-Priority=Default
-[Default]
-OSInstall=YES
-OSDComputerName=PC-#Left("%SerialNumber%",12)#
-```
-
-In the preceding sample, you still configure the rules to set the computer name to a prefix (PC-) followed by the serial number. However, by adding the Left VBScript function, you configure the rule to use only the first 12 serial-number characters for the name.
-
-### Add laptops to a different organizational unit (OU) in Active Directory
-
-In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you're deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType isn't a reserved word; rather, it's the name of the section to read.
-
-```ini
-[Settings]
-Priority=ByLaptopType, Default
-[Default]
-MachineObjectOU=OU=Workstations,OU=Contoso,DC=contoso,DC=com
-[ByLaptopType]
-Subsection=Laptop-%IsLaptop%
-[Laptop-True]
-MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com
-```
-
-## Related articles
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
deleted file mode 100644
index 443854bdd5..0000000000
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Configure MDT for UserExit scripts (Windows 10)
-description: In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Configure MDT for UserExit scripts
-
-In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
-
-## Configure the rules to call a UserExit script
-
-You can call a UserExit by referencing the script in your rules. Then you can configure a property to be set to the result of a function of the VBScript. In this example, we have a VBScript named Setname.vbs (provided in the book sample files, in the UserExit folder).
-
-```ini
-[Settings]
-Priority=Default
-[Default]
-OSINSTALL=YES
-UserExit=Setname.vbs
-OSDComputerName=#SetName("%MACADDRESS%")#
-```
-
-The UserExit=Setname.vbs calls the script and then assigns the computer name to what the SetName function in the script returns. In this sample, the %MACADDRESS% variable is passed to the script
-
-## The Setname.vbs UserExit script
-
-The Setname.vbs script takes the MAC Address passed from the rules. The script then does some string manipulation to add a prefix (PC) and remove the semicolons from the MAC Address.
-
-```vb
-Function UserExit(sType, sWhen, sDetail, bSkip)
- UserExit = Success
-End Function
-Function SetName(sMac)
- Dim re
- Set re = new RegExp
- re.IgnoreCase = true
- re.Global = true
- re.Pattern = ":"
- SetName = "PC" & re.Replace(sMac, "")
-End Function
-```
-
-The first three lines of the script make up a header that all UserExit scripts have. The interesting part is the lines between Function and End Function. Those lines add a prefix (PC), remove the colons from the MAC Address, and return the value to the rules by setting the SetName value.
-
-> [!NOTE]
-> The purpose of this sample isn't to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
-
-## Related articles
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
deleted file mode 100644
index 167059f1e7..0000000000
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Configure MDT settings (Windows 10)
-description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Configure MDT settings
-
-One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this article, you learn about configuring customizations for your environment.
-For the purposes of this article, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
-
-
-
-The computers used in this article.
-
-## In this section
-
-- [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
-- [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-- [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)
-- [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-- [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-- [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
-- [Use web services in MDT](use-web-services-in-mdt.md)
-- [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
-
-## Related articles
-
-- [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
-- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
-- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
-- [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
-- [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
-- [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
deleted file mode 100644
index 7100f080ec..0000000000
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ /dev/null
@@ -1,775 +0,0 @@
----
-title: Create a Windows 10 reference image (Windows 10)
-description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/28/2022
----
-
-# Create a Windows 10 reference image
-
-**Applies to:**
-
-- Windows 10
-
-Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this article, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this article, you 'll have a Windows 10 reference image that can be used in your deployment solution.
-
-> [!NOTE]
-> For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-
-For the purposes of this article, we'll use three computers: DC01, MDT01, and HV01.
-
-- DC01 is a domain controller for the contoso.com domain.
-- MDT01 is a contoso.com domain member server.
-- HV01 is a Hyper-V server that will be used to build the reference image.
-
- 
- Computers used in this article.
-
-## The reference image
-
-The reference image described in this guide is designed primarily for deployment to physical devices. However, the reference image is typically created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are:
-
-- To reduce development time and can use snapshots to test different configurations quickly.
-- To rule out hardware issues. You get the best possible image, and if you've a problem, it's not likely to be hardware related.
-- To ensure that you won't have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
-- The image is easy to move between lab, test, and production.
-
-## Set up the MDT build lab deployment share
-
-With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
-
-### Create the MDT build lab deployment share
-
-On **MDT01**:
-
-1. Sign in as **contoso\\administrator** using a password of **pass@word1** (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) article).
-
-2. Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
-
-3. Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
-
-4. Use the following settings for the New Deployment Share Wizard:
-
- - Deployment share path: **D:\\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT Build Lab**
-
-5. Accept the default selections on the Options page and select **Next**.
-
-6. Review the Summary page, select **Next**, wait for the deployment share to be created, then select **Finish**.
-
-7. Verify that you can access the **\\\\MDT01\\MDTBuildLab$** share.
-
- 
- The Deployment Workbench with the MDT Build Lab deployment share.
-
-### Enable monitoring
-
-To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, select **Properties**, select the **Monitoring** tab, and select **Enable monitoring for this deployment share**. This step is optional.
-
-### Configure permissions for the deployment share
-
-In order to read files in the deployment share and write the reference image back to it, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTBuildLab** folder
-
-On **MDT01**:
-
-1. Ensure you're signed in as **contoso\\administrator**.
-
-2. Modify the NTFS permissions for the **D:\\MDTBuildLab** folder by running the following command in an elevated Windows PowerShell prompt:
-
- ```powershell
- icacls "D:\MDTBuildLab" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)'
- grant-smbshareaccess -Name MDTBuildLab$ -AccountName "Contoso\MDT_BA" -AccessRight Full -force
- ```
-
-## Add setup files
-
-This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
-
-### Add the Windows 10 installation files
-
-MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
-
-> [!NOTE]
-> Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
-
-### Add Windows 10 Enterprise x64 (full source)
-
-On **MDT01**:
-
-1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
-
- 
-
-2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Build Lab**.
-
-3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
-
-4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
-
- - Full set of source files
- - Source directory: (location of your source files)
- - Destination directory name: **W10EX64RTM**
-
-5. After adding the operating system, in the **Operating Systems** > **Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**. See the following example.
-
- 
-
-> [!NOTE]
-> Depending on the DVD you used, there might be multiple editions available. For the purposes of this guide, we are using the Windows 10 Enterprise image, but other images will also work.
-
-## Add applications
-
-Before you create an MDT task sequence, you need to add applications and scripts you wish to install to the MDT Build Lab share.
-
-On **MDT01**:
-
-First, create an MDT folder to store the Microsoft applications that will be installed:
-
-1. In the MDT Deployment Workbench, expand **Deployment Shares \\ MDT Build Lab \\ Applications**
-
-2. Right-click **Applications** and then select **New Folder**.
-
-3. Under **Folder name**, type **Microsoft**.
-
-4. Select **Next** twice, and then select **Finish**.
-
-The steps in this section use a strict naming standard for your MDT applications.
-
-- Use the **Install -** prefix for typical application installations that run a setup installer of some kind.
-- Use the **Configure -** prefix when an application configures a setting in the operating system.
-- You also add an **- x86**, **- x64**, or **- x86-x64** suffix to indicate the application's architecture (some applications have installers for both architectures).
-
-Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency.
-
-By storing configuration items as MDT applications, it's easy to move these objects between various solutions, or between test and production environments.
-
-In example sections, you 'll add the following applications:
-
-- Install - Microsoft Office 365 Pro Plus - x64
-- Install - Microsoft Visual C++ Redistributable 2019 - x86
-- Install - Microsoft Visual C++ Redistributable 2019 - x64
-
->The 64-bit version of Microsoft Office 365 Pro Plus is recommended unless you need legacy app support. For more information, see [Choose between the 64-bit or 32-bit version of Office](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261)
-
-Download links:
-
-- [Office Deployment Tool](https://www.microsoft.com/download/details.aspx?id=49117)
-- [Microsoft Visual C++ Redistributable 2019 - x86](https://aka.ms/vs/16/release/VC_redist.x86.exe)
-- [Microsoft Visual C++ Redistributable 2019 - x64](https://aka.ms/vs/16/release/VC_redist.x64.exe)
-
-Download all three items in this list to the D:\\Downloads folder on MDT01.
-
-> [!NOTE]
-> For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder, and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
-
-> [!NOTE]
-> All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
-
-### Create configuration file: Microsoft Office 365 Professional Plus x64
-
-1. After downloading the most current version of the Office Deployment tool from the Microsoft Download Center using the link provided above, run the self-extracting executable file and extract the files to **D:\\Downloads\\Office365**. The Office Deployment Tool (setup.exe) and several sample configuration.xml files will be extracted.
-
-2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Microsoft 365 Apps for enterprise that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
-
- For example, you can use the following configuration.xml file, which provides these configuration settings:
- - Install the 64-bit version of Microsoft 365 Apps for enterprise in English directly from the Office Content Delivery Network (CDN) on the internet.
- > [!NOTE]
- > 64-bit is now the default and recommended edition.
- - Use the General Availability Channel and get updates directly from the Office CDN on the internet.
- - Perform a silent installation. You won't see anything that shows the progress of the installation and you won't see any error messages.
-
- ```xml
-
- Expand to show PowerShell commands to partition an MBR disk
-
- ```powershell
- # The following command will set $Disk to all USB drives with >20 GB of storage
-
- $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-
- #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
- #
- # To skip the confirmation prompt, append -confirm:$False
- Clear-Disk -InputObject $Disk[0] -RemoveData
-
- # This command initializes a new MBR disk
- Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
-
- # This command creates a 350 MB system partition
- $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
-
- # This formats the volume with a FAT32 Filesystem
- # To skip the confirmation dialog, append -Confirm:$False
- Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
- -Partition $SystemPartition
-
- # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
- $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
- Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
- -Partition $OSPartition
-
- # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
- Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
- Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-
- # This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
- Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
- ```
-
-
- Expand to show example san_policy.xml file
-
- ```xml
-
-
- Expand to show example san_policy.xml file
-
- ```xml
-
-
- Expand this section to show PowerShell commands to run
-
- ```powershell
- # The following command will set $Disk to all USB drives with >20 GB of storage
-
- $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-
- #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
- #
- # To skip the confirmation prompt, append -confirm:$False
- Clear-Disk -InputObject $Disk[0] -RemoveData
-
- # This command initializes a new MBR disk
- Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
-
- # This command creates a 350 MB system partition
- $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
-
- # This formats the volume with a FAT32 Filesystem
- # To skip the confirmation dialog, append -Confirm:$False
- Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
- -Partition $SystemPartition
-
- # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
- $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
- Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
- -Partition $OSPartition
-
- # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
- Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
- Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-
- # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
- Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
- ```
-
-
- Expand this section to show example unattend.xml file
-
- ```xml
-
-
- Expand this section to show PowerShell commands to run
-
- ```powershell
- # The following command will set $Disk to all USB drives with >20 GB of storage
-
- $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-
- #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
- #
- # To skip the confirmation prompt, append -confirm:$False
- Clear-Disk -InputObject $Disk[0] -RemoveData
-
- # This command initializes a new MBR disk
- Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
-
- # This command creates a 350 MB system partition
- $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
-
- # This formats the volume with a FAT32 Filesystem
- # To skip the confirmation dialog, append -Confirm:$False
- Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
- -Partition $SystemPartition
-
- # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
- $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
- Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
- -Partition $OSPartition
-
- # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
- Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
- Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-
- # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
- Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
- ```
-
-
-Expand this section to view Windows To Go multiple drive provisioning sample script
-
-```powershell
-<#
-.SYNOPSIS
-Windows To Go multiple drive provisioning sample script.
-
-.DESCRIPTION
-This sample script will provision one or more Windows To Go drives, configure offline domain join (using random machine names) and provides an option for BitLocker encryption. To provide a seamless first boot experience, an unattend file is created that will set the first run (OOBE) settings to defaults. To improve performance of the script, copy your install image to a local location on the computer used for provisioning the drives.
-
-.EXAMPLE
-.\WTG_MultiProvision.ps1 -InstallWIMPath c:\companyImages\amd64_enterprise.wim
-provision drives connected to your machine with the provided image.
-#>
-param (
- [parameter(Mandatory=$true)]
- [string]
-#Path to install wim. If you have the full path to the wim or want to use a local file.
- $InstallWIMPath,
-
- [string]
-#Domain to which to join the Windows To Go workspaces.
- $DomainName
-)
-
-
-<#
- In order to set BitLocker Group Policies for our offline WTG image we need to create a Registry.pol file
- in the System32\GroupPolicy folder. This file requires binary editing, which is not possible in PowerShell
- directly so we have some C# code that we can use to add a type in our PowerShell instance that will write
- the data for us.
-#>
-$Source = @"
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Text;
-
-namespace MS.PolicyFileEditor
-{
- //The PolicyEntry represents the DWORD Registry Key/Value/Data entry that will
- //be written into the file.
- public class PolicyEntry
- {
- private List
**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it can't be reused. In this case, a new ESP is created by shrinking the OS partition.|
+|**/allowFullOS**| By default, `MBR2GPT.exe` can only run from Windows PE and is blocked from running in full Windows. This option overrides this block and enables disk conversion while running in the full Windows environment.
**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it can't be reused. In this case, a new EFI system partition is created by shrinking the OS partition.|
## Examples
@@ -83,7 +82,7 @@ If any of these checks fails, the conversion won't proceed, and an error will be
In the following example, disk 0 is validated for conversion. Errors and warnings are logged to the default location of **`%windir%`**.
```cmd
-X:\>mbr2gpt.exe /validate /disk:0
+X:\> mbr2gpt.exe /validate /disk:0
MBR2GPT: Attempting to validate disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512
@@ -94,19 +93,24 @@ MBR2GPT: Validation completed successfully
In the following example:
-1. Using DiskPart, the current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0.
+1. The current disk partition layout is displayed prior to conversion using DiskPart - three partitions are present on the MBR disk (disk 0):
-2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](/windows/win32/fileio/disk-partition-types) is **07** corresponding to the installable file system (IFS) type.
+ - A system reserved partition.
+ - A Windows partition.
+ - A recovery partition.
+ - A DVD-ROM is also present as volume 0.
-3. The MBR2GPT tool is used to convert disk 0.
+1. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](/windows/win32/fileio/disk-partition-types) is **07** corresponding to the installable file system (IFS) type.
-4. The DiskPart tool displays that disk 0 is now using the GPT format.
+1. The MBR2GPT tool is used to convert disk 0.
-5. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3).
+1. The DiskPart tool displays that disk 0 is now using the GPT format.
-6. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](/windows/win32/api/winioctl/ns-winioctl-partition_information_gpt) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type.
+1. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3).
-As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly.
+1. The OS volume is selected again. The detail displays that the OS volume is converted to the [GPT partition type](/windows/win32/api/winioctl/ns-winioctl-partition_information_gpt) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type.
+
+As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition boots properly.
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
index 17ef12c6b3..e592664ec5 100644
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Applying Filters to Data in the SUA Tool (Windows 10)
description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Applying Filters to Data in the SUA Tool
diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
index 4e03a9e206..1d4df56098 100644
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Available Data Types and Operators in Compatibility Administrator (Window
description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Available Data Types and Operators in Compatibility Administrator
diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
deleted file mode 100644
index 07285db62e..0000000000
--- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Best practice recommendations for Windows To Go (Windows 10)
-description: Learn about best practice recommendations for using Windows To Go, like using a USB 3.0 port with Windows to Go if it's available.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Best practice recommendations for Windows To Go
-
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-The following are the best practice recommendations for using Windows To Go:
-
-- Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive.
-- Do not insert the Windows To Go drive into a running computer.
-- Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer.
-- If available, use a USB 3.0 port with Windows To Go.
-- Do not install non-Microsoft core USB drivers on Windows To Go.
-- Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection.
-
-Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain.
-
-## More information
-
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-
-
-
-
-
-
-
-
-
diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md
index 64ed4fae58..853283a0cc 100644
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ b/windows/deployment/planning/compatibility-administrator-users-guide.md
@@ -3,10 +3,10 @@ title: Compatibility Administrator User's Guide (Windows 10)
manager: aaroncz
ms.author: frankroj
description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows.
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
index 49fca85218..dd2905355f 100644
--- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
+++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
@@ -3,11 +3,11 @@ title: Compatibility Fix Database Management Strategies and Deployment (Windows
manager: aaroncz
ms.author: frankroj
description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database.
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Compatibility Fix Database Management Strategies and Deployment
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index 79207612a8..e9bc0caf59 100644
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -3,11 +3,11 @@ title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista
description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
index 18f1b3e14e..c1946e6941 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Creating a Custom Compatibility Fix in Compatibility Administrator (Windo
description: The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
index 80892aa2d5..9e8137b12b 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Create a Custom Compatibility Mode (Windows 10)
description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Creating a Custom Compatibility Mode in Compatibility Administrator
diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
index 31f4cff7a1..a77208735d 100644
--- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Create AppHelp Message in Compatibility Administrator (Windows 10)
description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Creating an AppHelp Message in Compatibility Administrator
diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
deleted file mode 100644
index e4cce0cd24..0000000000
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ /dev/null
@@ -1,179 +0,0 @@
----
-title: Deployment considerations for Windows To Go (Windows 10)
-description: Learn about deployment considerations for Windows To Go, such as the boot experience, deployment methods, and tools that you can use with Windows To Go.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Deployment considerations for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs.
-
-> [!NOTE]
-> Windows To Go does not support operating system upgrades. Windows To Go is designed as a feature that is managed centrally. IT departments that plan to transition from one operating system version to a later version will need to incorporate re-imaging their existing Windows To Go drives as part of their upgrade deployment process.
-
-The following sections discuss the boot experience, deployment methods, and tools that you can use with Windows To Go.
-
-- [Initial boot experiences](#wtg-initboot)
-- [Image deployment and drive provisioning considerations](#wtg-imagedep)
-- [Application installation and domain join](#wtg-appinstall)
-- [Management of Windows To Go using Group Policy](#bkmk-wtggp)
-- [Supporting booting from USB](#wtg-bootusb)
-- [Updating firmware](#stg-firmware)
-- [Configure Windows To Go startup options](#wtg-startup)
-- [Change firmware settings](#wtg-changefirmware)
-
-## Initial boot experiences
-
-The following diagrams illustrate the two different methods you could use to provide Windows To Go drives to your users. The experiences differ depending on whether the user will be booting the device initially on-premises or off-premises:
-
-
-
-When a Windows To Go workspace is first used at the workplace, the Windows To Go workspace can be joined to the domain through the normal procedures that occur when a new computer is introduced. It obtains a lease, applicable policies are applied and set, and user account tokens are placed appropriately. BitLocker protection can be applied and the BitLocker recovery key automatically stored in Active Directory Domain Services. The user can access network resources to install software and get access to data sources. When the workspace is subsequently booted at a different location either on or off premises, the configuration required for it to connect back to the work network using either DirectAccess or a virtual private network connection can be configured. It isn't necessary to configure the workspace for offline domain join. DirectAccess can make connecting to organizational resources easier, but isn't required.
-
-
-
-When the Windows To Go workspace is going to be used first on an off-premises computer, such as one at the employee's home, then the IT professional preparing the Windows To Go drives should configure the drive to be able to connect to organizational resources and to maintain the security of the workspace. In this situation, the Windows To Go workspace needs to be configured for offline domain join and BitLocker needs to be enabled before the workspace has been initialized.
-
-> [!TIP]
-> Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn306081(v=ws.11)).
-
-DirectAccess can be used to ensure that the user can log in with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831520(v=ws.11)) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134200(v=ws.11)). If you don't want to use DirectAccess as an alternative user could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
-
-### Image deployment and drive provisioning considerations
-
-The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using Configuration Manager Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive.
-
-
-
-The simplest way to provision a Windows To Go drive is to use the Windows To Go Creator. After a single Windows To Go workspace has been created, it can be duplicated as many times as necessary using widely available USB duplicator products as long as the device hasn't been booted. After the Windows To Go drive is initialized, it shouldn't be duplicated. Alternatively, Windows To Go Workspace Creator can be run multiple times to create multiple Windows To Go drives.
-
-> [!TIP]
-> When you create your Windows To Go image use sysprep /generalize, just as you do when you deploy Windows 10 to a standard PC. In fact, if appropriate, use the same image for both deployments.
-
-**Driver considerations**
-
-Windows includes most of the drivers that you'll need to support a wide variety of host computers. However, you'll occasionally need to download drivers from Windows Update to take advantage of the full functionality of a device. If you're using Windows To Go on a set of known host computers, you can add any more drivers to the image used on Windows To Go to make Windows To Go drives more quickly usable by your employees. Especially ensure that network drivers are available so that the user can connect to Windows Update to get more drivers if necessary.
-
-Wi-Fi network adapter drivers are one of the most important drivers to make sure that you include in your standard image so that users can easily connect to the internet for any additional updates. IT administrators that are attempting to build Windows 10 images for use with Windows To Go should consider adding additional Wi-Fi drivers to their image to ensure that their users have the best chance of still having basic network connectivity when roaming between systems.
-
-The following list of commonly used Wi-Fi network adapters that aren't supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image.
-
-|Vendor name|Product description|HWID|Windows Update availability|
-|--- |--- |--- |--- |
-|Broadcom|802.11abgn Wireless SDIO adapter|sd\vid_02d0&pid_4330&fn_1|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_010e106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_433114e4&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Broadcom|802.11n Network Adapter|pci\ven_14e4&dev_4331&subsys_010f106b&rev_02|Contact the system OEM or Broadcom for driver availability.|
-|Marvell|Yukon 88E8001/8003/8010 PCI Gigabit Ethernet|pci\ven_11ab&dev_4320&subsys_811a1043|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)|
-|Marvell|Libertas 802.11b/g Wireless|pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)|
-|Qualcomm|Atheros AR6004 Wireless LAN Adapter|sd\vid_0271&pid_0401|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)
64-bit driver not available|
-|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_20031a56|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)
64-bit driver not available|
-|Qualcomm|Atheros AR5BWB222 Wireless Network Adapter|pci\ven_168c&dev_0034&subsys_020a1028&rev_01|Contact the system OEM or Qualcom for driver availability.|
-|Qualcomm|Atheros AR5005G Wireless Network Adapter|pci\ven_168c&dev_001a&subsys_04181468&rev_01|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
index a6299026c3..e37786a9a6 100644
--- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index a39866b132..7155581ea8 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Fixing Applications by Using the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Fixing Applications by Using the SUA Tool
diff --git a/windows/deployment/planning/images/wtg-first-boot-home.gif b/windows/deployment/planning/images/wtg-first-boot-home.gif
deleted file mode 100644
index 46cd605a2e..0000000000
Binary files a/windows/deployment/planning/images/wtg-first-boot-home.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-first-boot-work.gif b/windows/deployment/planning/images/wtg-first-boot-work.gif
deleted file mode 100644
index c1a9a9d31d..0000000000
Binary files a/windows/deployment/planning/images/wtg-first-boot-work.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-gpt-uefi.gif b/windows/deployment/planning/images/wtg-gpt-uefi.gif
deleted file mode 100644
index 2ff2079a3c..0000000000
Binary files a/windows/deployment/planning/images/wtg-gpt-uefi.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-image-deployment.gif b/windows/deployment/planning/images/wtg-image-deployment.gif
deleted file mode 100644
index d622911f3e..0000000000
Binary files a/windows/deployment/planning/images/wtg-image-deployment.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-mbr-bios.gif b/windows/deployment/planning/images/wtg-mbr-bios.gif
deleted file mode 100644
index b93796944a..0000000000
Binary files a/windows/deployment/planning/images/wtg-mbr-bios.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif b/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif
deleted file mode 100644
index f21592c310..0000000000
Binary files a/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-startup-options.gif b/windows/deployment/planning/images/wtg-startup-options.gif
deleted file mode 100644
index 302da78ea6..0000000000
Binary files a/windows/deployment/planning/images/wtg-startup-options.gif and /dev/null differ
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index 2cf46ee778..a50feb249b 100644
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Install/Uninstall Custom Databases (Windows 10)
description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 9c90b3ca24..69b7bd6cd3 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -3,11 +3,11 @@ title: Managing Application-Compatibility Fixes and Custom Fix Databases (Window
description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Managing Application-Compatibility Fixes and Custom Fix Databases
diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
deleted file mode 100644
index 5f5b94be3f..0000000000
--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: Prepare your organization for Windows To Go (Windows 10)
-description: Though Windows To Go is no longer being developed, you can find info here about the what, why, and when of deployment.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Prepare your organization for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the "what", "why", and "when" questions an IT professional might have when planning to deploy Windows To Go.
-
-## What is Windows To Go?
-
-Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. A Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
-
-Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are:
-
-- USB boot capable
-- Have USB boot enabled in the firmware
-- Meet Windows 7 minimum system requirements
-- Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM isn't a supported processor for Windows To Go.
-- Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace
-
-Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
-
-The following articles will familiarize you with how you can use a Windows To Go workspace. They also give you an overview of some of the things you should consider in your design.
-
-## Usage scenarios
-
-
-The following scenarios are examples of situations in which Windows To Go workspaces provide a solution for an IT implementer:
-
-- **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection, or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
-
-- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker. Then they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive. And run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
-
-- **Managed free seating.** The employee is issued a Windows To Go drive. This drive is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return, they use the same USB flash drive but use a different host computer.
-
-- **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work. This boot caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
-
-- **Travel lightly.** In this situation, you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
-
-> [!NOTE]
-> If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object isn't potentially deleted from Active Directory Domain Services (AD DS).
-
- ## Infrastructure considerations
-
-Because Windows To Go requires no other software and minimal configuration, the same tools used to deploy images to other PCs can be used by an enterprise to install Windows To Go on a large group of USB devices. Moreover, because Windows To Go is compatible with connectivity and synchronization solutions already in use—such as Remote Desktop, DirectAccess and Folder Redirection—no other infrastructure or management is necessary for this deployment. A Windows To Go image can be created on a USB drive that is identical to the hard drive inside a desktop. However, you may wish to consider making some modifications to your infrastructure to help make management of Windows To Go drives easier and to be able to identify them as a distinct device group.
-
-## Activation considerations
-
-Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
-
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This method is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
-
-You should investigate other software manufacturer's licensing requirements to ensure they're compatible with roaming usage before deploying them to a Windows To Go workspace.
-
-> [!NOTE]
-> Using Multiple Activation Key (MAK) activation isn't a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
-
- For more information about these activation methods and how they can be used in your organization, see [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)).
-
-## Organizational unit structure and use of Group Policy Objects
-
-You may find it beneficial to create other Active Directory organizational unit (OU) structures to support your Windows To Go deployment: one for host computer accounts and one for Windows To Go workspace computer accounts. Creating an organizational unit for host computers allows you to enable the Windows To Go Startup Options using Group Policy for only the computers that will be used as Windows To Go hosts. Setting this policy helps to prevent computers from being accidentally configured to automatically boot from USB devices and allows closer monitoring and control of those computers that can boot from a USB device. The organizational unit for Windows To Go workspaces allows you to apply specific policy controls to them, such as the ability to use the Store application, power state controls, and line-of-business application installation.
-
-If you're deploying Windows To Go workspaces for a scenario in which they're not going to be roaming, but are instead being used on the same host computer, such as with temporary or contract employees, you might wish to enable hibernation or the Windows Store.
-
-For more information about Group Policy settings that can be used with Windows To Go, see [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-## Computer account management
-
-If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule, or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
-
-## User account and data management
-
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with, and to keep it accessible when the workspace isn't being used. For this reason, we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
-
-Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
-
-## Remote connectivity
-
-If you want Windows To Go to be able to connect back to organizational resources when it's being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
-
-## Related articles
-
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
index 826f2dfc4c..aa27616363 100644
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Searching for Fixed Applications in Compatibility Administrator (Windows
description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Searching for Fixed Applications in Compatibility Administrator
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 4c0f2e2689..847fb0731b 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Searching for Installed Compatibility Fixes with the Query Tool in Compat
description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
deleted file mode 100644
index b376163521..0000000000
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Security and data protection considerations for Windows To Go (Windows 10)
-description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 12/31/2017
----
-
-# Security and data protection considerations for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
-
-## Backup and restore
-
-When you don't save data on the Windows To Go drive, you don't need for a backup and restore solution for Windows To Go. If you're saving data on the drive and aren't using folder redirection and offline files, you should back up all of your data to a network location such as cloud storage or a network share, after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement.
-
-If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
-
-## BitLocker
-
-We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) can't be used by BitLocker to protect the drive. Instead, you'll be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
-
-You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
-
-> [!Tip]
-> If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
-
-When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
-
-## Disk discovery and data leakage
-
-We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive won't appear in Windows Explorer and an Auto-Play prompt won't be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
-
-To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - "4" to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)).
-
-## Security certifications for Windows To Go
-
-Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider's specific hardware environment. For more information about Windows security certifications, see the following articles.
-
-- [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria)
-
-- [FIPS 140 Evaluation](/windows/security/threat-protection/fips-140-validation)
-
-## Related articles
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-
-
-
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index 25850695fc..cb8a3ebc82 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Showing Messages Generated by the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Showing Messages Generated by the SUA Tool
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index 4f53104c76..47b4ffba5c 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -3,11 +3,11 @@ title: SUA User's Guide (Windows 10)
description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# SUA User's Guide
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index a2dff7087c..c6af910322 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -3,11 +3,11 @@ title: Tabs on the SUA Tool Interface (Windows 10)
description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Tabs on the SUA Tool Interface
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
index b2ff9f8850..481d2ce883 100644
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md
@@ -3,11 +3,11 @@ title: Testing Your Application Mitigation Packages (Windows 10)
description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Testing Your Application Mitigation Packages
diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
index ee6976fca5..7327ff75b9 100644
--- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
+++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
@@ -3,10 +3,10 @@ title: Understanding and Using Compatibility Fixes (Windows 10)
description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index cb156708b7..d3c2f77b38 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -3,11 +3,11 @@ title: Using the Compatibility Administrator Tool (Windows 10)
description: This section provides information about using the Compatibility Administrator tool.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the Compatibility Administrator Tool
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index f6e1a6fbee..2ae090b3f3 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -3,11 +3,11 @@ title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the Sdbinst.exe Command-Line Tool
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
index 5b72bfbc4b..043d002305 100644
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ b/windows/deployment/planning/using-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Using the SUA Tool (Windows 10)
description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the SUA Tool
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
index ce121c5440..8f7ed9170b 100644
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ b/windows/deployment/planning/using-the-sua-wizard.md
@@ -3,11 +3,11 @@ title: Using the SUA wizard (Windows 10)
description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the SUA wizard
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
index 44cf622430..38b8b8cf10 100644
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
index e444794da2..83227970dd 100644
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ b/windows/deployment/planning/windows-10-compatibility.md
@@ -3,11 +3,11 @@ title: Windows 10 compatibility (Windows 10)
description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index b3911601ff..434b7da17f 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -3,11 +3,11 @@ title: Windows 10 deployment considerations (Windows 10)
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
index 853855b43b..3dee852942 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@@ -3,8 +3,8 @@ metadata:
title: Windows 10 Enterprise FAQ for IT pros (Windows 10)
description: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage updates, Windows as a service, servicing channels, deployment tools
- ms.prod: windows-client
- ms.technology: itpro-deploy
+ ms.service: windows-client
+ ms.subservice: itpro-deploy
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
index 7341f4b302..06a835b0ba 100644
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md
@@ -3,11 +3,11 @@ title: Windows 10 infrastructure requirements (Windows 10)
description: Review the infrastructure requirements for deployment and management of Windows 10, prior to significant Windows 10 deployments within your organization.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
deleted file mode 100644
index 4907345be4..0000000000
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
+++ /dev/null
@@ -1,455 +0,0 @@
-### YamlMime:FAQ
-metadata:
- title: Windows To Go frequently asked questions (Windows 10)
- description: Though Windows To Go is no longer being developed, these frequently asked questions (FAQ) can provide answers about the feature.
- ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e
- ms.reviewer:
- author: frankroj
- ms.author: frankroj
- manager: aaroncz
- keywords: FAQ, mobile, device, USB
- ms.prod: windows-client
- ms.technology: itpro-deploy
- ms.mktglfcycl: deploy
- ms.pagetype: mobility
- ms.sitesec: library
- audience: itpro
- ms.topic: faq
- ms.date: 10/28/2022
-title: 'Windows To Go: frequently asked questions'
-summary: |
- **Applies to**
-
- - Windows 10
-
- > [!IMPORTANT]
- > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
- The following list identifies some commonly asked questions about Windows To Go.
-
- - [What is Windows To Go?](#what-is-windows-to-go-)
-
- - [Does Windows To Go rely on virtualization?](#does-windows-to-go-rely-on-virtualization-)
-
- - [Who should use Windows To Go?](#who-should-use-windows-to-go-)
-
- - [How can Windows To Go be deployed in an organization?](#how-can-windows-to-go-be-deployed-in-an-organization-)
-
- - [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#is-windows-to-go-supported-on-both-usb-2-0-and-usb-3-0-drives-)
-
- - [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#is-windows-to-go-supported-on-usb-2-0-and-usb-3-0-ports-)
-
- - [How do I identify a USB 3.0 port?](#how-do-i-identify-a-usb-3-0-port-)
-
- - [Does Windows To Go run faster on a USB 3.0 port?](#does-windows-to-go-run-faster-on-a-usb-3-0-port-)
-
- - [Can the user self-provision Windows To Go?](#can-the-user-self-provision-windows-to-go-)
-
- - [How can Windows To Go be managed in an organization?](#how-can-windows-to-go-be-managed-in-an-organization-)
-
- - [How do I make my computer boot from USB?](#how-do-i-make-my-computer-boot-from-usb-)
-
- - [Why isn't my computer booting from USB?](#why-isn-t-my-computer-booting-from-usb-)
-
- - [What happens if I remove my Windows To Go drive while it's running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-s-running-)
-
- - [Can I use BitLocker to protect my Windows To Go drive?](#can-i-use-bitlocker-to-protect-my-windows-to-go-drive-)
-
- - [Why can't I enable BitLocker from Windows To Go Creator?](#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
-
- - [What power states do Windows To Go support?](#what-power-states-does-windows-to-go-support-)
-
- - [Why is hibernation disabled in Windows To Go?](#why-is-hibernation-disabled-in-windows-to-go-)
-
- - [Does Windows To Go support crash dump analysis?](#does-windows-to-go-support-crash-dump-analysis-)
-
- - [Do "Windows To Go Startup Options" work with dual boot computers?](#do--windows-to-go-startup-options--work-with-dual-boot-computers-)
-
- - [I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not?](#i-plugged-my-windows-to-go-drive-into-a-running-computer-and-i-can-t-see-the-partitions-on-the-drive--why-not-)
-
- - [I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not?](#i-m-booted-into-windows-to-go--but-i-can-t-browse-to-the-internal-hard-drive-of-the-host-computer--why-not-)
-
- - [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#why-does-my-windows-to-go-drive-have-an-mbr-disk-format-with-a-fat32-system-partition-)
-
- - [Is Windows To Go secure if I use it on an untrusted machine?](#is-windows-to-go-secure-if-i-use-it-on-an-untrusted-computer-)
-
- - [Does Windows To Go work with ARM processors?](#does-windows-to-go-work-with-arm-processors-)
-
- - [Can I synchronize data from Windows To Go with my other computer?](#can-i-synchronize-data-from-windows-to-go-with-my-other-computer-)
-
- - [What size USB Flash Drive do I need to make a Windows To Go drive?](#what-size-usb-flash-drive-do-i-need-to-make-a-windows-to-go-drive-)
-
- - [Do I need to activate Windows To Go every time I roam?](#do-i-need-to-activate-windows-to-go-every-time-i-roam-)
-
- - [Can I use all Windows features on Windows To Go?](#can-i-use-all-windows-features-on-windows-to-go-)
-
- - [Can I use all my applications on Windows To Go?](#can-i-use-all-my-applications-on-windows-to-go-)
-
- - [Does Windows To Go work slower than standard Windows?](#does-windows-to-go-work-slower-than-standard-windows-)
-
- - [If I lose my Windows To Go drive, will my data be safe?](#if-i-lose-my-windows-to-go-drive--will-my-data-be-safe-)
-
- - [Can I boot Windows To Go on a Mac?](#can-i-boot-windows-to-go-on-a-mac-)
-
- - [Are there any APIs that allow applications to identify a Windows To Go workspace?](#are-there-any-apis-that-allow-applications-to-identify-a-windows-to-go-workspace-)
-
- - [How is Windows To Go licensed?](#how-is-windows-to-go-licensed-)
-
- - [Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive?](#does-windows-recovery-environment-work-with-windows-to-go--what-s-the-guidance-for-recovering-a-windows-to-go-drive-)
-
- - [Why won't Windows To Go work on a computer running Windows XP or Windows Vista?](#why-won-t-windows-to-go-work-on-a-computer-running-windows-xp-or-windows-vista-)
-
- - [Why does the operating system on the host computer matter?](#why-does-the-operating-system-on-the-host-computer-matter-)
-
- - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-)
-
- - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-it-doesn-t-have-a-drive-letter-assigned-and-how-can-i-fix-it-)
-
- - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-)
-
- - [How do I upgrade the operating system on my Windows To Go drive?](#how-do-i-upgrade-the-operating-system-on-my-windows-to-go-drive-)
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What is Windows To Go?
- answer: |
- Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
-
- - question: |
- Does Windows To Go rely on virtualization?
- answer: |
- No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
-
- - question: |
- Who should use Windows To Go?
- answer: |
- Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home.
-
- - question: |
- How can Windows To Go be deployed in an organization?
- answer: |
- Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are:
-
- - A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware)
-
- - A Windows 10 Enterprise or Windows 10 Education image
-
- - A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
-
- You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you're creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
-
- - question: |
- Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?
- answer: |
- No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go.
-
- - question: |
- Is Windows To Go supported on USB 2.0 and USB 3.0 ports?
- answer: |
- Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
-
- - question: |
- How do I identify a USB 3.0 port?
- answer: |
- USB 3.0 ports are usually marked blue or carry an SS marking on the side.
-
- - question: |
- Does Windows To Go run faster on a USB 3.0 port?
- answer: |
- Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace.
-
- - question: |
- Can the user self-provision Windows To Go?
- answer: |
- Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases include support for user self-provisioning of Windows To Go drives.
-
- - question: |
- How can Windows To Go be managed in an organization?
- answer: |
- Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
-
- - question: |
- How do I make my computer boot from USB?
- answer: |
- For host computers running Windows 10
-
- - Using Cortana, search for **Windows To Go startup options**, and then press Enter.
- - In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
-
- For host computers running Windows 8 or Windows 8.1:
-
- Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter.
-
- In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB.
-
- > [!NOTE]
- > Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization.
-
-
-
- If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually.
-
- To do this, early during boot time (usually when you see the manufacturer's logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer's site to be sure if you don't know which key to use to enter firmware setup.)
-
- After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first.
-
- Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis.
-
- For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
-
- **Warning**
- Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
-
-
-
- - question: |
- Why isn't my computer booting from USB?
- answer: |
- Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
-
- 1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device.
-
- 2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don't support booting from a device connected to a USB 3 PCI add-on card or external USB hubs.
-
- 3. If the computer isn't booting from a USB 3.0 port, try to boot from a USB 2.0 port.
-
- If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support.
-
- - question: |
- What happens if I remove my Windows To Go drive while it's running?
- answer: |
- If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive isn't reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds.
-
- **Warning**
- You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive.
-
-
-
- - question: |
- Can I use BitLocker to protect my Windows To Go drive?
- answer: |
- Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
-
- - question: |
- Why can't I enable BitLocker from Windows To Go Creator?
- answer: |
- Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three subfolders for fixed, operating system and removable data drive types.
-
- When you're using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation:
-
- 1. **Control use of BitLocker on removable drives**
-
- If this setting is disabled BitLocker can't be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive.
-
- 2. **Configure use of smart cards on removable data drives**
-
- If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you haven't already signed on using your smart card credentials before starting the Windows To Go Creator wizard.
-
- 3. **Configure use of passwords for removable data drives**
-
- If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection isn't available, the Windows To Go Creator wizard will fail to enable BitLocker.
-
- Additionally, the Windows To Go Creator will disable the BitLocker option if the drive doesn't have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go.
-
- - question: |
- What power states does Windows To Go support?
- answer: |
- Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace.
-
- - question: |
- Why is hibernation disabled in Windows To Go?
- answer: |
- When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you're confident that you'll only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc).
-
- - question: |
- Does Windows To Go support crash dump analysis?
- answer: |
- Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
-
- - question: |
- Do "Windows To Go Startup Options" work with dual boot computers?
- answer: |
- Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
-
- If you have configured a dual boot computer with a Windows operating system and another operating system, it might work occasionally and fail occasionally. Using this configuration is unsupported.
-
- - question: |
- I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not?
- answer: |
- Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That's why you can't see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter.
-
- **Warning**
- It's strongly recommended that you don't plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised.
-
-
-
- - question: |
- I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not?
- answer: |
- Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you're booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive.
-
- **Warning**
- It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefore user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-
-
- - question: |
- Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?
- answer: |
- This is done to allow Windows To Go to boot from UEFI and legacy systems.
-
- - question: |
- Is Windows To Go secure if I use it on an untrusted computer?
- answer: |
- While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive.
-
- - question: |
- Does Windows To Go work with ARM processors?
- answer: |
- No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
-
- - question: |
- Can I synchronize data from Windows To Go with my other computer?
- answer: |
- To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need.
-
- - question: |
- What size USB flash drive do I need to make a Windows To Go drive?
- answer: |
- The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size.
-
- - question: |
- Do I need to activate Windows To Go every time I roam?
- answer: |
- No, Windows To Go requires volume activation; either using the [Key Management Service](/previous-versions/tn-archive/ff793434(v=technet.10)) (KMS) server in your organization or using [Active Directory](/previous-versions/windows/hh852637(v=win.10)) based volume activation. The Windows To Go workspace won't need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or through a remote connection using DirectAccess or a virtual private network connection), once activated the machine won't need to be activated again until the activation validity interval has passed. In a KMS configuration, the activation validity interval is 180 days.
-
- - question: |
- Can I use all Windows features on Windows To Go?
- answer: |
- Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh.
-
- - question: |
- Can I use all my applications on Windows To Go?
- answer: |
- Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
-
- - question: |
- Does Windows To Go work slower than standard Windows?
- answer: |
- If you're using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you're booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds.
-
- - question: |
- If I lose my Windows To Go drive, will my data be safe?
- answer: |
- Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user won't be able to access your data without your password. If you don't enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive.
-
- - question: |
- Can I boot Windows To Go on a Mac?
- answer: |
- We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
-
- - question: |
- Are there any APIs that allow applications to identify a Windows To Go workspace?
- answer: |
- Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true, it means that the operating system was booted from an external USB device.
-
- Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
-
- For more information, see the MSDN article on the [Win32\_OperatingSystem class](/windows/win32/cimwin32prov/win32-operatingsystem).
-
- - question: |
- How is Windows To Go licensed?
- answer: |
- Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
-
- - question: |
- Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive?
- answer: |
- No, use of Windows Recovery Environment isn't supported on Windows To Go. It's recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should reprovision the workspace.
-
- - question: |
- Why won't Windows To Go work on a computer running Windows XP or Windows Vista?
- answer: |
- Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
-
- - question: |
- Why does the operating system on the host computer matter?
- answer: |
- It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
-
- - question: |
- My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
- answer: |
- The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
-
- You can reset the BitLocker system measurements to incorporate the new boot order using the following steps:
-
- 1. Sign in to the host computer using an account with administrator privileges.
-
- 2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**.
-
- 3. Click **Suspend Protection** for the operating system drive.
-
- A message is displayed, informing you that your data won't be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive.
-
- 4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
-
- 5. Restart the computer again and then sign in to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.)
-
- 6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**.
-
- 7. Click **Resume Protection** to re-enable BitLocker protection.
-
- The host computer will now be able to be booted from a USB drive without triggering recovery mode.
-
- > [!NOTE]
- > The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
-
-
-
- - question: |
- I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?
- answer: |
- Reformatting the drive erases the data on the drive, but doesn't reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps:
-
- 1. Open a command prompt with full administrator permissions.
-
- > [!NOTE]
- > If your user account is a member of the Administrators group, but isn't the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them.
-
-
-
- 2. Start the [diskpart](/windows-server/administration/windows-commands/diskpart) command interpreter, by typing `diskpart` at the command prompt.
-
- 3. Use the `select disk` command to identify the drive. If you don't know the drive number, use the `list` command to display the list of disks available.
-
- 4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive.
-
- - question: |
- Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?
- answer: |
- One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
-
- In certain cases, third-party drivers for different hardware models or versions can reuse device IDs, driver file names, registry keys (or any other operating system constructs that don't support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver.
-
- This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message "Installing devices…" displaying every time that a Windows to Go drive is roamed between two PCs that require conflicting drivers.
-
- - question: |
- How do I upgrade the operating system on my Windows To Go drive?
- answer: |
- There's no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be reimaged with a new version of Windows in order to transition to the new operating system version.
-
-additionalContent: |
-
- ## Additional resources
-
- - [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
- - [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
- - [Windows To Go: feature overview](windows-to-go-overview.md)
- - [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
- - [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
- - [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
deleted file mode 100644
index 4332f5785a..0000000000
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ /dev/null
@@ -1,155 +0,0 @@
----
-title: Windows To Go feature overview (Windows 10)
-description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: overview
-ms.technology: itpro-deploy
-ms.collection:
- - highpri
- - tier2
-ms.date: 10/28/2022
----
-
-# Windows To Go: feature overview
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
-
-PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go isn't intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some other considerations that you should keep in mind before you start to use Windows To Go:
-
-- [Windows To Go: feature overview](#windows-to-go-feature-overview)
- - [Differences between Windows To Go and a typical installation of Windows](#differences-between-windows-to-go-and-a-typical-installation-of-windows)
- - [Roaming with Windows To Go](#roaming-with-windows-to-go)
- - [Prepare for Windows To Go](#prepare-for-windows-to-go)
- - [Hardware considerations for Windows To Go](#hardware-considerations-for-windows-to-go)
-
-> [!NOTE]
-> Windows To Go isn't supported on Windows RT.
-
-## Differences between Windows To Go and a typical installation of Windows
-
-Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are:
-
-- **Internal disks are offline.** To ensure data isn't accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive won't be listed in Windows Explorer.
-- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption, a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
-- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
-- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
-- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer's standard for the computer doesn't apply when running a Windows To Go workspace, so the feature was disabled.
-- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces can't be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
-
-## Roaming with Windows To Go
-
-Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer, it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is next booted on that host computer, it will be able to identify the host computer and load the correct set of drivers automatically.
-
-The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware, which will cause difficulties if the workspace is being used with multiple host computers.
-
-## Prepare for Windows To Go
-
-Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
-
-These same tools can be used to provision Windows To Go drive, just as if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) to review deployment tools available.
-
-> [!IMPORTANT]
-> Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported.
-
-As you decide what to include in your Windows To Go image, be sure to consider the following questions:
-
-Are there any drivers that you need to inject into the image?
-
-How will data be stored and synchronized to appropriate locations from the USB device?
-
-Are there any applications that are incompatible with Windows To Go roaming that shouldn't be included in the image?
-
-What should be the architecture of the image - 32bit/64bit?
-
-What remote connectivity solution should be supported in the image if Windows To Go is used outside the corporate network?
-
-For more information about designing and planning your Windows To Go deployment, see [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md).
-
-## Hardware considerations for Windows To Go
-
-**For USB drives**
-
-The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following items:
-
-- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly.
-- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later.
-- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details.
-
-As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives:
-
-> [!WARNING]
-> Using a USB drive that has not been certified is not supported.
-
-- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://www.kingston.com/support/technical/products?model=dtws))
-- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws))
-- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws))
-- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
-
-- Super Talent Express RC4 for Windows To Go
-
- -and-
-
- Super Talent Express RC8 for Windows To Go
-
- ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721))
-
-- Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
-
- We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility, see [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
-
-**For host computers**
-
-When assessing the use of a PC as a host for a Windows To Go workspace, you should consider the following criteria:
-
-- Hardware that has been certified for use with Windows 7 or later operating systems will work well with Windows To Go.
-- Running a Windows To Go workspace from a computer that is running Windows RT isn't a supported scenario.
-- Running a Windows To Go workspace on a Mac computer isn't a supported scenario.
-
-The following table details the characteristics that the host computer must have to be used with Windows To Go:
-
-|Item|Requirement|
-|--- |--- |
-|Boot process|Capable of USB boot|
-|Firmware|USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you're unsure of the ability of your PC to boot from USB)|
-|Processor architecture|Must support the image on the Windows To Go drive|
-|External USB Hubs|Not supported; connect the Windows To Go drive directly to the host machine|
-|Processor|1 GHz or faster|
-|RAM|2 GB or greater|
-|Graphics|DirectX 9 graphics device with WDDM 1.2 or greater driver|
-|USB port|USB 2.0 port or greater|
-
-**Checking for architectural compatibility between the host PC and the Windows To Go drive**
-
-In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
-
-|Host PC Firmware Type|Host PC Processor Architecture|Compatible Windows To Go Image Architecture|
-|--- |--- |--- |
-|Legacy BIOS|32-bit|32-bit only|
-|Legacy BIOS|64-bit|32-bit and 64-bit|
-|UEFI BIOS|32-bit|32-bit only|
-|UEFI BIOS|64-bit|64-bit only|
-
-## Other resources
-
-- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
-- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
-- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
-
-## Related articles
-
-[Deploy Windows To Go in your organization](../deploy-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index f49339b0fd..8e5e27c8df 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -2,13 +2,13 @@
title: Windows Pro in S mode
description: Overview of Windows Pro and Enterprise in S mode.
ms.localizationpriority: high
-ms.prod: windows-client
+ms.service: windows-client
manager: aaroncz
author: frankroj
ms.author: frankroj
ms.topic: conceptual
ms.date: 04/26/2023
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Windows Pro in S mode
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 72d37a8849..c8ea253ee3 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -1,8 +1,8 @@
---
title: Windows Updates using forward and reverse differentials
description: A technique to produce compact software updates optimized for any origin and destination revision pair
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index ba7b6d264d..164a2970b3 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -1,8 +1,8 @@
---
title: How to check Windows release health
description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 89a981ff58..d1b6ebd87e 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -1,8 +1,8 @@
---
title: Create a deployment plan
description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -18,9 +18,9 @@ ms.date: 12/31/2017
# Create a deployment plan
-A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
+A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. Once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
-When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows clients are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
At the highest level, each ring comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
@@ -43,10 +43,10 @@ There are no definite rules for exactly how many rings to have for your deployme
## Advancing between rings
-There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project based.
+There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project-based.
-- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
-- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
+- "Red button" (service-based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
+- "Green button" (project-based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
When it comes to deployments, having manual steps in the process usually impedes update velocity. A "red button" strategy is better when that is your goal.
@@ -60,9 +60,9 @@ The purpose of the Preview ring is to evaluate the new features of the update. I
### Who goes in the Preview ring?
-The Preview ring users are the most tech savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
+The Preview ring users are the most tech-savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
-During your plan and prepare phases, you should focus on the following activities:
+During your plan and preparation phases, you should focus on the following activities:
- Work with Windows Insider Preview builds.
- Identify the features and functionality your organization can or wants to use.
@@ -87,7 +87,7 @@ Analytics can help with defining a good Limited ring of representative devices a
The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don't have the applications or device drivers that are truly a representative sample of your network.
-During your pilot and validate phases, you should focus on the following activities:
+During your pilot and validation phases, you should focus on the following activities:
- Deploy new innovations.
- Assess and act if issues are encountered.
@@ -104,7 +104,7 @@ Once the devices in the Limited ring have had a sufficient stabilization period,
In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision), a broad deployment can occur relatively quickly.
> [!NOTE]
-> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission critical-devices.
+> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission-critical devices.
During the broad deployment phase, you should focus on the following activities:
diff --git a/windows/deployment/update/deployment-service-drivers.md b/windows/deployment/update/deployment-service-drivers.md
index 4373f59f58..ca104fce34 100644
--- a/windows/deployment/update/deployment-service-drivers.md
+++ b/windows/deployment/update/deployment-service-drivers.md
@@ -2,8 +2,8 @@
title: Deploy drivers and firmware updates
titleSuffix: Windows Update for Business deployment service
description: Use Windows Update for Business deployment service to deploy driver and firmware updates to devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/deployment-service-expedited-updates.md b/windows/deployment/update/deployment-service-expedited-updates.md
index 9279a5e9d4..0b59cbea9e 100644
--- a/windows/deployment/update/deployment-service-expedited-updates.md
+++ b/windows/deployment/update/deployment-service-expedited-updates.md
@@ -2,8 +2,8 @@
title: Deploy expedited updates
titleSuffix: Windows Update for Business deployment service
description: Learn how to use Windows Update for Business deployment service to deploy expedited updates to devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -32,7 +32,11 @@ In this article, you will:
## Prerequisites
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
+All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met, including ensuring that the *Update Health Tools* is installed on the clients.
+- The *Update Health Tools* are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device, use one of the following methods:
+ - Run a [readiness test for expedited updates](#readiness-test-for-expediting-updates)
+ - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
+ - Example PowerShell script to verify tools installation: `Get-CimInstance -ClassName Win32_Product \| Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
### Permissions
@@ -213,8 +217,8 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments/$entity",
"id": "de910e12-3456-7890-abcd-ef1234567890",
- "createdDateTime": "2023-02-09T22:55:04.8547517Z",
- "lastModifiedDateTime": "2023-02-09T22:55:04.8547524Z",
+ "createdDateTime": "2024-01-30T19:43:37.1672634Z",
+ "lastModifiedDateTime": "2024-01-30T19:43:37.1672644Z",
"state": {
"effectiveValue": "offering",
"requestedValue": "none",
@@ -222,15 +226,19 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
},
"content": {
"@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
- "catalogEntry@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('de910e12-3456-7890-abcd-ef1234567890')/content/microsoft.graph.windowsUpdates.catalogContent/catalogEntry/$entity",
+ "catalogEntry@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('073fb534-5cdd-4326-8aa2-a4d29037b60f')/content/microsoft.graph.windowsUpdates.catalogContent/catalogEntry/$entity",
"catalogEntry": {
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
- "id": "693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432",
+ "id": "e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5",
"displayName": null,
"deployableUntilDateTime": null,
- "releaseDateTime": "2023-01-10T00:00:00Z",
+ "releaseDateTime": "2023-08-08T00:00:00Z",
"isExpeditable": false,
- "qualityUpdateClassification": "security"
+ "qualityUpdateClassification": "security",
+ "catalogName": null,
+ "shortName": null,
+ "qualityUpdateCadence": "monthly",
+ "cveSeverityInformation": null
}
},
"settings": {
@@ -238,10 +246,12 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
"monitoring": null,
"contentApplicability": null,
"userExperience": {
- "daysUntilForcedReboot": 2
+ "daysUntilForcedReboot": 2,
+ "offerAsOptional": null
},
"expedite": {
- "isExpedited": true
+ "isExpedited": true,
+ "isReadinessTest": false
}
},
"audience@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('de910e12-3456-7890-abcd-ef1234567890')/audience/$entity",
@@ -293,6 +303,48 @@ The following example deletes the deployment with a **Deployment ID** of `de910e
DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e12-3456-7890-abcd-ef1234567890
```
+## Readiness test for expediting updates
+
+You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies it's an expedite readiness test, then add members to the deployment audience. The service will check to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results.
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
+content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.windowsUpdates.deployment",
+ "content": {
+ "@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
+ "catalogEntry": {
+ "@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
+ "id": "317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5"
+ }
+ },
+ "settings": {
+ "@odata.type": "microsoft.graph.windowsUpdates.deploymentSettings",
+ "expedite": {
+ "isExpedited": true,
+ "isReadinessTest": true
+ }
+ }
+}
+```
+
+The truncated response displays that **isReadinessTest** is set to `true` and gives you a **DeploymentID** of `de910e12-3456-7890-abcd-ef1234567890`. You can then [add members to the deployment audience](#add-members-to-the-deployment-audience) to have the service check that the devices meet the preresquites then review the results in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab).
+
+```json
+ "expedite": {
+ "isExpedited": true,
+ "isReadinessTest": true
+ }
+ },
+ "audience@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('6a6c03b5-008e-4b4d-8acd-48144208f179_Readiness')/audience/$entity",
+ "audience": {
+ "id": "de910e12-3456-7890-abcd-ef1234567890",
+ "applicableContent": []
+ }
+
+```
[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-update-health-tools-logs.md)]
diff --git a/windows/deployment/update/deployment-service-feature-updates.md b/windows/deployment/update/deployment-service-feature-updates.md
index 070ecd8914..99d6c26f7c 100644
--- a/windows/deployment/update/deployment-service-feature-updates.md
+++ b/windows/deployment/update/deployment-service-feature-updates.md
@@ -2,8 +2,8 @@
title: Deploy feature updates
titleSuffix: Windows Update for Business deployment service
description: Use Windows Update for Business deployment service to deploy feature updates to devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 58d36aae43..adf8bfe314 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -2,8 +2,8 @@
title: Overview of the deployment service
titleSuffix: Windows Update for Business deployment service
description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates with the deployment service.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -27,7 +27,7 @@ Windows Update for Business product family has three elements:
- [Windows Update for Business reports](wufb-reports-overview.md) to monitor update deployment
- Deployment service APIs to approve and schedule specific updates for deployment, which are available through the Microsoft Graph and associated SDKs (including PowerShell)
-The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the[Windows Update for Business reports workbook](wufb-reports-workbook.md).
+The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the [Windows Update for Business reports workbook](wufb-reports-workbook.md).
:::image type="content" source="media/7512398-deployment-service-overview.png" alt-text="Diagram displaying the three elements that are parts of the Windows Update for Business family.":::
diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
index d4dbc2e5e1..1f24cbfe24 100644
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ b/windows/deployment/update/deployment-service-prerequisites.md
@@ -2,8 +2,8 @@
title: Prerequisites for the deployment service
titleSuffix: Windows Update for Business deployment service
description: Prerequisites for using the Windows Update for Business deployment service for updating devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 02/14/2023
+ms.date: 01/29/2024
---
# Windows Update for Business deployment service prerequisites
@@ -48,9 +48,9 @@ Windows Update for Business deployment service supports Windows client devices o
### Windows operating system updates
-- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB 4023057](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
+- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device:
- Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
- - As an Admin, run the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
+ - As an Admin, run the following PowerShell script: `Get-CimInstance -ClassName Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index 65a6b7777a..da9f167b83 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -2,8 +2,8 @@
title: Troubleshoot the deployment service
titleSuffix: Windows Update for Business deployment service
description: Solutions to commonly encountered problems when using the Windows Update for Business deployment service.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: troubleshooting
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 6a83bab027..d12a78f404 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -1,8 +1,8 @@
---
title: Evaluate infrastructure and tools
description: Review the steps to ensure your infrastructure is ready to deploy updates to clients in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: article
author: mestew
ms.author: mstewart
@@ -11,22 +11,22 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 10/31/2023
---
# Evaluate infrastructure and tools
-Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
+Before you deploy an update, assess your deployment infrastructure. For example, management systems like Configuration Manager, Microsoft Intune, or similar. Also assess current configurations such as security baselines, administrative templates, and policies that affect updates. Then set some criteria to define your operational readiness.
## Infrastructure
Do your deployment tools need updates?
-- If you use Configuration Manager, is it on the Current Branch with the latest release installed.? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
+- If you use Configuration Manager, is it on the current branch with the latest release installed? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
- Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows client feature update.
-Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so.
+Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered.
## Device settings
@@ -36,35 +36,35 @@ Make sure your security baseline, administrative templates, and policies have th
Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows client update are set properly.
-- **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them.
-- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you are about to deploy.
+- **Microsoft security baselines**: You should implement security baselines from Microsoft. They're included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them.
+- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you're about to deploy.
### Configuration updates
-There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
+There are several Windows policies that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. For example, policies set by group policy, Intune, or other methods. Check these policies to make sure they're set appropriately.
-- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593).
-- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.
+- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 23H2](https://www.microsoft.com/download/details.aspx?id=105667).
+- **Policies for update compliance and end-user experience**: Several settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.
## Define operational readiness criteria
-When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. And you’ll also ensure that if incidents arise, the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
+When you deploy an update, you need to make sure the update isn't introducing new operational issues. If incidents arise, make sure the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
- **Call trend**: Define what percentage increase in calls relating to Windows client feature updates are acceptable or can be supported.
- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows client feature updates are acceptable or can be supported.
- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows client feature update.
-- **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update.
+- **Process changes:** Define and update any processes that will change as a result of the Windows feature update.
-Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight.
+Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight.
## Tasks
Finally, you can begin to carry out the work needed to ensure your infrastructure and configuration can support the update. To help you keep track, you can classify the work into the following overarching tasks:
-- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they’ve all been defined.
-- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that have been identified for the update.
+- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they've all been defined.
+- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that you identified for the update.
- **Define infrastructure update plan**: Detail how your infrastructure must change to support the update.
-- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when it’s been deployed.
-- **Identify gaps that require attention**: Identify issues that will need to be addressed to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
+- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when you deploy it.
+- **Identify gaps that require attention**: Identify issues that you'll need to address to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
- **Define operational update plan**: Detail how your operational services and processes must change to support the update.
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 41a21d5d7c..51371de0c7 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,8 +1,8 @@
---
title: Best practices - user-initiated feature update installation
description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: best-practice
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 972dd73a69..f7968c1ebc 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,8 +1,8 @@
---
title: FoD and language packs for WSUS and Configuration Manager
description: Learn how to make FoD and language packs available to clients when you're using WSUS or Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index 5dc206f1aa..46dca308f1 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,8 +1,8 @@
---
title: Windows client updates, channels, and tools
description: Brief summary of the kinds of Windows updates, the channels they're served through, and the tools for managing them
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index ef02459999..70f2c18280 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,8 +1,8 @@
---
title: How Windows Update works
description: In this article, learn about the process Windows Update uses to download and install updates on Windows client devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/images/waas-active-hours-policy.PNG b/windows/deployment/update/images/waas-active-hours-policy.png
similarity index 100%
rename from windows/deployment/update/images/waas-active-hours-policy.PNG
rename to windows/deployment/update/images/waas-active-hours-policy.png
diff --git a/windows/deployment/update/images/waas-active-hours.PNG b/windows/deployment/update/images/waas-active-hours.png
similarity index 100%
rename from windows/deployment/update/images/waas-active-hours.PNG
rename to windows/deployment/update/images/waas-active-hours.png
diff --git a/windows/deployment/update/includes/update-history.md b/windows/deployment/update/includes/update-history.md
index 9963e0b8b6..cc5fb9bb9f 100644
--- a/windows/deployment/update/includes/update-history.md
+++ b/windows/deployment/update/includes/update-history.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/24/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
index 24da4ab44e..572d549362 100644
--- a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
index d8c96ee718..c386f7fd42 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
@@ -20,7 +20,7 @@ The following policies exclude drivers from Windows Update for a device:
- **Group Policy**: `\Windows Components\Windows Update\Do not include drivers with Windows Updates` set to `enabled`
- **CSP**: [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#excludewudriversinqualityupdate) set to `1`
- **Registry**: `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversFromQualityUpdates` set to `1`
- - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Allow`
+ - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Block`
**Behavior with the deployment service**: Devices with driver exclusion polices that are enrolled for **drivers** and added to an audience though the deployment service:
- Will display the applicable driver content in the deployment service
@@ -42,4 +42,4 @@ The following policies define the source for driver updates as either Windows Up
- Will install drivers that are approved from the deployment service
> [!NOTE]
-> When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device.
\ No newline at end of file
+> When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device.
diff --git a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
index ed62f731f1..f84dd43e0a 100644
--- a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
index 336236ee43..9cfcff85ad 100644
--- a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
index 23bbb2b2d9..40f67810ab 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
index 8d869d1f69..8250bc9e1d 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md b/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
index 682134eb32..d4681b40c2 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
index 34e70ba899..a57711bffd 100644
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md b/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
index 4e0d5caaff..cd39b4dd7e 100644
--- a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
+++ b/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
index da738e8991..a698c7f33b 100644
--- a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
+++ b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 04/26/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-endpoints.md b/windows/deployment/update/includes/wufb-reports-endpoints.md
index 388592c36c..a3bfb9b575 100644
--- a/windows/deployment/update/includes/wufb-reports-endpoints.md
+++ b/windows/deployment/update/includes/wufb-reports-endpoints.md
@@ -2,13 +2,14 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
-ms.date: 08/21/2023
+ms.date: 12/15/2023
ms.localizationpriority: medium
---
-
+
+
Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data:
@@ -20,5 +21,5 @@ Devices must be able to contact the following endpoints in order to authenticate
| `settings-win.data.microsoft.com` | Used by Windows components and applications to dynamically update their configuration. Required for Windows Update functionality. |
| `adl.windows.com` | Required for Windows Update functionality. |
| `oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
-| `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
-| `*.blob.core.windows.net` | Azure blob data storage.|
\ No newline at end of file
+| `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices aren't visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
+| `ceuswatcab01.blob.core.windows.net`
`ceuswatcab02.blob.core.windows.net`
`eaus2watcab01.blob.core.windows.net`
`eaus2watcab02.blob.core.windows.net`
`weus2watcab01.blob.core.windows.net`
`weus2watcab02.blob.core.windows.net` | Azure blob data storage. |
diff --git a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
index 70c1948c7a..f0f14e2a67 100644
--- a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
+++ b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-script-error-codes.md b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
index 479b5a9eff..7057d0789c 100644
--- a/windows/deployment/update/includes/wufb-reports-script-error-codes.md
+++ b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 07/11/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index e2f3ab0e3c..080e86b6ad 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -1,8 +1,8 @@
---
title: Update Windows installation media with Dynamic Update
description: Learn how to acquire and apply Dynamic Update packages to existing Windows images prior to deployment
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -12,7 +12,8 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 07/17/2023
+- ✅ Windows Server
+ms.date: 12/05/2023
---
# Update Windows installation media with Dynamic Update
@@ -83,24 +84,24 @@ Properly updating the installation media involves a large number of actions oper
This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding boot manager from WinPE to the new media (28).
-|Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media |
-|-----------------------------------|-------------------|------------------|--------------------------------|-----------|
-|Add servicing stack Dynamic Update | 1 | 9 | 18 | |
-|Add language pack | 2 | 10 | 19 | |
-|Add localized optional packages | 3 | 11 | | |
-|Add font support | 4 | 12 | | |
-|Add text-to-speech | 5 | 13 | | |
-|Update Lang.ini | | 14 | | |
-|Add Features on Demand | | | 20 | |
-|Add Safe OS Dynamic Update | 6 | | | |
-|Add Setup Dynamic Update | | | | 26 |
-|Add setup.exe from WinPE | | | | 27 |
-|Add boot manager from WinPE | | | | 28 |
-|Add latest cumulative update | | 15 | 21 | |
-|Clean up the image | 7 | 16 | 22 | |
-|Add Optional Components | | | 23 | |
-|Add .NET and .NET cumulative updates | | | 24 | |
-|Export image | 8 | 17 | 25 | |
+|Task |WinRE (winre.wim) |Operating system (install.wim) | WinPE (boot.wim) | New media |
+|-----------------------------------|-------------------|--------------------------------|------------------|-----------|
+|Add servicing stack Dynamic Update | 1 | 9 | 17 | |
+|Add language pack | 2 | 10 | 18 | |
+|Add localized optional packages | 3 | | 19 | |
+|Add font support | 4 | | 20 | |
+|Add text-to-speech | 5 | | 21 | |
+|Update Lang.ini | | | 22 | |
+|Add Features on Demand | | 11 | | |
+|Add Safe OS Dynamic Update | 6 | | | |
+|Add Setup Dynamic Update | | | | 26 |
+|Add setup.exe from WinPE | | | | 27 |
+|Add boot manager from WinPE | | | | 28 |
+|Add latest cumulative update | | 12 | 23 | |
+|Clean up the image | 7 | 13 | 24 | |
+|Add Optional Components | | 14 | | |
+|Add .NET and .NET cumulative updates | | 15 | | |
+|Export image | 8 | 16 | 25 | |
> [!NOTE]
> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](./servicing-stack-updates.md).
@@ -110,13 +111,13 @@ This table shows the correct sequence for applying the various tasks to the file
### Multiple Windows editions
-The main operating system file (install.wim) contains multiple editions of Windows. It's possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
+The main operating system file (install.wim) might contain multiple editions of Windows. It's possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
### Additional languages and features
-You don't have to add more languages and features to the image to accomplish the updates, but it's an opportunity to customize the image with more languages, Optional Components, and Features on Demand beyond what is in your starting image. To do this, it's important to make these changes in the correct order: first apply servicing stack updates, followed by language additions, then by feature additions, and finally the latest cumulative update. The provided sample script installs a second language (in this case Japanese (ja-JP)). Since this language is backed by an lp.cab, there's no need to add a Language Experience Pack. Japanese is added to both the main operating system and to the recovery environment to allow the user to see the recovery screens in Japanese. This includes adding localized versions of the packages currently installed in the recovery image.
+You don't have to add more languages and features to the image to accomplish the updates, but it's an opportunity to customize the image with more languages, Optional Components, and Features on Demand beyond what's in your starting image. When you add more languages and features, it's important to make these changes in the correct order: first apply servicing stack updates, followed by language additions, then by feature additions, and finally the latest cumulative update. The provided sample script installs a second language (in this case Japanese (ja-JP)). Since this language is backed by an lp.cab, there's no need to add a Language Experience Pack. Japanese is added to both the main operating system and to the recovery environment to allow the user to see the recovery screens in Japanese. This includes adding localized versions of the packages currently installed in the recovery image.
-Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid this. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
+Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid the cleanup failure. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
## Windows PowerShell scripts to apply Dynamic Updates to an existing image
@@ -130,7 +131,7 @@ These examples are for illustration only, and therefore lack error handling. The
### Get started
-The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there's a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they aren't read-only.
+The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there's a script error and it's necessary to start over from a known state. Also, it provides a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they aren't read-only.
```powershell
#Requires -RunAsAdministrator
@@ -194,128 +195,231 @@ Copy-Item -Path $MEDIA_OLD_PATH"\*" -Destination $MEDIA_NEW_PATH -Force -Recurse
Get-ChildItem -Path $MEDIA_NEW_PATH -Recurse | Where-Object { -not $_.PSIsContainer -and $_.IsReadOnly } | ForEach-Object { $_.IsReadOnly = $false }
```
-### Update WinRE
+### Update WinRE and each main OS Windows edition
-The script assumes that only a single edition is being updated, indicated by Index = 1 (Windows 10 Education Edition). Then the script mounts the image, saves Winre.wim to the working folder, and mounts it. It then applies servicing stack Dynamic Update, since its components are used for updating other components. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package.
+The script will update each edition of Windows within the main operating system file (install.wim). For each edition, the main OS image is mounted.
-It finishes by cleaning and exporting the image to reduce the image size.
+For the first image, Winre.wim is copied to the working folder, and mounted. It then applies servicing stack Dynamic Update, since its components are used for updating other components. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package. It finishes by cleaning and exporting the image to reduce the image size.
+
+Next, for the mounted OS image, the script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it uses `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod). Now is the time to enable other Optional Components or add other Features on Demand. If such a feature has an associated cumulative update (for example, .NET), this is the time to apply those. The script then proceeds with applying the latest cumulative update. Finally, the script cleans and exports the image. You can install Optional Components, along with the .NET feature, offline, but that requires the device to be restarted. This is why the script installs .NET and Optional Components after cleanup and before export.
+
+This process is repeated for each edition of Windows within the main operating system file. To reduce size, the serviced Winre.wim file from the first image is saved, and used to update each subsequent Windows edition. This reduces the final size of install.wim.
```powershell
-# Mount the main operating system, used throughout the script
-Write-Output "$(Get-TS): Mounting main OS"
-Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index 1 -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null
-
#
-# update Windows Recovery Environment (WinRE)
+# Update each main OS Windows image including the Windows Recovery Environment (WinRE)
#
-Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
-Write-Output "$(Get-TS): Mounting WinRE"
-Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
-# Add servicing stack update (Step 1 from the table)
+# Get the list of images contained within WinPE
+$WINOS_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim"
-# Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
-# The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined
-# cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and
-# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined
-# cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined
-# cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the
-# combined cumulative update can be installed.
+Foreach ($IMAGE in $WINOS_IMAGES) {
-# This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
+ # first mount the main OS image
+ Write-Output "$(Get-TS): Mounting main OS, image index $($IMAGE.ImageIndex)"
+ Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index $IMAGE.ImageIndex -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null
-# Now, attempt the combined cumulative update.
-# There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should
-# be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct
-# packages installed.
+ if ($IMAGE.ImageIndex -eq "1") {
-try
-{
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null
-}
-Catch
-{
- $theError = $_
- Write-Output "$(Get-TS): $theError"
+ #
+ # update Windows Recovery Environment (WinRE) within this OS image
+ #
+ Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
+ Write-Output "$(Get-TS): Mounting WinRE"
+ Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
+
+ # Add servicing stack update (Step 1 from the table)
+
+ # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
+ # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined
+ # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and
+ # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined
+ # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined
+ # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the
+ # combined cumulative update can be installed.
+
+ # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ # Now, attempt the combined cumulative update.
+ # There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should
+ # be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct
+ # packages installed.
+
+ try
+ {
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null
+ }
+ Catch
+ {
+ $theError = $_
+ Write-Output "$(Get-TS): $theError"
- if ($theError.Exception -like "*0x8007007e*") {
- Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore."
- }
- else {
- throw
- }
-}
-
-# The second approach for Step 1 is for Windows releases that have not adopted the combined cumulative update
-# but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
-# update. This second approach is commented out below.
-
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
-
-#
-# Optional: Add the language to recovery environment
-#
-# Install lp.cab cab
-Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
-Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
-
-# Install language cabs for each optional package installed
-$WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT
-Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
-
- if ( ($PACKAGE.PackageState -eq "Installed") `
- -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
- -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
-
- $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
- if ($INDEX -ge 0) {
- $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
- if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
- $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
- Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null
+ if ($theError.Exception -like "*0x8007007e*") {
+ Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore."
+ }
+ else {
+ throw
}
}
+
+ # The second approach for Step 1 is for Windows releases that have not adopted the combined cumulative update
+ # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+ # update. This second approach is commented out below.
+
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ #
+ # Optional: Add the language to recovery environment
+ #
+ # Install lp.cab cab
+ Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
+
+ # Install language cabs for each optional package installed
+ $WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT
+ Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
+
+ if ( ($PACKAGE.PackageState -eq "Installed") `
+ -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
+ -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
+
+ $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
+ if ($INDEX -ge 0) {
+ $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
+ if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
+ $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
+ Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null
+ }
+ }
+ }
+ }
+
+ # Add font support for the new language
+ if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
+ Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
+ }
+
+ # Add TTS support for the new language
+ if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
+ if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
+
+ Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
+ }
+ }
+
+ # Add Safe OS
+ Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null
+
+ # Perform image cleanup
+ Write-Output "$(Get-TS): Performing image cleanup on WinRE"
+ DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
+
+ # Dismount
+ Dismount-WindowsImage -Path $WINRE_MOUNT -Save -ErrorAction stop | Out-Null
+
+ # Export
+ Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\winre.wim"
+ Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim" -ErrorAction stop | Out-Null
+
}
+
+ Copy-Item -Path $WORKING_PATH"\winre2.wim" -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Force -ErrorAction stop | Out-Null
+
+ #
+ # update Main OS
+ #
+
+ # Add servicing stack update (Step 18 from the table)
+
+ # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
+ # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that
+ # includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these
+ # cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully
+ # rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published,
+ # and installed first before the combined cumulative update can be installed.
+
+ # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ # Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e
+ Write-Output "$(Get-TS): Adding package $LCU_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null
+
+ # The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update
+ # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+ # update. This second approach is commented out below.
+
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ # Optional: Add language to main OS
+ Write-Output "$(Get-TS): Adding package $OS_LP_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null
+
+ # Optional: Add a Features on Demand to the image
+ Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ # Note: If I wanted to enable additional Features on Demand, I'd add these here.
+
+ # Add latest cumulative update
+ Write-Output "$(Get-TS): Adding package $LCU_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
+
+ # Perform image cleanup
+ Write-Output "$(Get-TS): Performing image cleanup on main OS"
+ DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
+
+ #
+ # Note: If I wanted to enable additional Optional Components, I'd add these here.
+ # In addition, we'll add .NET 3.5 here as well. Both .NET and Optional Components might require
+ # the image to be booted, and thus if we tried to cleanup after installation, it would fail.
+ #
+
+ Write-Output "$(Get-TS): Adding NetFX3~~~~"
+ Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ # Add .NET Cumulative Update
+ Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
+
+ # Dismount
+ Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null
+
+ # Export
+ Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim"
+ Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\install.wim" -SourceIndex $IMAGE.ImageIndex -DestinationImagePath $WORKING_PATH"\install2.wim" -ErrorAction stop | Out-Null
+
}
-# Add font support for the new language
-if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
- Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
-}
-
-# Add TTS support for the new language
-if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
- if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
-
- Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
-
- Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
- }
-}
-
-# Add Safe OS
-Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
-Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null
-
-# Perform image cleanup
-Write-Output "$(Get-TS): Performing image cleanup on WinRE"
-DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
-
-# Dismount
-Dismount-WindowsImage -Path $WINRE_MOUNT -Save -ErrorAction stop | Out-Null
-
-# Export
-Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim"
-Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim" -ErrorAction stop | Out-Null
-Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
+Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null
```
### Update WinPE
@@ -459,103 +563,6 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
Move-Item -Path $WORKING_PATH"\boot2.wim" -Destination $MEDIA_NEW_PATH"\sources\boot.wim" -Force -ErrorAction stop | Out-Null
```
-### Update the main operating system
-
-For this next phase, there's no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it uses `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod).
-
-Now is the time to enable other Optional Components or add other Features on Demand. If such a feature has an associated cumulative update (for example, .NET), this is the time to apply those. The script then proceeds with applying the latest cumulative update. Finally, the script cleans and exports the image.
-
-You can install Optional Components, along with the .NET feature, offline, but that requires the device to be restarted. This is why the script installs .NET and Optional Components after cleanup and before export.
-
-```powershell
-#
-# update Main OS
-#
-
-# Add servicing stack update (Step 18 from the table)
-
-# Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
-# The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that
-# includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these
-# cases, the servicing stack update is not published separately; the combined cumulative update should be used for this step. However, in hopefully
-# rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published,
-# and installed first before the combined cumulative update can be installed.
-
-# This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
-
-# Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e
-Write-Output "$(Get-TS): Adding package $LCU_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null
-
-# The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update
-# but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
-# update. This second approach is commented out below.
-
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
-
-# Optional: Add language to main OS
-Write-Output "$(Get-TS): Adding package $OS_LP_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null
-
-# Optional: Add a Features on Demand to the image
-Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
-Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-# Note: If I wanted to enable additional Features on Demand, I'd add these here.
-
-# Add latest cumulative update
-Write-Output "$(Get-TS): Adding package $LCU_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
-
-# Copy our updated recovery image from earlier into the main OS
-# Note: If I were updating more than 1 edition, I'd want to copy the same recovery image file
-# into each edition to enable single instancing
-Copy-Item -Path $WORKING_PATH"\winre.wim" -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Force -ErrorAction stop | Out-Null
-
-# Perform image cleanup
-Write-Output "$(Get-TS): Performing image cleanup on main OS"
-DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
-
-#
-# Note: If I wanted to enable additional Optional Components, I'd add these here.
-# In addition, we'll add .NET 3.5 here as well. Both .NET and Optional Components might require
-# the image to be booted, and thus if we tried to cleanup after installation, it would fail.
-#
-
-Write-Output "$(Get-TS): Adding NetFX3~~~~"
-Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-# Add .NET Cumulative Update
-Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
-
-# Dismount
-Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null
-
-# Export
-Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim"
-Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\install.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\install2.wim" -ErrorAction stop | Out-Null
-Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null
-```
-
### Update remaining media files
This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings in updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index 1245ce7f59..7f6fffc7b4 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -1,8 +1,8 @@
---
title: Migrating and acquiring optional Windows content
description: How to keep language resources and Features on Demand during operating system updates for your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index 3116459b20..dcc9544f7e 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -1,8 +1,8 @@
---
title: Define readiness criteria
description: Identify important roles and figure out how to classify apps so you can plan and manage your deployment
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index 9f3f2e92b7..e2175c7b40 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -1,8 +1,8 @@
---
title: Define update strategy
description: Example of using a calendar-based approach to achieve consistent update installation in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index 735e5a3095..6801a4cca8 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -1,8 +1,8 @@
---
title: Determine application readiness
description: How to test your apps to identify which need attention prior to deploying an update in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index ad9ebeff3a..a9af4519db 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -1,8 +1,8 @@
---
title: Prepare to deploy Windows
description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/release-cycle.md b/windows/deployment/update/release-cycle.md
index bb6949ca8e..2d4e8ecb19 100644
--- a/windows/deployment/update/release-cycle.md
+++ b/windows/deployment/update/release-cycle.md
@@ -1,8 +1,8 @@
---
title: Update release cycle for Windows clients
description: Learn about the release cycle for updates so Windows clients in your organization stay productive and protected.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 86232917dd..104400de70 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -1,8 +1,8 @@
---
title: Safeguard holds for Windows
description: What are safeguard holds? How to can you tell if a safeguard hold is in effect, and what to do about it.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index 30227f3553..0e0a112ae1 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -1,8 +1,8 @@
---
title: Opt out of safeguard holds
description: How to install an update in your organization even when a safeguard hold for a known issue has been applied to it.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index fd0efc4571..85af66e440 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -1,8 +1,8 @@
---
title: Servicing stack updates
description: In this article, learn how servicing stack updates improve the code that installs the other updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -15,21 +15,22 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server
-ms.date: 12/31/2017
+ms.date: 12/08/2023
---
# Servicing stack updates
## What is a servicing stack update?
-Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically doesn't have updates released every month.
+
+Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the component-based servicing stack (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. [CBS](https://techcommunity.microsoft.com/t5/ask-the-performance-team/understanding-component-based-servicing/ba-p/373012) is a small component that typically doesn't have updates released every month.
## Why should servicing stack updates be installed and kept up to date?
-Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
+Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't have the latest servicing stack update installed, there's a risk that your device can't be updated with the latest Microsoft security fixes.
## When are they released?
-Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
+Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions, a servicing stack update might need to be released out of band to address an issue impacting systems installing the monthly security update. New servicing stack updates are classified as `Security` with a severity rating of `Critical`.
## What's the difference between a servicing stack update and a cumulative update?
@@ -38,14 +39,14 @@ Both Windows client and Windows Server use the cumulative update mechanism, in w
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest monthly security update release and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
-Microsoft publishes all cumulative updates and SSUs for Windows 10, version 2004 and later together as one cumulative monthly update to the normal release category in WSUS.
+Microsoft publishes all cumulative updates and servicing stack updates for Windows 10, version 2004 and later together as one cumulative monthly update to the normal release category in Windows Server Update Services (WSUS).
## Is there any special guidance?
-Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
-
Typically, the improvements are reliability and performance improvements that don't require any specific special guidance. If there's any significant impact, it will be present in the release notes.
+Most users don't need to install an isolated servicing stack update. In the rare case that you need to install an isolated servicing stack update, Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
+
## Installation notes
* Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
@@ -56,6 +57,6 @@ Typically, the improvements are reliability and performance improvements that do
## Simplifying on-premises deployment of servicing stack updates
-With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update includes the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you'll only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update is available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
+With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update includes the latest servicing stack updates, to provide a single cumulative update payload to both WSUS and the Microsoft Update Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you'll only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update is available on Windows 10, version 2004 and later starting with [KB4601382](https://support.microsoft.com/kb/4601382), released in February of 2021.
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index b534f09c0c..28b05bb90e 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -1,8 +1,8 @@
---
title: Windows 10 Update Baseline
description: Use an update baseline to optimize user experience and meet monthly update goals in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index b7fa2d5094..50b404df35 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -1,8 +1,8 @@
---
title: Policies for update compliance and user experience
description: Explanation and recommendations for update compliance, activity, and user experience for your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 840ea3d5a7..11732bc1ca 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -1,17 +1,16 @@
---
title: Configure BranchCache for Windows client updates
description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
manager: aaroncz
ms.localizationpriority: medium
appliesto:
-- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 11/16/2023
---
# Configure BranchCache for Windows client updates
@@ -33,7 +32,10 @@ For detailed information about how Distributed Cache mode and Hosted Cache mode
Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](/previous-versions/windows/it-pro/windows-7/dd637820(v=ws.10)) in the [BranchCache Early Adopter's Guide](/previous-versions/windows/it-pro/windows-7/dd637762(v=ws.10)).
-In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
+In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, set the Delivery Optimization **Download mode** to '100' (Bypass) to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
+
+> [!Note]
+> [Bypass Download mode (100)](../do/waas-delivery-optimization-reference.md#download-mode) is only available in Windows 10 (starting in version 1607) and deprecated in Windows 11. BranchCache isn't supported for content downloaded using Delivery Optimization in Windows 11.
## Configure servers for BranchCache
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 6af6c31910..4a74fbe288 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -2,12 +2,12 @@
title: Configure Windows Update for Business
manager: aaroncz
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
-ms.prod: windows-client
+ms.service: windows-client
author: mestew
ms.localizationpriority: medium
ms.author: mstewart
ms.topic: conceptual
-ms.technology: itpro-updates
+ms.subservice: itpro-updates
ms.collection:
- tier1
appliesto:
@@ -16,7 +16,7 @@ appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.date: 08/22/2023
+ms.date: 11/30/2023
---
# Configure Windows Update for Business
@@ -210,7 +210,7 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
| MDM for Windows 10, version 1607 and later: ../Vendor/MSFT/Policy/Config/Update/**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
## Enable optional updates
-
+
In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy.
To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**.
@@ -243,8 +243,8 @@ The following options are available for the policy:
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
-| GPO for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > **Enable optional updates**| \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
-| MDM for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: ./Device/Vendor/MSFT/Policy/Config/Update/**[AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent)** | \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+| **GPO applies to**:
**GPO location**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > **Enable optional updates**| \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+| **MDM applies to**:
**MDM location**: ./Device/Vendor/MSFT/Policy/Config/Update/**[AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent)** | \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
## Enable features that are behind temporary enterprise feature control
@@ -269,7 +269,7 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
-| AllowOptionalContent *Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
+| AllowOptionalContent *Added in*:
| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
| AllowTemporaryEnterpriseFeatureControl *Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled. Other value or absent: Features that are shipped turned off by default will remain off |
| BranchReadinessLevel | REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast 4: Systems take feature updates for the Windows Insider build - Slow 8: Systems take feature updates for the Release Windows Insider build Other value or absent: Receive all applicable updates |
| DeferFeatureUpdates | REG_DWORD | 1: Defer feature updatesOther value or absent: Don't defer feature updates |
@@ -285,7 +285,7 @@ The following are quick-reference tables of the supported policy values for Wind
| MDM Key | Key type | Value |
| --- | --- | --- |
-| AllowOptionalContent *Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
+| AllowOptionalContent *Added in*:
| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
| AllowTemporaryEnterpriseFeatureControl *Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled. Other value or absent: Features that are shipped turned off by default will remain off |
| BranchReadinessLevel | REG_DWORD |2: Systems take feature updates for the Windows Insider build - Fast 4: Systems take feature updates for the Windows Insider build - Slow 8: Systems take feature updates for the Release Windows Insider build 32: Systems take feature updates from General Availability Channel Note: Other value or absent: Receive all applicable updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index d94af9011d..54a680ab36 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -1,8 +1,8 @@
---
title: Integrate Windows Update for Business
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index b1aee2ba14..6506f11e90 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -1,8 +1,8 @@
---
title: Deploy updates using Windows Server Update Services
description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 58343cf36e..25fff01d83 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -2,7 +2,8 @@
title: Windows Update for Business
manager: aaroncz
description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
-ms.prod: windows-client
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
@@ -10,69 +11,73 @@ ms.collection:
- highpri
- tier2
ms.localizationpriority: medium
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
-ms.date: 12/31/2017
+- ✅ Windows 10
+ms.date: 11/07/2023
---
# What is Windows Update for Business?
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
Windows Update for Business is a free service that is available for the following editions of Windows 10 and Windows 11:
+
- Pro, including Pro for Workstations
- Education
- Enterprise, including Enterprise LTSC, IoT Enterprise, and IoT Enterprise LTSC
-Windows Update for Business enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
-
+Windows Update for Business enables IT administrators to keep their organization's Windows client devices always up to date with the latest security updates and Windows features by directly connecting these systems to the Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions, such as Microsoft Intune, to configure the Windows Update for Business settings that control how and when devices are updated.
+
Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
## What can I do with Windows Update for Business?
-Windows Update for Business enables commercial customers to manage which Windows Updates are received when as well as the experience a device has when it receives them.
+Windows Update for Business enables commercial customers to manage which Windows Updates are received along with the experience a device has when it receives them.
-You can control Windows Update for Business policies by using either Mobile Device Management (MDM) tools such as Microsoft Intune or Group Policy management tools such as local group policy or the Group Policy Management Console (GPMC), as well as various other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud policy).
+You can control Windows Update for Business policies by using either MDM tools or Group Policy management, such as local group policy or the Group Policy Management Console (GPMC), and various other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud Policy).
+### Manage deployment of Windows Updates
-### Manage deployment of Windows Updates
-By using Windows Update for Business, you can control which types of Windows Updates are offered to devices in your ecosystem, when updates are applied, and deployment to devices in your organization in waves.
+By using Windows Update for Business, you can:
+- Control the types of Windows Updates are offered to devices in your organization
+- Control when updates are applied to the devices
+- Deploy updates to devices in your organization in waves
-### Manage which updates are offered
-Windows Update for Business enables an IT administrator to receive and manage a variety of different types of Windows Updates.
+### Manage which updates are offered
+
+Windows Update for Business enables an IT administrator to receive and manage various types of Windows Updates.
## Types of updates managed by Windows Update for Business
Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
-- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available. Feature updates aren't available for LTSC devices.
-- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates.
-- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
+- **Feature updates:** Previously referred to as upgrades, feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available. Feature updates aren't available for LTSC devices.
+- **Quality updates:** Quality updates are traditional operating system updates. Typically quality updates are released on the second Tuesday of each month, though they can be released at any time. These include security, critical, and driver updates.
+- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
- **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
-
## Offering
-You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period.
+
+You can control when updates are applied. For example, you can defer when an update is installed on a device or by pausing updates for a certain period.
### Manage when updates are offered
+
You can defer or pause the installation of updates for a set period of time.
#### Enroll in prerelease updates
The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both prerelease and released updates:
-- Windows Insider Canary
-- Windows Insider Dev
-- Windows Insider Beta
-- Windows Insider Preview
-- General Availability Channel
+- Windows Insider Canary channel
+- Windows Insider Dev channel
+- Windows Insider Beta channel
+- Windows Insider Release Preview channel
#### Defer an update
-A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they're pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it's offered to a device. That is, if you set a feature update deferral period of 365 days, the device won't install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
-
+An administrator can defer the installation of both feature and quality updates from deploying to devices within a range of time based on when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they're pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it's offered to a device. That is, if you set a feature update deferral period of 365 days, the device won't install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
|Category |Maximum deferral period |
|---------|---------|
@@ -81,21 +86,20 @@ A Windows Update for Business administrator can defer the installation of both f
|Nondeferrable | none |
+ [Insert graphic with the deferrals set to different values showing a feature update rollout)-->
#### Pause an update
-If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
-If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
+If you discover a problem while deploying a feature or quality update, you can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated. If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
To pause feature updates, use the **Select when Preview Builds and feature updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
Built-in benefits:
-When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
+When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device and a check to prevent repeated rollbacks.
### Recommendations
-For the best experience with Windows Update, follow these guidelines:
+For the best experience with Windows Update, follow these guidelines:
- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
@@ -104,28 +108,38 @@ For the best experience with Windows Update, follow these guidelines:
### Manage the end-user experience when receiving Windows Updates
-Windows Update for Business provides controls to help meet your organization's security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience.
+Windows Update for Business provides controls to help meet your organization's security standards and provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience.
#### Recommended experience settings
Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
1. Automatically download, install, and restart (default if no restart policies are set up or enabled).
-2. Use the default notifications.
-3. Set update deadlines.
+1. Use the default notifications.
+1. Set update deadlines.
-##### Setting deadlines
+##### Setting deadlines
-A compliance deadline policy (released in June 2019) enables you to set separate deadlines and grace periods for feature and quality updates.
+A compliance deadline policy enables you to set separate deadlines and grace periods for feature and quality updates.
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
#### Update Baseline
+> [!NOTE]
+> The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you're using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
+
The large number of different policies offered can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
->[!NOTE]
->The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
+## Other Windows Update for Business services
+The following services are part of the Windows Update for Business product family:
+
+- [Windows Update for Business reports](wufb-reports-overview.md) is a cloud-based solution that provides information about your Microsoft Entra joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the Azure portal. Windows Update for Business reports helps you:
+ - Monitor security, quality, driver, and feature updates for Windows 11 and Windows 10 devices
+ - Report on devices with update compliance issues
+ - Analyze and display your data in multiple ways
+
+- The [Windows Update for Business deployment service](deployment-service-overview.md) is a cloud service designed to work with your existing Windows Update for Business policies and Windows Update for Business reports. The deployment service provides additional control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices.
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 6f20706c2e..52cda69c7b 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -1,8 +1,8 @@
---
title: Overview of Windows as a service
description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
@@ -11,64 +11,61 @@ ms.localizationpriority: medium
ms.collection:
- highpri
- tier2
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
+- ✅ Windows 10
ms.date: 12/31/2017
---
# Overview of Windows as a service
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2).
-Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
+Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
## Building
-Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn't work in today's rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges.
+Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features. That scenario doesn't always work in today's rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges.
-In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features are delivered to the [Windows Insider community](/windows-insider/business/register) as soon as possible, during the development cycle, through a process called *flighting*. Organizations can see exactly what Microsoft is developing and start their testing as soon as possible.
+In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features are delivered to the [Windows Insider Program](/windows-insider/) as soon as possible, during the development cycle, through a process called *flighting*. Organizations can see exactly what Microsoft is developing and start their testing as soon as possible.
Microsoft also depends on receiving feedback from organizations throughout the development process so that it can make adjustments as quickly as possible rather than waiting until after release. For more information about the Windows Insider Program and how to sign up, see the section [Windows Insider](#windows-insider).
-Of course, Microsoft also performs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program.
+Microsoft also runs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program.
## Deploying
Deploying Windows 10 and Windows 11 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, you can use an easy in-place upgrade process to automatically preserve all apps, settings, and data. Afterwards, deployment of feature updates is equally simple.
-
### Application compatibility
-Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing regularly to validate compatibility with new builds.
+Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing regularly to validate compatibility with new builds.
## Servicing
-Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes.
+Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes.
-Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that uses servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
+Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that uses servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
For information about each servicing tool, see [Servicing tools](#servicing-tools).
There are three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For more information, see [Servicing channels](#servicing-channels).
-
There are currently three release channels for Windows clients:
-- The **General Availability Channel** receives feature updates as soon as they're available.
+- The **General Availability Channel** receives feature updates as soon as they're available.
- The **Long-Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
- The **Windows Insider Program** provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update.
>[!NOTE]
->With each General Availability release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
+>With each General Availability release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
>[!IMPORTANT]
->Devices on the General Availability Channel must have their diagnostic data set to **1 (Basic)** or higher in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
+>Devices on the General Availability Channel must have their diagnostic data set to **1 (Basic)** or higher in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
### Feature updates
-New features are packaged into feature updates that you can deploy using existing management tools. These changes come in bite-sized chunks rather than all at once, decreasing user readiness time.
-
+New features are packaged into feature updates that you can deploy using existing management tools. These changes come in bite-sized chunks rather than all at once, decreasing user readiness time.
### Quality updates
@@ -76,12 +73,12 @@ Monthly updates in previous Windows versions were often overwhelming because of
Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month's update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
-## Servicing channels
+## Servicing channels
-There are three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [General Availability Channel](#general-availability-channel) provides new functionality with feature update releases. Organizations can choose when to deploy updates from the General Availability Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information).
+There are three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [General Availability Channel](#general-availability-channel) provides new functionality with feature update releases. Organizations can choose when to deploy updates from the General Availability Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For more information about the versions in each servicing channel, see [Windows release information](/windows/release-health/).
> [!NOTE]
-> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
+> Servicing channels aren't the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
### General Availability Channel
@@ -89,12 +86,9 @@ In the General Availability Channel, feature updates are available annually. Thi
When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel is available but not necessarily immediately mandatory, depending on the policy of the management system. For more information about servicing tools, see [Servicing tools](#servicing-tools).
-
> [!NOTE]
> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
->
->
-> [!NOTE]
+>
> Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools.
### Long-term Servicing Channel
@@ -105,13 +99,12 @@ Specialized systems—such as devices that control medical equipment, point-of-s
>
> The Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.
-Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over the product's lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or perform a search on the [product's lifecycle information](/lifecycle/products/) page.
+Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2-3 years, and organizations can choose to install them as in-place upgrades or even skip releases over the product's lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/), or perform a search on the [product's lifecycle information](/lifecycle/products/) page.
> [!NOTE]
> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows).
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
-
+The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
### Windows Insider
@@ -119,18 +112,16 @@ For many IT pros, gaining visibility into feature updates early can be both intr
Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/business/register).
-
-
## Servicing tools
There are many tools you can use to service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the General Availability Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
- **Windows Update for Business** includes control over update deferment and provides centralized management using Group Policy or MDM. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the General Availability Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Microsoft Intune.
-- **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
-- **Microsoft Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
+- **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
+- **Microsoft Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
-**Servicing tools comparison**
+### Servicing tools comparison
| Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features |
| --- | --- | --- | --- | --- |
@@ -138,5 +129,3 @@ There are many tools you can use to service Windows as a service. Each option ha
| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows Update Delivery](../do/waas-optimize-windows-10-updates.md) | Distribution points, multiple deployment options |
-
-
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index f027e7d657..fce23e0310 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -1,8 +1,8 @@
---
title: Quick guide to Windows as a service (Windows 10)
description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 18b0aa011f..6fd7172197 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -1,8 +1,8 @@
---
title: Manage device restarts after updates
description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows update is installed.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 894cb7361b..78cf2b2e50 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -1,8 +1,8 @@
---
title: Assign devices to servicing channels for updates
description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 31038c9fc0..fa5ee150d4 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -1,8 +1,8 @@
---
title: Prepare a servicing strategy for Windows client updates
description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index b370409adb..84c4092f53 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,8 +1,8 @@
---
title: Manage additional Windows Update settings
description: In this article, learn about additional settings to control the behavior of Windows Update in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index e65bab8900..23e561ea09 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -1,8 +1,8 @@
---
title: Configure Windows Update for Business by using CSPs and MDM
description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 10/10/2023
+ms.date: 01/18/2024
---
# Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
@@ -47,19 +47,19 @@ Drivers are automatically enabled because they're beneficial to device systems.
### Set when devices receive feature and quality updates
-#### I want to receive pre-release versions of the next feature update
+#### I want to receive prerelease versions of the next feature update
-1. Ensure that you're enrolled in the Windows Insider Program for Business. This is a free program available to commercial customers to aid them in their validation of feature updates before they're released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
+1. Ensure that you're enrolled in the Windows Insider Program for Business. Windows Insider is a free program available to commercial customers to aid them in their validation of feature updates before they're released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
-1. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
+1. For any of test devices you want to install prerelease builds, use [Update/ManagePreviewBuilds](/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set the option to **Enable preview builds**.
-1. Use [Update/BranchReadinessLevel](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
+1. Use [Update/BranchReadinessLevel](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using prerelease builds for validation.
-1. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you're testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
+1. Additionally, you can defer prerelease feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you're testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This schedule helps ensure that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
#### I want to manage which released feature update my devices receive
-A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you won't receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
+A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you don't receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
- To defer a feature update: [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays)
- To pause a feature update: [Update/PauseFeatureUpdatesStartTime](/windows/client-management/mdm/policy-csp-update#update-pausefeatureupdatesstarttime)
@@ -72,7 +72,7 @@ In this example, there are three rings for quality updates. The first ring ("pil
-When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates.
+When the quality update is released, it's offered to devices in the pilot ring the next time they scan for updates.
##### Five days later
The devices in the fast ring are offered the quality update the next time they scan for updates.
@@ -80,11 +80,11 @@ The devices in the fast ring are offered the quality update the next time they s
##### Ten days later
-Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates.
+Ten days after the quality update is released, it's offered to the devices in the slow ring the next time they scan for updates.
-If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves.
+If no problems occur, all of the devices that scan for updates are offered the quality update within ten days of its release, in three waves.
##### What if a problem occurs with the update?
@@ -109,13 +109,13 @@ If you need a device to stay on a version beyond the point when deferrals on the
#### I want to manage when devices download, install, and restart after updates
-We recommended that you allow to update automatically--this is the default behavior. If you don't set an automatic update policy, the device will attempt to download, install, and restart at the best times for the user by using built-in intelligence such as intelligent active hours and smart busy check.
+We recommended that you allow to update automatically, which is the default behavior. If you don't set an automatic update policy, the device attempts to download, install, and restart at the best times for the user by using built-in intelligence such as intelligent active hours and smart busy check.
For more granular control, you can set the maximum period of active hours the user can set with [Update/ActiveHoursMaxRange](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange). You could also set specific start and end times for active ours with [Update/ActiveHoursEnd](/windows/client-management/mdm/policy-csp-update#update-activehoursend) and [Update/ActiveHoursStart](/windows/client-management/mdm/policy-csp-update#update-activehoursstart).
-It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates are not disabled and provides a better experience when users can set their own active hours.
+It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates aren't disabled and provides a better experience when users can set their own active hours.
-To update outside of the active hours, use [Update/AllowAutoUpdate](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) with Option 2 (which is the default setting). For even more granular control, consider using automatic updates to schedule the install time, day, or week. To do this, use Option 3, and then set the following policies as appropriate for your plan:
+To update outside of the active hours, use [Update/AllowAutoUpdate](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) with Option 2 (which is the default setting). For even more granular control, consider using automatic updates to schedule the install time, day, or week. To use a schedule, use Option 3, and then set the following policies as appropriate for your plan:
- [Update/ScheduledInstallDay](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
- [Update/ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek)
@@ -132,7 +132,7 @@ If you don't want to allow any automatic updates prior to the deadline, set [Upd
#### I want to keep devices secure and compliant with update deadlines
-We recommend that you use set specific deadlines for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart. Use these settings:
+We recommend that you use set specific deadlines for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. Deadlines work by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart. Use these settings:
- [Update/ConfigureDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates ](/windows/client-management/mdm/policy-csp-update#update-configuredeadlineforqualityupdates)
@@ -140,7 +140,7 @@ We recommend that you use set specific deadlines for feature and quality updates
- [Update/ConfigureDeadlineGracePeriodForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#configuredeadlinegraceperiodforfeatureupdates)
- [Update/ConfigureDeadlineNoAutoReboot](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinenoautoreboot)
-These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
+These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point, the device automatically schedules a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose:
@@ -172,7 +172,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window
There are additional settings that affect the notifications.
-We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that aren't met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
+We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you set. If you do have further needs that aren't met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
**0** (default) - Use the default Windows Update notifications
**1** - Turn off all notifications, excluding restart warnings
@@ -181,14 +181,14 @@ We recommend that you use the default notifications as they aim to provide the b
> [!NOTE]
> Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
-Still more options are available in [Update/ScheduleRestartWarning](/windows/client-management/mdm/policy-csp-update#update-schedulerestartwarning). This setting allows you to specify the period for auto-restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update. You can also specify the period for auto-restart imminent warning notifications with [Update/ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-csp-update#update-scheduleimminentrestartwarning) (15-60 minutes is the default). We recommend using the default notifications.
+Still more options are available in [Update/ScheduleRestartWarning](/windows/client-management/mdm/policy-csp-update#update-schedulerestartwarning). This setting allows you to specify the period for auto restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update. You can also specify the period for auto restart imminent warning notifications with [Update/ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-csp-update#update-scheduleimminentrestartwarning) (15-60 minutes is the default). We recommend using the default notifications.
#### I want to manage the update settings a user can access
-Every Windows device provides users with a variety of controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
+Every Windows device provides users with various controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using [Update/SetDisablePauseUXAccess](/windows/client-management/mdm/policy-csp-update#update-setdisablepauseuxaccess).
-When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
+When you disable this setting, users see **Some settings are managed by your organization** and the update pause settings are greyed out.
If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use [Update/SetDisableUXWUAccess](/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess).
@@ -202,6 +202,14 @@ The features that are turned off by default from servicing updates will be enabl
You can enable these features by using [AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol). The following options are available:
-- **0** (default): Allowed. All features in the latest monthly cumulative update are enabled.
- - When the policy is set to **0**, all features that are currently turned off will turn on when the device next reboots
-- **1** - Not allowed. Features that are shipped turned off by default will remain off
+- **0** (default): Not allowed. Features that are shipped turned off by default will remain off
+- **1**: Allowed. All features in the latest monthly cumulative update are enabled.
+ - When the policy is set to **1**, all features that are currently turned off will turn on when the device next reboots.
+
+#### I want to enable optional updates
+
+*Applies to:*
+- Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later
+- Windows 10, version 22H2 with [KB5032278](https://support.microsoft.com/help/5032278), or a later cumulative update installed
+
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using [AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent). For more information about optional content, see [Enable optional updates](waas-configure-wufb.md#enable-optional-updates).
\ No newline at end of file
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 372a36d6df..6b757b2706 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -1,8 +1,8 @@
---
title: Configure Windows Update for Business via Group Policy
description: Walk through of how to configure Windows Update for Business settings using Group Policy to update devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
manager: aaroncz
ms.topic: conceptual
author: mestew
@@ -17,7 +17,7 @@ appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.date: 10/10/2023
+ms.date: 11/30/2023
---
# Walkthrough: Use Group Policy to configure Windows Update for Business
@@ -202,7 +202,9 @@ If you use Windows Server Update Server (WSUS), you can prevent users from scann
#### I want to enable optional updates
-(*Starting in Windows 11, version 22H2 or later*)
+*Applies to:*
+- Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later
+- Windows 10, version 22H2 with [KB5032278](https://support.microsoft.com/help/5032278), or a later cumulative update installed
In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > Enable optional updates** policy.
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index c37d7cc3d2..b6dbfb03a0 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -1,8 +1,8 @@
---
title: Windows Update error code list by component
description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 2279f4318c..80f4dcb167 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -1,8 +1,8 @@
---
title: Windows Update log files
description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: troubleshooting
author: mestew
ms.author: mstewart
@@ -13,7 +13,7 @@ ms.collection:
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 12/08/2023
---
# Windows Update log files
@@ -24,18 +24,20 @@ The following table describes the log files created by Windows Update.
|Log file|Location|Description|When to use |
|-|-|-|-|
-|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
-|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|When you see that the updates are available but download is not getting triggered.
When Updates are downloaded but installation is not triggered.
When Updates are installed but reboot is not triggered. |
+|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information included in the Windowsupdate.log log file to troubleshoot the issue.|
+|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator Service is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|
|
|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. |When you want to check whether the notification was triggered or not. |
|CBS.log|%systemroot%\Logs\CBS|This log provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to Windows Update installation.|
-## Generating WindowsUpdate.log
+## Generating WindowsUpdate.log
+
To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](/powershell/module/windowsupdate/get-windowsupdatelog?preserve-view=tru&view=win10-ps).
>[!NOTE]
>When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run **Get-WindowsUpdateLog** again.
-### Windows Update log components
+## Windows Update log components
+
The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
- AGENT- Windows Update agent
@@ -54,7 +56,7 @@ The Windows Update engine has different component names. The following are some
- PT- Synchronizes updates information to the local datastore
- REPORT- Collects reporting information
- SERVICE- Startup/shutdown of the Automatic Updates service
-- SETUP- Installs new versions of the Windows Update client when it is available
+- SETUP- Installs new versions of the Windows Update client when it's available
- SHUTDWN- Install at shutdown feature
- WUREDIR- The Windows Update redirector files
- WUWEB- The Windows Update ActiveX control
@@ -68,7 +70,7 @@ The Windows Update engine has different component names. The following are some
>[!NOTE]
>Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what's important.
-### Windows Update log structure
+## Windows Update log structure
The Windows update log structure is separated into four main identities:
- Time Stamps
@@ -82,7 +84,7 @@ The Windows update log structure is separated into four main identities:
The WindowsUpdate.log structure is discussed in the following sections.
-#### Time stamps
+### Time stamps
The time stamp indicates the time at which the logging occurs.
- Messages are usually in chronological order, but there may be exceptions.
- A pause during a sync can indicate a network problem, even if the scan succeeds.
@@ -90,15 +92,15 @@ The time stamp indicates the time at which the logging occurs.
-#### Process ID and thread ID
+### Process ID and thread ID
The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.
-- The first four hex digits are the process ID.
-- The next four hex digits are the thread ID.
+- The first four digits, in hex, are the process ID.
+- The next four digits, in hex, are the thread ID.
- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.
-#### Component name
+### Component name
Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:
- ProtocolTalker - Client-server sync
@@ -111,31 +113,36 @@ Search for and identify the components that are associated with the IDs. Differe
-#### Update identifiers
+### Update identifiers
+
+The following items are update identifiers:
+
+#### Update ID and revision number
-##### Update ID and revision number
There are different identifiers for the same update in different contexts. It's important to know the identifier schemes.
-- Update ID: A GUID (indicated in the previous screenshot) that's assigned to a given update at publication time
+- Update ID: A GUID (indicated in the previous screenshot) assigned to a given update at publication time
- Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
- Revision numbers are reused from one update to another (not a unique identifier).
- The update ID and revision number are often shown together as "{GUID}.revision."
-##### Revision ID
-- A Revision ID (don't confuse this value with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
-- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID.
+#### Revision ID
+
+- A Revision ID (don't confuse this value with "revision number") is a serial number issued when an update is initially published or revised on a given service.
+- An existing update that is revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that isn't related to the previous ID.
- Revision IDs are unique on a given update source, but not across multiple sources.
- The same update revision might have different revision IDs on Windows Update and WSUS.
- The same revision ID might represent different updates on Windows Update and WSUS.
-##### Local ID
-- Local ID is a serial number issued when an update is received from a service by a given Windows Update client
+#### Local ID
+
+- Local ID is a serial number issued by a given Windows Update client when an update is received from a service.
- Typically seen in debug logs, especially involving the local cache for update info (Datastore)
-- Different client PCs will assign different Local IDs to the same update
+- Different client PCs assign different Local IDs to the same update
- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
-##### Inconsistent terminology
+#### Inconsistent terminology
- Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs.
- Recognize IDs by form and context:
diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md
index 7965aa2782..c81a8e7319 100644
--- a/windows/deployment/update/windows-update-overview.md
+++ b/windows/deployment/update/windows-update-overview.md
@@ -1,8 +1,8 @@
---
title: Get started with Windows Update
description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index ab1ed81b28..1d7ec557b6 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -2,8 +2,8 @@
title: Windows Update security
manager: aaroncz
description: Overview of the security for Windows Update including security for the metadata exchange and content download.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 714ea509f5..390117afd2 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -2,8 +2,8 @@
title: Enforce compliance deadlines with policies
titleSuffix: Windows Update for Business
description: This article contains information on how to enforce compliance deadlines using Windows Update for Business.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.localizationpriority: medium
@@ -46,7 +46,8 @@ The deadline calculation for both quality and feature updates is based off the t
The grace period for both quality and feature updates starts its countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, users are able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. Once the *effective deadline* is reached, the device tries to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.) Grace periods are useful for users who may be coming back from vacation, or other extended time away from their device, to ensure a forced reboot doesn't occur immediately after they return.
> [!NOTE]
-> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.
+> - When **Specify deadlines for automatic updates and restarts** is used, updates will be downloaded and installed as soon as they are offered.
+> - When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.
## Policy setting overview for clients running Windows 11, version 21H2 and earlier
diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md
index 0e0b313437..9d93702ea9 100644
--- a/windows/deployment/update/wufb-reports-admin-center.md
+++ b/windows/deployment/update/wufb-reports-admin-center.md
@@ -3,8 +3,8 @@ title: Microsoft 365 admin center software updates page
titleSuffix: Windows Update for Business reports
manager: aaroncz
description: Microsoft admin center populates Windows Update for Business reports data into the software updates page.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 395856651d..94e36fa723 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -2,8 +2,8 @@
title: Configure devices using Microsoft Intune
titleSuffix: Windows Update for Business reports
description: How to configure devices to use Windows Update for Business reports from Microsoft Intune.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index 3f3c8c7937..545ebbed48 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -2,9 +2,9 @@
title: Manually configure devices to send data
titleSuffix: Windows Update for Business reports
description: How to manually configure devices for Windows Update for Business reports using a PowerShell script.
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
author: mestew
ms.author: mstewart
manager: aaroncz
@@ -12,61 +12,60 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/15/2022
+ms.date: 12/15/2023
---
-# Manually configuring devices for Windows Update for Business reports
+# Manually configure devices for Windows Update for Business reports
-There are a number of requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with newer versions of Windows client. The [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
+There are many requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with later versions of Windows client. When any configuration requirements change, we'll update the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md). If that happens, you only need to redeploy the script.
The requirements are separated into different categories:
1. Ensuring the [**required policies**](#required-policies) for Windows Update for Business reports are correctly configured.
2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Windows Update for Business reports. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints.
-3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It's recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
-
+3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. For proper functionality, leave Windows services set to their out-of-box default configurations.
## Required policies
-Windows Update for Business reports has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Windows Update for Business reports. Thee policies are listed below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
+The Windows Update for Business reports service has several policies that you need to configure appropriately. These policies allow Microsoft to process your devices and show them in Windows Update for Business reports. The policies are listed in the following subsections, separated by [mobile device management](/windows/client-management/mdm/) (MDM) or group policy.
-- **Policy** corresponds to the location and name of the policy.
-- **Value** Indicates what value the policy must be set to. Windows Update for Business reports requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
-- **Function** details why the policy is required and what function it serves for Windows Update for Business reports. It will also detail a minimum version the policy is required, if any.
+The following definitions apply for both tables:
-### Mobile Device Management policies
+- **Policy**: The location and name of the policy.
+- **Value**: Set the policy to this value. Windows Update for Business reports requires at least *Required* (previously *Basic*) diagnostic data, but can function with *Enhanced* or *Optional* (previously *Full*).
+- **Function**: Details for why the policy is required and what function it serves for Windows Update for Business reports. It also details a minimum version the policy requires, if any.
-Each MDM Policy links to its documentation in the configuration service provider (CSP) hierarchy, providing its exact location in the hierarchy and more details.
+### MDM policies
-| Policy | Data type | Value | Function | Required or recommended|
+Each MDM policy links to more detailed documentation in the configuration service provider (CSP) hierarchy.
+
+| Policy | Data type | Value | Function | Required or recommended |
|---|---|---|---|---|
-|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. | Required |
-|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | Recommended |
-|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. | Recommended |
-| **System/**[**ConfigureTelemetryOptInChangeNotification**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinchangenotification) | Integer | 1 - Disabled | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
+| **System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#allowtelemetry) | Integer | `1`: Basic (Required) | Configures the device to send the minimum required diagnostic data. | Required |
+| **System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinsettingsux) | Integer | `1`: Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the *AllowTelemetry* policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
+| **System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#allowdevicenameindiagnosticdata) | Integer | `1`: Allowed | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to `0`: Disabled, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show `#` instead. | Recommended |
+| **System/**[**ConfigureTelemetryOptInChangeNotification**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinchangenotification) | Integer | `1`: Disabled | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
### Group policies
-All Group policies that need to be configured for Windows Update for Business reports are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.
+All group policies that you need to configure for Windows Update for Business reports are under the following path: **Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value*.
| Policy | Value | Function | Required or recommended|
|---|---|---|---|
-|**Allow Diagnostic Data** | Send required diagnostic data (minimum) | Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the **Configure diagnostic data opt-in setting user interface**. | Required |
-|**Configure diagnostic data opt-in setting user interface** | Disable diagnostic data opt in settings | Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | Recommended |
-|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. | Recommended |
-|**Configure diagnostic data opt-in change notifications** | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
+| **Allow Diagnostic Data** | Send required diagnostic data | Configures the device to send the minimum required diagnostic data. | Required |
+| **Configure diagnostic data opt-in setting user interface** | Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the *Allow Diagnostic Data* policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
+| **Allow device name to be sent in Windows diagnostic data** | Enabled | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to *Disabled*, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show `#` instead. | Recommended |
+| **Configure diagnostic data opt-in change notifications** | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
## Required endpoints
-To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
-
[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)]
## Required services
-Many Windows and Microsoft services are required to ensure that not only the device can function, but Windows Update for Business reports can see device data. It's recommended that you allow all default services from the out-of-box experience to remain running. The [Windows Update for Business reports Configuration Script](wufb-reports-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
+Many Windows services are required for Windows Update for Business reports to see device data. Allow all default services from the out-of-box experience to remain running. Use the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) to check whether required services are running or are allowed to run automatically.
## Next steps
diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
index 10af47e205..e216694bc7 100644
--- a/windows/deployment/update/wufb-reports-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -2,8 +2,8 @@
title: Configure clients with a script
titleSuffix: Windows Update for Business reports
description: How to get and use the Windows Update for Business reports configuration script to configure devices for Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md
index d71d76d0be..a02d0d0993 100644
--- a/windows/deployment/update/wufb-reports-do.md
+++ b/windows/deployment/update/wufb-reports-do.md
@@ -2,8 +2,8 @@
title: Delivery Optimization data in reports
titleSuffix: Windows Update for Business reports
description: This article provides information about Delivery Optimization data in Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index 27a5b5ad14..1502d549d2 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -2,8 +2,8 @@
title: Enable Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: How to enable the Windows Update for Business reports service through the Azure portal or the Microsoft 365 admin center.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-faq.yml b/windows/deployment/update/wufb-reports-faq.yml
index fe8f250ece..99fee1bb21 100644
--- a/windows/deployment/update/wufb-reports-faq.yml
+++ b/windows/deployment/update/wufb-reports-faq.yml
@@ -3,13 +3,13 @@ metadata:
title: Frequently Asked Questions (FAQ)
titleSuffix: Windows Update for Business reports
description: Answers to frequently asked questions about Windows Update for Business reports.
- ms.prod: windows-client
- ms.technology: itpro-updates
+ ms.service: windows-client
+ ms.subservice: itpro-updates
ms.topic: faq
manager: aaroncz
author: mestew
ms.author: mstewart
- ms.date: 06/20/2023
+ ms.date: 01/26/2024
title: Frequently Asked Questions about Windows Update for Business reports
summary: |
This article answers frequently asked questions about Windows Update for Business reports.
@@ -32,6 +32,7 @@ summary: |
- [Why am I missing devices in reports?](#why-am-i-missing-devices-in-reports)
- [What is the difference between OS version and target version?](#what-is-the-difference-between-os-version-and-target-version)
- [Why are there multiple records for the same device?](#why-are-there-multiple-records-for-the-same-device)
+ - [Why are devices showing an unknown state?](#why-are-devices-showing-an-unknown-state)
- [When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?](#when-should-i-use-the-ucclient--ucclientupdatestatus--or-ucupdatealert-tables)
- [What is the difference between quality and security updates?](#what-is-the-difference-between-quality-and-security-updates)
- [How do I confirm that devices are sending data?](#how-do-i-confirm-that-devices-are-sending-data)
@@ -108,7 +109,10 @@ sections:
- **The workbook has limited the results**: The default limit for rows in Azure workbooks is set to 1000. This limit is to avoid any delay in the load time for the interface. If you noticed that you can't find a specific device, you can export the output in Excel, or open the results in the logs view for the full result by selecting the three dots beside each component.
- question: Why are there multiple records for the same device?
answer: |
- Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.
+ Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.
+ - question: Why are devices showing an unknown state?
+ answer: |
+ An unknown client state is displayed if there isn't an update record for the device. This state can happen for many reasons, like the device not being active, not being able to scan Windows Update, or it doesn't currently have any update related activity occurring.
- question: What is the difference between OS version and target version?
answer: |
The word *target* in data labels refers to the update version, build or KB the client intends to update to. Typically, the fields starting with *OS*, such as OSbuild and OSversion, represents what the device is currently running.
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index 49268fb5a7..3580a4810a 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -2,8 +2,8 @@
title: Feedback, support, and troubleshooting
titleSuffix: Windows Update for Business reports
description: Windows Update for Business reports support, feedback, and troubleshooting information.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: article
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
index a38066595f..080f273243 100644
--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -2,8 +2,8 @@
title: Windows Update for Business reports overview
titleSuffix: Windows Update for Business reports
description: Overview of Windows Update for Business reports to explain what it's used for and the cloud services it relies on.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index 3b3527ba45..30f7ecac00 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -2,8 +2,8 @@
title: Prerequisites for Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: List of prerequisites for enabling and using Windows Update for Business reports in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 08/30/2023
+ms.date: 12/15/2023
---
# Windows Update for Business reports prerequisites
@@ -22,12 +22,12 @@ Before you begin the process of adding Windows Update for Business reports to yo
## Azure and Microsoft Entra ID
-- An Azure subscription with [Microsoft Entra ID](/azure/active-directory/)
+- An Azure subscription with [Microsoft Entra ID](/azure/active-directory/).
- Devices must be Microsoft Entra joined and meet the below OS, diagnostic, and endpoint access requirements.
- Devices can be [Microsoft Entra joined](/azure/active-directory/devices/concept-azure-ad-join) or [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
-- Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (Workplace joined) aren't supported with Windows Update for Business reports.
-- The Log Analytics workspace must be in a [supported region](#log-analytics-regions)
-- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md)
+- Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (workplace joined) aren't supported with Windows Update for Business reports.
+- The Log Analytics workspace must be in a [supported region](#log-analytics-regions).
+- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md).
## Permissions
@@ -38,7 +38,7 @@ Before you begin the process of adding Windows Update for Business reports to yo
- Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
- Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
-Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+Windows Update for Business reports only provides data for the standard desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
## Windows client servicing channels
@@ -49,27 +49,25 @@ Windows Update for Business reports supports Windows client devices on the follo
### Windows operating system updates
-- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended
+For [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended.
## Diagnostic data requirements
-At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
+At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what data each diagnostic level includes, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
The following levels are recommended, but not required:
-- The *Enhanced* level for Windows 10 devices
-- The *Optional* level for Windows 11 devices (previously *Full*)
-Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using a policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:
+- The *Enhanced* level for Windows 10 devices.
+- The *Optional* level for Windows 11 devices (previously *Full*).
-
- - CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
- - Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
+Device names don't appear in Windows Update for Business reports unless you individually opt in devices by using a policy. The configuration script does this action for you, but when using other client configuration methods, set one of the following policies to display device names:
+- CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
+- Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
> [!TIP]
> Windows Update for Business reports uses [services configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-svccfg), also called OneSettings. Disabling the services configuration can cause some of the client data to be incorrect or missing in reports. For more information, see the [DisableOneSettingsDownloads](/windows/client-management/mdm/policy-csp-system#disableonesettingsdownloads) policy settings.
-
Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
## Endpoints
diff --git a/windows/deployment/update/wufb-reports-schema-enumerated-types.md b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
new file mode 100644
index 0000000000..ec7e675fd1
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
@@ -0,0 +1,280 @@
+---
+title: Enumerated types
+titleSuffix: Windows Update for Business reports
+description: Enumerated types for Windows Update for Business reports.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: reference
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+appliesto:
+- ✅ Windows 11
+- ✅ Windows 10
+ms.date: 12/06/2023
+---
+
+# Enumerated types for Windows Update for Business reports
+
+The following enumerated types are used in Windows Update for Business reports:
+
+## OSEdition
+
+SKU of Windows the device is running.
+
+|Value | Description |
+|---|---|
+| **Enterprise** | Windows Enterprise |
+| **Professional** | Windows Professional |
+| **ProfessionalWorkstation** | Windows Professional workstation |
+| **ProfessionalN** | Similar to Windows Professional edition but doesn't include Windows media player. |
+| **Education** | Windows Education |
+
+## OSArchitecture
+
+Architecture of the OS running on the client.
+
+|Value | Description |
+|---|---|
+| **amd64** | OS is 64-bit |
+| **x86** | OS is 32-bit |
+| **Unknown** | The OS architecture is unknown |
+
+## OSFeatureUpdateStatus
+
+Feature updates status
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default, sent if client data unavailable. |
+| **InService** | Client is on a version of Windows 10 that is serviced. |
+| **EndOfService** | Client is on a version of Windows 10 that is no longer serviced. |
+
+## OSQualityUpdateStatus
+
+Quality updates status
+
+|Value | Description |
+|---|---|
+| **Latest** | Client is on the latest quality update |
+| **NotLatest** | Client isn't on the latest quality update |
+
+## OSSecurityUpdateStatus
+
+Security updates status
+
+|Value | Description |
+|---|---|
+| **Latest** | Client is on the latest security update |
+| **NotLatest** | Client isn't on the latest security update |
+| **MultipleSecurityUpdatesMissing** | Client is missing multiple security updates |
+
+## OSFeatureUpdateComplianceStatus, OSSecurityUpdateComplianceStatus, OSQualityUpdateComplianceStatus
+
+Compliance status
+
+|Value | Description |
+|---|---|
+| **Compliant** | The latest deployment from the Windows Update for Business deployment service is installed on the client |
+| **NotCompliant** | The latest deployment from the Windows Update for Business deployment service isn't installed on the client|
+| **NotApplicable** | Client isn't part of any Windows Update for Business deployment service deployments |
+
+## OSServicingChannel
+
+Servicing channel of client
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default, release branch can't be defined. |
+| **SAC** | Semi-annual release channel |
+| **LTSC** | Long-term servicing channel |
+| **WIP-S** | Windows Insider Preview - Slow ring |
+| **WIP-F**| Windows Insider Preview - Fast ring |
+| **Internal** | An identifiable, but internal release ring |
+
+## ServiceState
+
+High-level service state OSServicingChannel
+
+|Value | Description |
+|---|---|
+| **Pending** | Windows Update for Business deployment service isn't targeting this update to this device because the update isn't ready. |
+| **Offering** | Service is offering the update to the device. The update is available for the device to get if it scans Windows Update. |
+| **OnHold** | Service is holding off on offering update to the device indefinitely. Until either the service or admin changes some condition, devices remain in this state. |
+| **Canceled** | Service canceled offering update to the device, and the device is confirmed to not be installing the update. |
+
+## ServiceSubstate
+
+Lower-level service state
+
+| Value | ServiceState |
+|---|---|
+| **Validation** | Update can't be offered to the device because a validation issue with the device and deployment service. |
+| **Scheduled** | Update isn't ready to be offered to the device, but is scheduled for offering at a later date. |
+| **OfferReady** | Update is currently being offered to the device from Windows Update. |
+| **RemovedFromDeployment** | Update offering was canceled because it was removed from the deployment because of an explicit administrator action. |
+| **AdminCancelled** | Update offering was canceled because of an explicit administrator action. |
+| **ServiceCancelled** | Update offering was canceled because of an automatic action by the deployment service. |
+| **AdminPaused** | Update is on hold because the deployment was paused with an explicit administrator action. |
+| **ServicePaused** | Update is on hold because of an automatic action by the deployment service. |
+| **SafeguardHold** | Update isn't offered because an existing safeguard hold on the device. |
+
+## ClientState
+
+High-level client state
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default value, if ClientSubstate is unknown (in other words, no client data) |
+| **Offering** | Update is being offered to device |
+| **Installing** | Update is in progress on device |
+| **Uninstalling** | Update is being uninstalled from device |
+| **Installed** | Update has been installed to device |
+| **Uninstalled** | Update has been uninstalled from device |
+| **Canceled** | Update has been canceled from device |
+| **OnHold** | Update has been on Hold |
+
+## ClientSubstate
+
+Lower-level client state
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default value, if ClientSubstate is unknown (in other words, no client data) |
+| **Offering** | Update is being offered to device |
+| **Installing** | Update is in progress on device |
+| **Uninstalling** | Update is being uninstalled from device |
+| **Installed** | Update has been installed to device |
+| **Uninstalled** | Update has been uninstalled from device |
+| **Canceled** | Update has been canceled from device |
+| **OnHold** | Update has been on Hold |
+
+## UpdateCategory
+
+Type of update.
+
+|Value | Description |
+|---|---|
+| **WindowsQualityUpdate** | Windows feature update |
+| **WindowsFeatureUpdate** | Windows quality update |
+| **DriverUpdate** | Driver update |
+
+## UpdateClassification
+
+Whether this update is an upgrade, security, nonsecurity, or driver
+
+|Value | Description |
+|---|---|
+| **Security** | Update is a quality update containing security fixes |
+| **NonSecurity** | Update is a quality update not containing security fixes |
+| **Upgrade** | Update is a feature update |
+
+## UpdateSource
+
+Source of the update
+
+|Value | Description |
+|---|---|
+| **Inferred** | |
+| **MuV6** | Update through old Windows Update, or via WSUS (uses old protocol) |
+| **UUP** | Update through modern Windows Update |
+
+## ReadinessStatus
+
+Whether the device is capable of taking target OS and version.
+
+|Value | Description |
+|---|---|
+| **Capable** | The device meets all requirements to upgrade to Windows 11. |
+| **Not Capable** | The device doesn't meet the requirements to upgrade to Windows 11. Check Readiness Reason for the reason. |
+| **Unknown** | Microsoft doesn't have enough data points to determine the eligibility status. |
+
+## ReadinessReason
+
+Reason why the device isn't capable of updating to target OS and version.
+
+|Value | Description |
+|---|---|
+| **tpm** | [Trusted Platform Module](/windows/security/hardware-security/tpm/trusted-platform-module-overview) (TPM) version 2.0 is required. If your device doesn't meet the minimum requirements because of TPM, see [Enable TPM 2.0 on your PC](https://support.microsoft.com/windows/enable-tpm-2-0-on-your-pc-1fd5a332-360d-4f46-a1e7-ae6b0c90645c) to see if there are any remediation steps you can take. |
+| **cpufms** | CPU not supported. For more information, see [Windows Processor Requirements](/windows-hardware/design/minimum/windows-processor-requirements) |
+| **sysdrivesize** | 64 GB or larger storage device required. If your PC doesn't have a large enough storage drive, sometimes there are options for upgrading the drive. Consult your PC manufacturer's website or with a retailer to see if there are options to meet the minimum requirements for Windows 11. |
+| **UefiSecureBoot** | UEFI (Unified Extensible Firmware Interface) and Secure Boot capability. If your device doesn't meet the minimum requirements because it's not Secure Boot capable. For more information, see [Windows 11 and Secure Boot](https://support.microsoft.com/topic/a8ff1202-c0d9-42f5-940f-843abef64fad) to see if you're able to enable Secure Boot. Secure Boot can only be enabled with UEFI. |
+
+
+## AlertType
+
+Type of alert.
+
+|Value | Description |
+|---|---|
+| **ServiceUpdateAlert** | Alert is relevant to Windows Update for Business deployment service's offering of the content to the client. |
+| **ClientUpdateAlert** | Alert is relevant to client's ability to progress through the installation of the update content. |
+| **ServiceDeviceAlert** | Alert is relevant to device's status within Windows Update for Business deployment service |
+| **ClientDeviceAlert** | Alert is relevant to device's state |
+| **DeploymentAlert** | Alert is relevant to an entire deployment, or a significant number of devices in the deployment. |
+
+## AlertSubtype
+
+Subtype of alert.
+
+| Value | Description |
+|---|---|
+| **CancelledByUser** | The user canceled the update. |
+| **CertificateIssue** | An expired certificate was encountered. |
+| **DamagedMedia** | The update file appears to be damaged. |
+| **DeviceRegistrationInvalidAzureADJoin** | Device isn't able to register or authenticate properly with the deployment service due to not being device-level Entra ID joined. Devices that are workplace-joined aren't compatible with the deployment service. |
+| **DiskFull** | An operation couldn't be completed because the disk is full. |
+| **DiskIssue** | Windows Update has found disk corruption. |
+| **DownloadCancelled** | The download was canceled. |
+| **DownloadCredentialsIssue** | A proxy server or firewall on your network might require credentials. |
+| **DownloadIssue** | There was a download issue. |
+| **DownloadIssueServiceDisabled** | The service the download depends on is disabled. |
+| **DownloadTimeout** | A timeout occurred. |
+| **EndOfService** | Client OS is no longer being serviced |
+| **EndOfServiceApproaching** | Client OS servicing period completes in less than 60 days |
+| **FileNotFound** | The installer couldn't find a Windows component that it needs. |
+| **InstallAccessDenied** | Access denied. |
+| **InstallCancelled** | Install canceled. |
+| **InstallFileLocked** | Couldn't access the file because it's already in use. |
+| **InstallIssue** | There was an installation issue. |
+| **InstallSetupBlock** | There's an application or driver blocking the upgrade. |
+| **InstallSetupError** | Encountered an error while installing the new version of Windows. |
+| **InstallSetupRestartRequired** | A restart is required. |
+| **InstallSharingViolation** | An application is likely interfering with Windows Update. |
+| **InstallSystemError** | A system error occurred while installing the new version of Windows. |
+| **InsufficientUpdateConnectivity** | Device hasn't had sufficient connectivity to Windows Update to progress through the update process and will experience delays. |
+| **MultipleSecurityUpdatesMissing** | Client is missing multiple security updates |
+| **NetworkIssue** | The server timed out waiting for the requested. |
+| **PathNotFound** | The specified path can't be found. |
+| **RestartIssue** | The restart to apply updates is being blocked by one or more applications. |
+| **SafeguardHold** | Update can't be installed due to a known Safeguard Hold. |
+| **UnexpectedShutdown** | The installation stopped because Windows was shutting down or restarting. |
+| **WindowsComponentCorruption** | This device has a corrupted Windows component |
+| **WUBusy** | Windows Update tried to install an update while another installation process was already running. |
+| **WUComponentMissing** | Windows Update might be missing a component or the update file might be damaged. |
+| **WUDamaged** | The update file might be damaged. |
+| **WUFileCorruption** | Windows Update encountered corrupted files. |
+| **WUIssue** | An unexpected issue was encountered during the installation. |
+| **WUSetupError** | The setup process was suspended. |
+
+
+## AlertStatus
+
+Status of alert
+
+|Value | Description |
+|---|---|
+| **Active** | Alert is active, still requires attention. |
+| **Resolved** | Alert is resolved and no longer requires attention. |
+| **Deleted** | Alert was deleted from the backend system. |
+
+### AlertClassification
+
+Whether this alert is an error, a warning, or informational.
+
+| **Value** | Description |
+|---|---|
+| **Informational** | Alert is informational in nature. |
+| **Warning** | Alert is a warning |
+| **Error** | Alert is an error, or is related to an error. There should be an error code that maps to either something from the client or from the service. |
+| **Recommendation** | Alert is a recommendation, something to optimize. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index 9966c6a6ad..b4c113ef71 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -2,8 +2,8 @@
title: UCClient data schema
titleSuffix: Windows Update for Business reports
description: UCClient schema for Windows Update for Business reports. UCClient acts as an individual device's record.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 08/09/2023
+ms.date: 12/06/2023
---
# UCClient
@@ -19,41 +19,63 @@ ms.date: 08/09/2023
UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS edition, and active hours (quantitative).
## Schema for UCClient
-
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **Country** | [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country or region), based on IP address. Shown as country code. |
-| **DeviceFamily** | [string](/azure/kusto/query/scalar-data-types/string) | `PC, Phone` | The device family such as PC, Phone. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier |
-| **LastCensusScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
-| **LastWUScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
-| **OSArchitecture** | [string](/azure/kusto/query/scalar-data-types/string) | `x86` | The architecture of the operating system (not the device) this device is currently on. |
-| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
-| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `22621` | The major build number, in int format, the device is using. |
-| **OSEdition** | [string](/azure/kusto/query/scalar-data-types/string) | `Professional` | The Windows edition |
-| **OSFeatureUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
-| **OSFeatureUpdateEOSTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. |
-| **OSFeatureUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. |
-| **OSFeatureUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available feature update, for its feature update. |
-| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
-| **OSQualityUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. |
-| **OSQualityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest` | Whether or not the device is on the latest available quality update, for its feature update. |
-| **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. |
-| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. |
-| **OSSecurityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available security update, for its feature update. |
-| **OSServicingChannel** | [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 servicing channel of the device. |
-| **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID, if available. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This field is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceEvent` | The EntityType. |
-| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows update feature update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. |
-| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The Windows update feature update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the policy setting. |
-| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. |
-| **WUFeaturePauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for feature updates, possible values are Paused, NotPaused, NotConfigured. |
-| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. |
-| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values greater than `0` indicate the policy setting. |
-| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. `-1` indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. |
-| **WUQualityPauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for quality updates, possible values are Paused, NotPaused, NotConfigured. |
+
+| Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceID** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **City** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Device city, based on IP address. |
+| **Country** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `US` | The last-reported location of device (country or region), based on IP address. Shown as country code. |
+| **DeviceFamily** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `PC, Phone` | The device family such as PC, Phone. |
+| **DeviceFormFactor** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Notebook, Desktop, Phone.` | Currently, data isn't gathered to populate this field. The device form factor |
+| **DeviceManufacturer** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Hewlett-Packard.` | Currently, data isn't gathered to populate this field. The device OEM manufacturer |
+| **DeviceModel** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `The device's OEM model ` | Currently, data isn't gathered to populate this field. The device OEM model |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | Client-provided device name |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | The global device identifier |
+| **IsVirtual** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `Yes, No` | Whether device is a virtual device. |
+| **LastCensusScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
+| **LastWUScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
+| **NewTest_CF [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. |
+| **OSArchitecture** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `x86` | The architecture of the operating system (not the device) this device is currently on. |
+| **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
+| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `22621` | The major build number, in int format, the device is using. |
+| **OSEdition** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Professional` | The Windows edition |
+| **OSFeatureUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Compliant` | Whether the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSFeatureUpdateEOSTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. |
+| **OSFeatureUpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. |
+| **OSFeatureUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `InService;EndOfService` | Whether the device is on the latest available feature update, for its feature update. |
+| **OSQualityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSQualityUpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. |
+| **OSQualityUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Latest;NotLatest` | Whether the device is on the latest available quality update, for its feature update. |
+| **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `836` | The revision, in int format, this device is on. |
+| **OSSecurityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSSecurityUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether the device is on the latest available security update, for its feature update. |
+| **OSServicingChannel** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `SAC` | The elected Windows 10 servicing channel of the device. |
+| **OSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. |
+| **PrimaryDiskFreeCapacityMb** | | No | | Currently, data isn't gathered to populate this field. Free disk capacity of the primary disk in Megabytes. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID, if available. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This field is to determine to which batch snapshot this record belongs. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCClient` | The entity type |
+| **UpdateConnectivityLevel** | | Yes | | Currently, data isn't gathered to populate this field. Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. |
+| **WUAutomaticUpdates** | | No | | Currently, data isn't gathered to populate this field. Manage automatic update behavior to scan, download, and install updates. |
+| **WUDeadlineNoAutoRestart** | | No | | Currently, data isn't gathered to populate this field. Devices won't automatically restart outside of active hours until the deadline is reached - It's 1 by default and indicates enabled, 0 indicates disabled |
+| **WUDODownloadMode** | | No | | Currently, data isn't gathered to populate this field. The Windows Update DO DownloadMode configuration. |
+| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows Update feature update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
+| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: DeferFeatureUpdates. The Windows Update feature update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the policy setting. |
+| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
+| **WUFeaturePauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause will end, if activated, else null. |
+| **WUFeaturePauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause was activated, if activated, else null. Feature updates are paused for 35 days from the specified start date. |
+| **WUFeaturePauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for feature updates. Possible values are Paused, NotPaused, NotConfigured. |
+| **WUNotificationLevel** | | No | | Currently, data isn't gathered to populate this field. This policy allows you to define what Windows Update notifications users see. 0 (default) - Use the default Windows Update notifications. 1 - Turn off all notifications, excluding restart warnings. 2 - Turn off all notifications, including restart warnings |
+| **WUPauseUXDisabled** | | No | | Currently, data isn't gathered to populate this field. This policy allows the IT admin to disable the Pause Updates feature. When this policy is enabled, the user can't access the Pause updates' feature. Supported values 0, 1. |
+| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
+| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. |
+| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
+| **WUQualityPauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- will end, if activated, else null. |
+| **WUQualityPauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- was activated; if activated; else null. |
+| **WUQualityPauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for quality updates. Possible values are Paused, NotPaused, NotConfigured. |
+| **WURestartNotification** | | No | | Currently, data isn't gathered to populate this field. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed. The following list shows the supported values: 1 (default) = Auto Dismissal. 2 - User Dismissal. |
+| **WUServiceURLConfigured**| | No | | Currently, data isn't gathered to populate this field. The device checks for updates from Microsoft Update. Set to a URL, such as http://abcd-srv:8530. The device checks for updates from the WSUS server at the specified URL. Not configured. The device checks for updates from Microsoft Update. Set to a URL, such as http://abcd-srv:8530. The device checks for updates from the WSUS server at the specified URL. |
+| **WUUXDisabled** | | No | | Currently, data isn't gathered to populate this field. This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features. Default is 0. Supported values 0, 1. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index a497b36832..e531090eff 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -2,8 +2,8 @@
title: UCClientReadinessStatus data schema
titleSuffix: Windows Update for Business reports
description: UCClientReadinessStatus schema for Windows Update for Business reports. UCClientReadinessStatus is an individual device's record about Windows 11 readiness.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCClientReadinessStatus
@@ -20,26 +20,29 @@ ms.date: 06/06/2022
UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) the device doesn't meet.
## Schema for UCClientReadinessStatus
-
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID, if available. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
-| **OSName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10` | The operating system name. |
-| **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Win10 OS Version (such as 19H2, 20H1, 20H2) currently installed on the device. |
-| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full OS build installed on this device, such as Major.Minor.Build.Revision |
-| **TargetOSName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 11` | The name of the operating system being targeted to the device for this readiness record.|
-| **TargetOSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `21H2` | The operating system version being targeted to the device for this readiness record.|
-| **TargetOSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22000.1` | The full operating system build number that's being targeted to the device for this readiness record.|
-| **ReadinessStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows Update.|
-| **ReadinessReason** | [string](/azure/kusto/query/scalar-data-types/string) | `CPU;TPM` | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by the Windows Update applicability. |
-| **ReadinessScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed and the assessment was sent.|
-| **ReadinessExpiryTime**| [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the readiness assessment will expire.|
-| **SetupReadinessStatus**| [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows setup.|
-| **SetupReadinessReason** | [string](/azure/kusto/query/scalar-data-types/string) | `CPU;TPM` | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by Windows setup. |
-| **SetupReadinessTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed by setup and the assessment was sent.|
-| **SetupReadinessExpiryTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the setup readiness assessment will expire.|
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 10:26:03.478039` | The date and time when Azure Monitor Logs ingested this record for your Log Analytics workspace.|
+
+|Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | Client-provided device name |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | The global device identifier. |
+| **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.18363.836` | The full OS build installed on this device, such as Major.Minor.Build.Revision |
+| **OSName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 10` | The operating system name. |
+| **OSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Win10 OS version (such as 19H2, 20H1, 20H2) currently installed on the device. |
+| **ReadinessExpiryTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when the readiness assessment will expire. |
+| **ReadinessReason** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `CPU;TPM` | Lists which hardware requirements are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by the Windows Update applicability. |
+| **ReadinessScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when readiness was assessed and the assessment was sent. |
+| **ReadinessStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows Update. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID, if available. |
+| **SetupReadinessExpiryTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when the setup readiness assessment will expire. |
+| **SetupReadinessReason** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `CPU;TPM` | Lists which hardware requirements are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by Windows setup. |
+| **SetupReadinessStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows setup. |
+| **SetupReadinessTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when readiness was assessed by setup and the assessment was sent. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TargetOSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22000.1` | The full operating system build number that's being targeted to the device for this readiness record. |
+| **TargetOSName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 11` | The name of the operating system being targeted to the device for this readiness record. |
+| **TargetOSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `21H2` | The operating system version being targeted to the device for this readiness record. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when Azure Monitor Logs ingested this record for your Log Analytics workspace. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCClientReadinessStatus` | The entity type |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 760d757558..e75f3bed7e 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -2,8 +2,8 @@
title: UCClientUpdateStatus data schema
titleSuffix: Windows Update for Business reports
description: UCClientUpdateStatus schema for Windows Update for Business reports. UCClientUpdateStatus combines the latest client-based data with the latest service data.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/05/2023
+ms.date: 12/06/2023
---
# UCClientUpdateStatus
@@ -20,39 +20,47 @@ ms.date: 06/05/2023
Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update.
## Schema for UCClientUpdateStatus
-
-| Field | Type | Example | Description |
-|---|---|---|---|
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | A string corresponding to the Microsoft Entra tenant to which the device belongs. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | A string corresponding to this device's Microsoft Entra device ID |
-|**CatalogId** | [string](/azure/kusto/query/scalar-data-types/string) | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | The update catalog ID |
-| **ClientState** | [string](/azure/kusto/query/scalar-data-types/string) | `Installing` | Higher-level bucket of ClientSubstate. |
-| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | Last-known state of this update relative to the device, from the client. |
-| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Ranking of client substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
-| **ClientSubstateTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time of last client substate transition |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The identifier of the deployment that is targeting this update to this device, else empty. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Device's given name |
-| **FurthestClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadComplete` | Furthest clientSubstate |
-| **FurthestClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2400` | Ranking of furthest clientSubstate |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | Microsoft internal global device identifier |
-| **IsUpdateHealty** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | `1` | True: No issues preventing this device from updating to this update have been found. False: There is something that may prevent this device from updating. |
-| **OfferReceivedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time when device last reported entering OfferReceived, else empty. |
-| **RestartRequiredTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time when device first reported entering RebootRequired (or RebootPending), else empty. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | A string corresponding to the Configuration Manager Client ID on the device. |
-| **SourceSystem** | [string](/azure/kusto/query/scalar-data-types/string)| `Azure`| |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this value would correspond to the full build (10.0.14393.385). |
-| **TargetBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `18363` | Integer of the Major portion of Build. |
-| **TargetKBNumber** | [string](/azure/kusto/query/scalar-data-types/string) | `KB4524570` | KB Article. |
-| **TargetRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | Integer or the minor (or revision) portion of the build. |
-| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The target operating system version, such as 1909. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceUpdateEvent` | The EntityType |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether the update classification is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
-| **UpdateDisplayName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
-| **UpdateId** | [string](/azure/kusto/query/scalar-data-types/string) | `10e519f0-06ae-4141-8f53-afee63e995f0` |Update ID of the targeted update|
-| **UpdateInstalledTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when event transitioned to UpdateInstalled, else empty. |
-| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
-| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update |
-| **UpdateSource** | [string](/azure/kusto/query/scalar-data-types/string) | `UUP` | The source of the update such as UUP, MUv6, Media |
-
+
+|Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **ClientState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Installing` | This field applies to drivers only. Higher-level bucket of ClientSubstate. |
+| **ClientSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DownloadStart` | Last-known state of this update relative to the device, from the client. |
+| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `2300` | Ranking of client substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
+| **ClientSubstateTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | Date and time of last client substate transition |
+| **DeploymentId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The identifier of the deployment that is targeting this update to this device, else empty. |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | Device's given name |
+| **EventData** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Json to fill with arbitrary K/V pairs. Used to populate contextual data that would otherwise be sparsely populated if elevated to a field always present in the schema. |
+| **FurthestClientSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `DownloadComplete` | Furthest clientSubstate |
+| **FurthestClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `2400` | Ranking of furthest clientSubstate |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | Microsoft internal global device identifier |
+| **IsUpdateHealthy** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1` | Currently, data isn't gathered to populate this field. True: No issues preventing this device from updating to this update have been found. False: There's something that may prevent this device from updating. |
+| **OfferReceivedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | Date and time when device last reported entering OfferReceived, else empty. |
+| **RestartRequiredTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | Date and time when device first reported entering RebootRequired (or RebootPending), else empty. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | A string corresponding to the Configuration Manager Client ID on the device. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TargetBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this value would correspond to the full build (10.0.14393.385). |
+| **TargetBuildNumber** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `18363` | Integer of the Major portion of Build. |
+| **TargetKBNumber** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `KB4524570` | KB Article. |
+| **TargetRevisionNumber** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `836` | Integer or the minor (or revision) portion of the build. |
+| **TargetVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The target operating system version, such as 1909. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCClientUpdateStatus` | The entity type |
+| **UpdateCategory** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
+| **UpdateClassification** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Upgrade` | Whether the update classification is an upgrade (feature update), security (quality update), nonsecurity (quality update), or driver |
+| **UpdateConnectivityLevel** | | Yes | | Currently, data isn't gathered to populate this field. Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. |
+| **UpdateDisplayName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
+| **UpdateHealthGroupL1** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Grouping design to describe the current update installation's "health", L1 (highest-level). |
+| **UpdateHealthGroupL2** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Integer for ranking the L1 UpdateHealthGroup. |
+| **UpdateHealthGroupL3** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Second grouping, subset of L1, more detailed. |
+| **UpdateHealthGroupRankL1** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Integer for ranking the L2 UpdateHealthGroup. |
+| **UpdateHealthGroupRankL2** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Third grouping, subset of L3, more detailed. |
+| **UpdateHealthGroupRankL3** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Integer for ranking the L3 UpdateHealthGroup. |
+| **UpdateId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10e519f0-06ae-4141-8f53-afee63e995f0` | This field applies to drivers only. Update ID of the targeted update |
+| **UpdateInstalledTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | DateTime when event transitioned to UpdateInstalled, else empty. |
+| **UpdateManufacturer** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Microsoft` | This field applies to drivers only. Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
+| **UpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The release date of the update |
+| **UpdateSource** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `UUP` | The source of the update such as UUP, MUv6, Media |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index a449781e51..c6f38d89f3 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -2,8 +2,8 @@
title: UCDeviceAlert data schema
titleSuffix: Windows Update for Business reports
description: UCDeviceAlert schema for Windows Update for Business reports. UCDeviceAlert is an individual device's record about an alert.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCDeviceAlert
@@ -19,32 +19,29 @@ ms.date: 06/06/2022
These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in the Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered.
## Schema for UCDeviceAlert
-
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
-| **AlertId** | [string](/azure/kusto/query/scalar-data-types/string) | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
-| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | `1000` | Integer ranking of alert for prioritization during troubleshooting |
-| **AlertStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Active` | Whether this alert is Active, Resolved, or Deleted |
-| **AlertSubtype** | [string](/azure/kusto/query/scalar-data-types/string) | `DiskFull` | The subtype of alert. |
-| **AlertType** | [string](/azure/kusto/query/scalar-data-types/string) | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields will be present. |
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra device ID of the device, if available. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
-| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
-| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Rank of ClientSubstate |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
-| **Description** | [string](/azure/kusto/query/scalar-data-types/string) | `Disk full` | A localized string translated from a combination of other alert fields + language preference that describes the issue in detail. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | The given device's name |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:1298371934870` | Internal Microsoft global identifier, if available. |
-| **Recommendation** | [string](/azure/kusto/query/scalar-data-types/string) | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on source of alert) that provides a recommended action. |
-| **ResolvedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID of the device, if available. |
-| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | If the alert is from the service, the ServiceSubstate at the time this alert was activated or updated, else Empty. |
-| **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `100` | Rank of ServiceSubstate |
-| **StartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `18363.836` | The Windows 10 Major. Revision this UpdateAlert is relative to. |
-| **TargetVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 build this UpdateAlert is relative to. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
+
+|Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AlertClassification** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Error` | Whether this alert is an Error, a Warning, or Informational |
+| **AlertData** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. An optional string formatted as a json payload containing metadata for the alert. |
+| **AlertId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
+| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `1000` | Integer ranking of alert for prioritization during troubleshooting |
+| **AlertStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Active` | Whether this alert is Active, Resolved, or Deleted |
+| **AlertSubtype** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DiskFull` | The subtype of alert. |
+| **AlertType** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields are present. |
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **Description** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Disk full` | A localized string translated from a combination of other alert fields + language preference that describes the issue in detail. |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | The given device's name |
+| **ErrorCode** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. The Error Code, if any, that triggered this Alert. In the case of Client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. |
+| **ErrorSymName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. The symbolic name that maps to the Error Code, if any. Otherwise empty. |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:1298371934870` | Internal Microsoft global identifier, if available. |
+| **Recommendation** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on source of alert) that provides a recommended action. |
+| **ResolvedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID of the device, if available. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **StartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCDeviceAlert` | The entity type |
+| **URL** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `aka.ms/errordetail32152` | Currently, data isn't gathered to populate this field. An optional URL to get more in-depth information related to this alert. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
index d6b10a0364..834c5a0b29 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
@@ -2,8 +2,8 @@
title: UCDOAggregatedStatus data schema
titleSuffix: Windows Update for Business reports
description: UCDOAggregatedStatus schema for Windows Update for Business reports. UCDOAggregatedStatus is an aggregation of all UDDOStatus records across the tenant.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -12,7 +12,7 @@ ms.reviewer: carmenf
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/17/2022
+ms.date: 12/06/2023
---
# UCDOAggregatedStatus
diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
index c9f8f9a935..f6ff2a21b3 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
@@ -2,16 +2,17 @@
title: UCDOStatus data schema
titleSuffix: Windows Update for Business reports
description: UCDOStatus schema for Windows Update for Business reports. UCDOStatus provides information, for a single device, on its DO and MCC bandwidth utilization.
-ms.prod: windows-client
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
manager: aaroncz
ms.reviewer: carmenf
-appliesto:
+appliesto:
- ✅ Windows 11
-- ✅ Windows 10
-ms.date: 11/17/2022
+- ✅ Windows 10
+ms.date: 12/06/2023
---
# UCDOStatus
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index 004f2def5e..f01a18f679 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -2,8 +2,8 @@
title: UCServiceUpdateStatus data schema
titleSuffix: Windows Update for Business reports
description: UCServiceUpdateStatus schema for Windows Update for Business reports. UCServiceUpdateStatus has service-side information for one device and one update.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCServiceUpdateStatus
@@ -19,38 +19,41 @@ ms.date: 06/06/2022
Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real time.
## Schema for UCServiceUpdateStatus
-
-| Field | Type | Example | Description |
-|---|---|---|---|
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID will map to that policy, otherwise it will be empty. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | A GUID corresponding to the Microsoft Entra tenant to which the device belongs. |
-|**CatalogId** | [string](/azure/kusto/query/scalar-data-types/string) | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | The update catalog ID |
-| **DeploymentApprovedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2022-05-14 09:26:03.478039` | Date and time of the update approval |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) |`cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID will map to that policy, otherwise it will be empty. |
-| **DeploymentName** | [string](/azure/kusto/query/scalar-data-types/string) |`My deployment` | Friendly name of the created deployment |
-| **DeploymentIsExpedited** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | `1` | Whether the content is being expedited |
-| **DeploymentRevokeTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2022-05-14 09:26:03.478039` | Date and time the update was revoked |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | Microsoft internal global device identifier |
-| **OfferReadyTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime of OfferReady transition. If empty, not yet been offered. |
-| **PolicyCreatedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time the policy was created |
-| **PolicyId** | [string](/azure/kusto/query/scalar-data-types/string) | `9011c330-1234-5678-9abc-def012345678` | The policy identifier targeting the update to this device |
-| **PolicyName** | [string](/azure/kusto/query/scalar-data-types/string) | `My policy` | Friendly name of the policy |
-| **ServiceState** | [string](/azure/kusto/query/scalar-data-types/string) | `Offering` | High-level state of update's status relative to device, service-side. |
-| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | Low-level state of update's status relative to device, service-side. |
-| **ServiceSubstateTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time of last ServiceSubstate transition. |
-| **SourceSystem** | [string](/azure/kusto/query/scalar-data-types/string)| `Azure`| |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build for the content this event is tracking. For Windows 10, this string corresponds to "10.0.Build.Revision" |
-| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The version of content this DeviceUpdateEvent is tracking. For Windows 10 updates, this number would correspond to the year/month version format used, such as 1903. |
-| **TenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `9011c330-1234-5678-9abc-def012345678` | Microsoft Entra tenant ID |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Time the snapshot ran can also be the same as EventDateTimeUTC in some cases. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `ServiceUpdateEvent` | The EntityType |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
-| **UpdateDisplayName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
-| **UpdateId** | [string](/azure/kusto/query/scalar-data-types/string) | `10e519f0-06ae-4141-8f53-afee63e995f0` |Update ID of the targeted update|
-| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
-|**UpdateProvider** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Update provider of drivers and firmware |
-| **UpdateRecommendedTime** |[datetime](/azure/kusto/query/scalar-data-types/datetime) | `2022-05-14 09:26:03.478039` | Date and time when the update was recommended to the device |
-| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update |
-|**UpdateVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `20.0.19.3` | Update version of drivers or firmware |
-| **UpdateVersionTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Update version date time stamp for drivers and firmware |
+
+| Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **DeploymentApprovedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time of the update approval |
+| **DeploymentId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID maps to that policy, otherwise it's empty. |
+| **DeploymentIsExpedited** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `1` | Currently, data isn't gathered to populate this field. It indicated whether the content is being expedited |
+| **DeploymentName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `My deployment` | Currently, data isn't gathered to populate this field. Friendly name of the created deployment |
+| **DeploymentRevokeTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time the update was revoked |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | Currently, data isn't gathered to populate this field. Microsoft internal global device identifier |
+| **OfferReadyTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | DateTime of OfferReady transition. If empty, not yet been offered. |
+| **PolicyCreatedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time the policy was created |
+| **PolicyId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9011c330-1234-5678-9abc-def012345678` | This field applies to drivers only. The policy identifier targeting the update to this device |
+| **PolicyName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `My policy` | Currently, data isn't gathered to populate this field. This field applies to drivers only. Friendly name of the policy. |
+| **ProjectedOfferReadyTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Projected time update will be offered to device. If empty, unknown. |
+| **ServiceState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Offering` | High-level state of update's status relative to device, service-side. |
+| **ServiceSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `OfferReady` | Low-level state of update's status relative to device, service-side. |
+| **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Ranking of Substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
+| **ServiceSubstateTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Date and time of last ServiceSubstate transition. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TargetBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.18363.836` | The full build for the content this event is tracking. For Windows 10, this string corresponds to "10.0.Build.Revision" |
+| **TargetVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The version of content this DeviceUpdateEvent is tracking. For Windows 10 updates, this number would correspond to the year/month version format used, such as 1903. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9011c330-1234-5678-9abc-def012345678` | Microsoft Entra tenant ID |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | | `2020-05-14 09:26:03.478039` | Time the snapshot ran can also be the same as EventDateTimeUTC in some cases. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCServiceUpdateStatus` | The entity type |
+| **UdpateIsSystemManifest** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. This field applies to drivers only. |
+| **UpdateCategory** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
+| **UpdateClassification** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), nonsecurity (quality update), or driver |
+| **UpdateDisplayName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
+| **UpdateId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10e519f0-06ae-4141-8f53-afee63e995f0` | This field applies to drivers only. Update ID of the targeted update |
+| **UpdateManufacturer** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Microsoft` | This field applies to drivers only. Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
+| **UpdateProvider** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Microsoft` | This field applies to drivers only. Update provider of drivers and firmware |
+| **UpdateRecommendedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time when the update was recommended to the device |
+| **UpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The release date of the update |
+| **UpdateVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `20.0.19.3` | This field applies to drivers only. Update version of drivers or firmware |
+| **UpdateVersionTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Update version date time stamp for drivers and firmware |
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index ba81be193a..331547385e 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -2,8 +2,8 @@
title: UCUpdateAlert data schema
titleSuffix: Windows Update for Business reports
description: UCUpdateAlert schema for Windows Update for Business reports. UCUpdateAlert is an alert for both client and service updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCUpdateAlert
@@ -20,36 +20,39 @@ Alert for both client and service updates. Contains information that needs atten
## Schema for UCUpdateAlert
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
-| **AlertData** | [string](/azure/kusto/query/scalar-data-types/string) {json} | `{ "freeDiskCapacityMb": 3213, "contentSizeMb": 4381}` | An optional string formatted as a json payload containing metadata for the alert. |
-| **AlertId** | [string](/azure/kusto/query/scalar-data-types/string) | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
-| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | `1000` | Integer ranking of alert for prioritization during troubleshooting |
-| **AlertStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Active` | Whether this alert is Active, Resolved, or Deleted |
-| **AlertSubtype** | [string](/azure/kusto/query/scalar-data-types/string) | `DiskFull` | The subtype of alert |
-| **AlertType** | [string](/azure/kusto/query/scalar-data-types/string) | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields will be present |
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra device ID of the device, if available. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
-| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
-| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Rank of ClientSubstate |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
-| **Description** | [string](/azure/kusto/query/scalar-data-types/string) | `Disk full` | A localized string translated from a combination of other Alert fields + language preference that describes the issue in detail. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | The given device's name |
-| **ErrorCode** | [string](/azure/kusto/query/scalar-data-types/string) | `0x8326CFA2D_C3FD` | The error code, if any, that triggered this alert. In the case of client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. |
-| **ErrorSymName** | [string](/azure/kusto/query/scalar-data-types/string) | `WU_E_DISK_FULL` | The symbolic name that maps to the error code, if any, otherwise empty. |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:1298371934870` | Internal Microsoft Global identifier, if available. |
-| **Recommendation** | [string](/azure/kusto/query/scalar-data-types/string) | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on the source of the alert) that provides a recommended action. |
-| **ResolvedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID of the device, if available. |
-| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | If the alert is from the service, the ServiceSubstate at the time this alert was activated or updated, else empty. |
-| **StartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `18363.836` | The Windows 10 Major. Revision this UpdateAlert is relative to. |
-| **TargetVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 build this UpdateAlert is relative to. |
-| **TenantId** |[string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
-| **URL** | [string](/azure/kusto/query/scalar-data-types/string) | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. |
-| **UpdateId** | [string](/azure/kusto/query/scalar-data-types/string) | `10e519f0-06ae-4141-8f53-afee63e995f0` |Update ID of the targeted update|
+|Field |Type | ENUM |Example |Description |
+|---|---|---|---|---|
+| **AlertClassification** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Error` | Whether this alert is an error, a warning, or informational |
+| **AlertData** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `{ "freeDiskCapacityMb": 3213, "contentSizeMb": 4381}` | An optional string formatted as a json payload containing metadata for the alert. |
+| **AlertId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
+| **AlertRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | `1000` | Integer ranking of alert for prioritization during troubleshooting |
+| **AlertStatus** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Active` | Whether this alert is active, resolved, or deleted |
+| **AlertSubtype** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DiskFull` | The subtype of alert |
+| **AlertType** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields are present. |
+| **AzureADDeviceId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **CatalogId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **ClientSubstate** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
+| **ClientSubstateRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | `2300` | Rank of ClientSubstate |
+| **DeploymentId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
+| **Description** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Disk full` | A localized string translated from a combination of other Alert fields + language preference that describes the issue in detail. |
+| **DeviceName** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | The given device's name |
+| **ErrorCode** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `0x8326CFA2D_C3FD` | The error code, if any, that triggered this alert. In the case of client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. |
+| **ErrorSymName** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `WU_E_DISK_FULL` | The symbolic name that maps to the error code, if any, otherwise empty. |
+| **GlobalDeviceId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:1298371934870` | Internal Microsoft Global identifier, if available. |
+| **Recommendation** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on the source of the alert) that provides a recommended action. |
+| **ResolvedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
+| **SCCMClientId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration manager client ID of the device, if available. |
+| **ServiceSubstate** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `OfferReady` | If the alert is from the service, the ServiceSubstate at the time this alert was activated or updated, else empty. |
+| **ServiceSubstateRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | | Rank of 'ClientSubstate' |
+| **SourceSystem** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **StartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
+| **TargetBuild** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `18363.836` | The Windows 10 Major. Revision this 'UpdateAlert' is relative to. |
+| **TargetVersion** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Windows 10 build this UpdateAlert is relative to. |
+| **TenantId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **Type** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCUpdateAlert` | The entity type |
+| **UpdateCategory** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
+| **UpdateClassification** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), nonsecurity (quality update), or driver |
+| **UpdateId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10e519f0-06ae-4141-8f53-afee63e995f0` | This field applies to drivers only. The Update ID of the targeted update. |
+| **URL** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. |
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
index 8a4fc45ecb..d87b64907c 100644
--- a/windows/deployment/update/wufb-reports-schema.md
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -2,8 +2,8 @@
title: Windows Update for Business reports data schema
titleSuffix: Windows Update for Business reports
description: An overview of Windows Update for Business reports data schema to power additional dashboards and data analysis tools.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/15/2022
+ms.date: 12/06/2023
---
# Windows Update for Business reports schema
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
index 2b4f1b8b1a..7fb8613fcf 100644
--- a/windows/deployment/update/wufb-reports-use.md
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -2,8 +2,8 @@
title: Use the Windows Update for Business reports data
titleSuffix: Windows Update for Business reports
description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index d024ceda0d..a8e2e42be7 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -2,8 +2,8 @@
title: Use the workbook for Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: How to use the Windows Update for Business reports workbook from the Azure portal.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/23/2023
+ms.date: 01/29/2024
---
# Windows Update for Business reports workbook
@@ -36,6 +36,8 @@ To access the Windows Update for Business reports workbook:
1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Windows Update for Business reports](wufb-reports-enable.md).
+> [!Important]
+> Don't pin the Windows Update for Business reports workbook to an Azure dashboard. Using a pinned report loads an older copy of the report and it won't display any updates to the report template.
## Summary tab
@@ -72,7 +74,8 @@ The **Quality updates** tab displays generalized data at the top by using tiles.
|**Latest security update**| Count of devices that have reported successful installation of the latest security update. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
| **Missing one security update** | Count of devices that haven't installed the latest security update.| - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).|
| **Missing multiple security updates** | Count of devices that are missing two or more security updates. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
-| **Expedite performance** | Overview of the progress for the expedited deployments of the latest security update. | - Select **View details** to display a flyout with a chart that displays the total progress of each deployment, number of alerts, and count of devices. - Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert. - Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. |
+| **Active alerts** | Count of active update and device alerts for quality updates. | |
+| **Expedite status** | Overview of the progress for the expedited deployments of the latest security update. | Select **View details** to display a flyout with two tabs: **Deployments** and **Readiness** - The **Deployments** tab contins a chart that displays the total progress of each deployment, number of alerts, and count of devices.
- The **Readiness** tab contains a chart that displays the number of devices that are **Eligible** and **Ineligible** to install expedited udpates. The **Readiness** tab also contains a table listing the deployments for expedited updates.
-
-> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code.
-
-> [!NOTE]
-> Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files.
-
-The following table describes some log files and how to use them for troubleshooting purposes:
-
+>
+> Also see the [Windows Error Reporting](windows-error-reporting.md) article in this section for help with locating error codes and log files.
+The following table describes some log files and how to use them for troubleshooting purposes:
|Log file |Phase: Location |Description |When to use|
|---|---|---|---|
-|setupact.log|Down-Level:
$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.
Setup.act is the most important log for diagnosing setup issues.|
-|setupact.log|OOBE:
$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
-|setupact.log|Rollback:
$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
-|setupact.log|Pre-initialization (prior to downlevel):
Windows|Contains information about initializing setup.|If setup fails to launch.|
-|setupact.log|Post-upgrade (after OOBE):
Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
-|setuperr.log|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
-|miglog.xml|Post-upgrade (after OOBE):
Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
-|BlueBox.log|Down-Level:
Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
-|Supplemental rollback logs:
Setupmem.dmp
setupapi.dev.log
Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.
Setupapi: Device install issues - 0x30018
Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
+|**setupact.log**|Down-Level:
$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.
Setup.act is the most important log for diagnosing setup issues.|
+|**setupact.log**|OOBE:
$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
+|**setupact.log**|Rollback:
$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
+|**setupact.log**|Pre-initialization (prior to downlevel):
Windows|Contains information about initializing setup.|If setup fails to launch.|
+|**setupact.log**|Post-upgrade (after OOBE):
Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
+|**setuperr.log**|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
+|**miglog.xml**|Post-upgrade (after OOBE):
Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
+|**BlueBox.log**|Down-Level:
Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
+|Supplemental rollback logs:
**Setupmem.dmp**
**setupapi.dev.log**
Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup attempts to extract a mini-dump.
Setupapi: Device install issues - 0x30018
Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
## Log entry structure
-A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
+A `setupact.log` or `setuperr.log` entry includes the following elements:
-1. **The date and time** - 2016-09-08 09:20:05
+1. **The date and time** - 2023-09-08 09:20:05
+1. **The log level** - Info, Warning, Error, Fatal Error
-2. **The log level** - Info, Warning, Error, Fatal Error
+1. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
+ The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors.
-3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
-
-
- The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors.
-
-
-4. **The message** - Operation completed successfully.
+1. **The message** - Operation completed successfully.
See the following example:
| Date/Time | Log level | Component | Message |
|------|------------|------------|------------|
-|2016-09-08 09:23:50,| Warning | MIG | Couldn't replace object C:\Users\name\Cookies. Target Object can't be removed.|
+|2023-09-08 09:23:50,| Warning | MIG | Couldn't replace object C:\Users\name\Cookies. Target Object can't be removed.|
## Analyze log files
-The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to familiarize yourself with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
+The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to become familiar with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
To analyze Windows Setup log files:
-1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it isn't successful with the upgrade process.
+1. Determine the Windows Setup error code. Windows Setup should return an error code if it isn't successful with the upgrade process.
-2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate.
+1. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate.
-3. Open the log file in a text editor, such as notepad.
+1. Open the log file in a text editor, such as notepad.
-4. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+1. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
-5. To find the last occurrence of the result code:
+1. To find the last occurrence of the result code:
1. Scroll to the bottom of the file and select after the last character.
- 2. Select **Edit**.
- 3. Select **Find**.
- 4. Type the result code.
- 5. Under **Direction** select **Up**.
- 6. Select **Find Next**.
+ 1. Select **Edit**.
+ 1. Select **Find**.
+ 1. Type the result code.
+ 1. Under **Direction** select **Up**.
+ 1. Select **Find Next**.
-6. When you've located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code.
+1. When the last occurrence of the result code is located, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code.
-7. Search for the following important text strings:
+1. Search for the following important text strings:
- `Shell application requested abort`
- `Abandoning apply due to error for object`
-8. Decode Win32 errors that appear in this section.
+1. Decode Win32 errors that appear in this section.
-9. Write down the timestamp for the observed errors in this section.
+1. Write down the timestamp for the observed errors in this section.
-10. Search other log files for additional information matching these timestamps or errors.
+1. Search other log files for additional information matching these timestamps or errors.
-For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
+For example, assume that the error code for an error is **0x8007042B - 0x2000D**. Searching for **8007042B** reveals the following content from the `setuperr.log` file:
> [!NOTE]
-> Some lines in the text below are shortened to enhance readability. For example
->
-> - The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds
+>
+> Some lines in the following text are shortened to enhance readability. For example
+>
+> - The date and time at the start of each line (ex: 2023-10-05 15:27:08) is shortened to minutes and seconds
> - The certificate file name, which is a long text string, is shortened to just "CN."
**setuperr.log** content:
@@ -127,20 +123,20 @@ For example, assume that the error code for an error is 0x8007042B - 0x2000D. Se
27:09, Error SP CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
```
-The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
+The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]**:
```console
27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
```
-The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
+The error **0x00000570** is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: **ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable**.
-Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. Searching the setupact.log file for more details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
+Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. After the `setupact.log` file is searched for more details, the phrase **Shell application requested abort** is found in a location with the same timestamp as the lines in `setuperr.log`. This analysis confirms the suspicion that this file is the cause of the upgrade failure:
**setupact.log** content:
```console
-27:00, Info Gather started at 10/5/2016 23:27:00
+27:00, Info Gather started at 10/5/2023 23:27:00
27:00, Info [0x080489] MIG Setting system object filter context (System)
27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped
27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped
@@ -157,7 +153,7 @@ Therefore, Windows Setup failed because it wasn't able to migrate the corrupt fi
27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened-
27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object.
27:08, Error Gather failed. Last error: 0x00000000
-27:08, Info Gather ended at 10/5/2016 23:27:08 with result 44
+27:08, Info Gather ended at 10/5/2023 23:27:08 with result 44
27:08, Info Leaving MigGather method
27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
```
@@ -166,7 +162,7 @@ Therefore, Windows Setup failed because it wasn't able to migrate the corrupt fi
```console
>>> [Device Install (UpdateDriverForPlugAndPlayDevices) - PCI\VEN_8086&DEV_8C4F]
->>> Section start 2019/09/26 20:13:01.623
+>>> Section start 2023/09/26 20:13:01.623
cmd: rundll32.exe "C:\WINDOWS\Installer\MSI6E4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_95972906 484 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.InstallDrivers
ndv: INF path: C:\WINDOWS\TEMP\{15B1CD41-69F5-48EA-9F45-0560A40FE2D8}\Drivers\lynxpoint\LynxPointSystem.inf
ndv: Install flags: 0x00000000
@@ -250,15 +246,12 @@ Therefore, Windows Setup failed because it wasn't able to migrate the corrupt fi
<<< [Exit status: FAILURE(0xC1900101)]
```
-This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file.
+This analysis indicates that the Windows upgrade error can be resolved by deleting the `C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]` file.
> [!NOTE]
-> In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.
+>
+> In this example, the full file name is `C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f`.
## Related articles
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
+- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors).
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
deleted file mode 100644
index cf7359540a..0000000000
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Resolve Windows 10 upgrade errors - Windows IT Pro
-manager: aaroncz
-ms.author: frankroj
-description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
-ms.prod: windows-client
-author: frankroj
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Resolve Windows 10 upgrade errors: Technical information for IT Pros
-
-**Applies to**
-- Windows 10
-
->[!IMPORTANT]
->This article contains technical instructions for IT administrators. If you are not an IT administrator, try some of the [quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) described in this article then contact [Microsoft Support](https://support.microsoft.com/contactus/) starting with the Virtual Agent. To talk to a person about your issue, click **Get started** to interact with the Virtual Agent, then enter "Talk to a person" two times. The Virtual Agent can also help you to resolve many Windows upgrade issues. Also see: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/help/10587/windows-10-get-help-with-upgrade-installation-errors) and [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
-
-This article contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
-
-The article has been divided into subtopics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
-
-The following four levels are assigned:
-
-Level 100: Basic
-Level 200: Moderate
-Level 300: Moderate advanced
-Level 400: Advanced
-
-## In this guide
-
-See the following topics in this article:
-
-- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
-- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure.
-- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows 10 upgrade errors, and an explanation of phases used during the upgrade process.
-- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows 10 upgrade.
-- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
- - [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.
- - [Extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes): Information about extend codes.
-- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
- - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
- - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
-- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 200\ Causes and mitigation procedures associated with specific error codes.
- - [0xC1900101](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0xc1900101): Information about the 0xC1900101 result code.
- - [0x800xxxxx](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0x800xxxxx): Information about result codes that start with 0x800.
- - [Other result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
- - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
-- [Submit Windows 10 upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
-
-## Related articles
-
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
-
diff --git a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
new file mode 100644
index 0000000000..db42df75b3
--- /dev/null
+++ b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
@@ -0,0 +1,57 @@
+---
+title: Resolve Windows upgrade errors - Windows IT Pro
+manager: aaroncz
+ms.author: frankroj
+description: Resolve Windows upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
+author: frankroj
+ms.localizationpriority: medium
+ms.topic: article
+ms.service: windows-client
+ms.subservice: itpro-deploy
+ms.date: 01/18/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
+---
+
+# Resolve Windows upgrade errors: Technical information for IT Pros
+
+> [!IMPORTANT]
+>
+> This article contains technical instructions for IT administrators. The article isn't intended for non-IT administrators such as home or consumer users.
+
+This article contains a brief introduction to the Windows installation processes, and provides resolution procedures that IT administrators can use to resolve issues with a Windows upgrade.
+
+The article is divided into subtopics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
+
+The following four levels are assigned:
+
+- Level 100: Basic
+- Level 200: Moderate
+- Level 300: Moderate advanced
+- Level 400: Advanced
+
+## In this guide
+
+See the following articles in this section:
+
+- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps to take to eliminate many Windows upgrade errors.
+- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help isolate the root cause of an upgrade failure.
+- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows upgrade errors, and an explanation of phases used during the upgrade process.
+- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows upgrade.
+- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
+ - [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.
+ - [Extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes): Information about extend codes.
+- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
+ - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
+ - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
+- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 200\ Causes and mitigation procedures associated with specific error codes.
+ - [0xC1900101](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0xc1900101): Information about the 0xC1900101 result code.
+ - [0x800xxxxx](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0x800xxxxx): Information about result codes that start with 0x800.
+ - [Other result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
+ - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
+- [Submit Windows upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
+
+## Related articles
+
+- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors).
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index 3b512451f5..00ae1403ff 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -1,8 +1,9 @@
---
title: SetupDiag
description: SetupDiag works by examining Windows Setup log files. This article shows how to use the SetupDiag tool to diagnose Windows Setup errors.
-ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.reviewer: shendrix
+ms.service: windows-client
+ms.subservice: itpro-deploy
author: frankroj
manager: aaroncz
ms.author: frankroj
@@ -11,34 +12,34 @@ ms.topic: troubleshooting
ms.collection:
- highpri
- tier2
-ms.date: 10/28/2022
+ms.date: 01/18/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# SetupDiag
-**Applies to**
-- Windows 10
+> [!NOTE]
+>
+> This article is a 300 level article (moderate advanced). See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
->[!NOTE]
->This is a 300 level topic (moderate advanced).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
- [](https://go.microsoft.com/fwlink/?linkid=870142)
+> [!div class="nextstepaction"]
+> [Download the latest version of SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142)
## About SetupDiag
-Current downloadable version of SetupDiag: 1.6.2107.27002.
-> Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues.
+> [!IMPORTANT]
+>
+> When SetupDiag is run manually, Microsoft recommends running the latest version of SetupDiag. The latest version is available via the following [download link](https://go.microsoft.com/fwlink/?linkid=870142). Running the latest version ensures the latest functionality and fixes known issues.
-SetupDiag is a diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful.
+SetupDiag is a diagnostic tool that can be used to obtain details about why a Windows upgrade was unsuccessful.
-SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.
+SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows. SetupDiag can be run on the computer that failed to update. The logs can also be exported from the computer to another location and then running SetupDiag in offline mode.
-## SetupDiag in Windows 10, version 2004 and later
+SetupDiag is included with [Windows Setup](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario) in all currently supported versions of Windows.
-With the release of Windows 10, version 2004, SetupDiag is included with [Windows Setup](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario).
-
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there's an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
+During the upgrade process, Windows Setup extracts all its sources files, including **SetupDiag.exe**, to the **%SystemDrive%\$Windows.~bt\Sources** directory. If there's an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure.
When run by Windows Setup, the following [parameters](#parameters) are used:
@@ -47,145 +48,200 @@ When run by Windows Setup, the following [parameters](#parameters) are used:
- /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml
- /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results
-The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**. Note that the registry path isn't the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the /RegPath parameter isn't specified, data is stored in the registry at HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag.
+The resulting SetupDiag analysis can be found at `%WinDir%\Logs\SetupDiag\SetupDiagResults.xml` and in the registry under `HKLM\SYSTEM\Setup\SetupDiag\Results`.
+
+> [!NOTE]
+>
+> When Windows Setup runs SetupDiag automatically, the registry path isn't the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the `/RegPath` parameter isn't specified, data is stored in the registry at `HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag`.
> [!IMPORTANT]
+>
> When SetupDiag indicates that there were multiple failures, the last failure in the log file is typically the fatal error, not the first one.
-If the upgrade process proceeds normally, the **Sources** directory including **setupdiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **setupdiag.exe** will also be removed.
-
-## Using SetupDiag
-
-To quickly use SetupDiag on your current computer:
-1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137).
-2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
-3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**.
-4. When SetupDiag has finished downloading, open the folder where you downloaded the file. By default, this folder is the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane.
-5. Double-click the **SetupDiag** file to run it. Select **Yes** if you're asked to approve running the program.
- - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You'll need to change directories to the location of SetupDiag to run it this way.
-6. A command window will open while SetupDiag diagnoses your computer. Wait for this process to finish.
-7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file.
-8. Use Notepad to open the log file: **SetupDiagResults.log**.
-9. Review the information that is displayed. If a rule was matched, this information can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below.
-
-For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below.
-
-The [Release notes](#release-notes) section at the bottom of this article has information about recent updates to this tool.
+If the upgrade process proceeds normally, the **Sources** directory including **SetupDiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **SetupDiag.exe** is also removed.
## Requirements
-1. The destination OS must be Windows 10.
-2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you aren't sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions:
+1. The destination version of Windows must be a currently supported version of Windows. The originally installed version of Windows can be a version of Windows that's out of support as long as:
+ - The destination version of Windows is a currently supported version of Windows.
+ - Upgrade to the destination version of Windows is supported from the original installed version of Windows.
+
+1. [.NET Framework 4.7.2](https://go.microsoft.com/fwlink/?linkid=863265) or newer must be installed. To determine which version of .NET is preinstalled with a specific version of Windows, see [.NET Framework system requirements: Supported client operating systems](/dotnet/framework/get-started/system-requirements#supported-client-operating-systems). To determine which version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed).
+
+ The following command-line query can be used to display the currently installed version of .NET:
+
+ ```cmd
+ reg.exe query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
```
- reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
- ```
+
+ As long as at least the required version of .NET is installed, no additional action is required, including if a newer version is installed.
+
+## Using SetupDiag
+
+To quickly use SetupDiag on the current computer:
+
+1. Verify that the system meets the [requirements](#requirements).
+
+1. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
+
+1. If the web browser asks what to do with the file, choose **Save**. By default, the file is saved to the **Downloads** folder. If desired, the file can also be saved to a different location by using **Save As**.
+
+1. When SetupDiag finishes downloading, open the folder where the file was downloaded. By default, this folder is the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane.
+
+1. Double-click the **SetupDiag** file to run it. Select **Yes** if asked to approve running the program.
+
+ Double-clicking the file to run it automatically closes the command window when SetupDiag completes its analysis. To instead keep the window open to review the messages SetupDiag generates, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. When running from a command prompt, make sure to change directories to where SetupDiag is located.
+
+1. A command window opens while SetupDiag diagnoses the computer. Wait for this process to finish.
+
+1. When SetupDiag finishes, two files are created in the same folder where SetupDiag was run from. One is a configuration file, the other is a log file.
+
+1. Use Notepad to open the log file **SetupDiagResults.log**.
+
+1. Review the information that is displayed. If a rule was matched, this information can say why the computer failed to upgrade, and potentially how to fix the problem. See the section [Text log sample](#text-log-sample).
+
+For instructions on how to run the tool in offline mode and with more advanced options, see the sections [Parameters](#parameters) and [Examples](#examples).
## Parameters
| Parameter | Description |
| --- | --- |
-| /? |
|
-| /Output:\
|
-| /LogsPath:\
|
-| /ZipLogs:\
|
-| /Format:\
|
-| /Scenario:\[Recovery\] |
|
-| /Verbose |
|
-| /NoTel |
|
-| /AddReg |
|
-| /RegPath |
|
+| **/?** | Displays interactive help |
+| **/Output:\[Full path and file name for output log file\]** | This optional parameter specifies the name and location for the results log file. The output file contains the analysis from SetupDiag. Only text format output is supported. UNC paths work provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, the entire path must be enclosed in double quotes (**"**). See the [Examples](#examples) sections for an example.
Default: If not specified, SetupDiag creates the file **SetupDiagResults.log** in the same directory where **SetupDiag.exe** is run. |
+| **/LogsPath:\[Full path to logs\]** | This optional parameter specifies the location of logs to parse and where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag recursively searches all child directories. Defaults to checking the current system for logs. |
+| **/ZipLogs:\[True \| False\]** | This optional parameter Tells **SetupDiag.exe** to create a zip file containing the results and all the log files that were parsed. The zip file is created in the same directory where **SetupDiag.exe** is run.
Default: If not specified, a value of 'true' is used. |
+| **/Format:\[xml \| json\]** | This optional parameter specifies the output format for log files to be XML or JSON. If this parameter isn't specified, text format is used by default. |
+| **/Scenario:\[Recovery \| Debug\]** | This optional parameter can do one of the following two items based on the argument used:
|
+| **/Verbose** | This optional parameter creates a diagnostic log in the current directory, with debugging information, additional data, and details about SetupDiag. By default, SetupDiag only produces a log file entry for major errors. Using **/Verbose** causes SetupDiag to always produce another log file with debugging details. These details can be useful when reporting a problem with SetupDiag. |
+| **/NoTel** | This optional parameter tells **SetupDiag.exe** not to send diagnostic telemetry to Microsoft. |
+| **/RegPath** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry under the given path. Registry paths should start with **HKEY_LOCAL_MACHINE** or **HKEY_CURRENT_USER** and be accessible at the elevation level SetupDiag is executed under. If this parameter isn't specified, the default path is **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**. |
+| **/AddReg** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry on the executing system in offline mode. SetupDiag by default adds failure information to the registry in Online mode only. Registry data goes to **HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** unless otherwise specified. |
-Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag.
-- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0, when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter isn't needed.
+> [!NOTE]
+>
+> The **/Mode** parameter is deprecated in SetupDiag.
+>
+> In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In current versions of SetupDiag, when /LogsPath is specified then SetupDiag automatically runs in offline mode, therefore the /Mode parameter isn't needed.
-### Examples:
+### Examples
-In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run).
+- In the following example, SetupDiag is run with default parameters in online mode. The results file is **SetupDiagResults.log** in the same folder where SetupDiag is run.
-```
-SetupDiag.exe
-```
+ ```cmd
+ SetupDiag.exe
+ ```
-In the following example, SetupDiag is run in online mode (this mode is the default). It will know where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
+- In the following example, SetupDiag is run in online mode (this mode is the default). It knows where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
-```
-SetupDiag.exe /Output:C:\SetupDiag\Results.log
-```
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.log
+ ```
-The following example uses the /Output parameter to save results to a path name that contains a space:
+- The following example uses the **/Output** parameter to save results to a path name that contains a space:
-```
-SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log"
-```
+ ```cmd
+ SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log"
+ ```
-The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**.
+- The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**.
-```
-SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
-```
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
+ ```
-The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the results to the directory specified by the /Output parameter.
+- The following example sets recovery scenario in offline mode. In the example, SetupDiag searches for reset/recovery logs in the specified LogsPath location and output the results to the directory specified by the **/Output** parameter.
-```
-SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
-```
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
+ ```
-The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format.
+- The following example sets recovery scenario in online mode. In the example, SetupDiag searches for reset/recovery logs on the current system and output results in XML format.
-```
-SetupDiag.exe /Scenario:Recovery /Format:xml
-```
+ ```cmd
+ SetupDiag.exe /Scenario:Recovery /Format:xml
+ ```
+- The following example is an example of Offline Mode. SetupDiag is instructed to parse setup/upgrade log files in the LogsPath directory and output the results to `C:\SetupDiag\Results.txt`.
+
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.txt /LogsPath:D:\Temp\Logs\Logs1 /RegPath:HKEY_CURRENT_USER\SYSTEM\SetupDiag
+ ```
+
+- The following example is an example of Online Mode. SetupDiag is instructed to look for setup/upgrade logs on the current system and output its results in XML format to `C:\SetupDiag\Results.xml`.
+
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\Results.xml /Format:xml
+ ```
+
+- The following example is an example of Online Mode where no parameters are needed or used. SetupDiag is instructed to look for setup/upgrade logs on the current system and output the results to the same directory where SetupDiag is located.
+
+ ```cmd
+ SetupDiag.exe
+ ```
+
+- The following example is an example of Reset/Recovery Offline Mode. SetupDiag is instructed to look for reset/recovery logs in the specified LogsPath location. It then outputs the results to the directory specified by the **/Output** parameter.
+
+ ```cmd
+ SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
+ ```
+
+- The following example is an example of Reset/Recovery Online Mode. SetupDiag is instructed to look for reset/recovery logs on the current system and output its results in XML format.
+
+ ```cmd
+ SetupDiag.exe /Scenario:Recovery /Format:xml
+ ```
## Log files
-[Windows Setup Log Files and Event Logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location:
+[Windows Setup Log Files and Event Logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, SetupDiag should be run against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to the offline location:
-\\$Windows.~bt\sources\panther
-
\\$Windows.~bt\Sources\Rollback
-
\Windows\Panther
-
\Windows\Panther\NewOS
+- `\$Windows.~bt\sources\panther`
+- `\$Windows.~bt\Sources\Rollback`
+- `\Windows\Panther`
+- `\Windows\Panther\NewOS`
-If you copy the parent folder and all subfolders, SetupDiag will automatically search for log files in all subdirectories.
+If the parent folder and all subfolders are copied, SetupDiag automatically searches for log files in all subdirectories.
## Setup bug check analysis
-When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It's also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
+When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. This condition is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
-If crash dumps [are enabled](/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup-related minidumps.
+If crash dumps [are enabled](/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup extracts a minidump (`setupmem.dmp`) file. SetupDiag can also debug these setup-related minidumps.
+
+To debug a setup-related bug check:
+
+- Specify the **/LogsPath** parameter. Memory dumps can't be debugged in online mode.
+
+- Gather the setup memory dump file (`setupmem.dmp) from the failing system.
+
+ `Setupmem.dmp` is created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
-To debug a setup-related bug check, you must:
-- Specify the **/LogsPath** parameter. You can't debug memory dumps in online mode.
-- Gather the setup memory dump file (setupmem.dmp) from the failing system.
- - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
- Install the [Windows Debugging Tools](/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag.
-In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag:
+In the following example, the `setupmem.dmp` file is copied to the `D:\Dump` directory and the Windows Debugging Tools are installed prior to running SetupDiag:
-```
+```cmd
SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump
```
## Known issues
-1. Some rules can take a long time to process if the log files involved are large.
-
+- Some rules can take a long time to process if the log files involved are large.
## Sample output
The following command is an example where SetupDiag is run in offline mode.
-```
+```cmd
D:\SetupDiag>SetupDiag.exe /output:c:\setupdiag\result.xml /logspath:D:\Tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e /format:xml
-SetupDiag v1.6.0.0
+SetupDiag v1.7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.
Searching for setup logs...
-Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2019 2:44:20 PM to be the correct setup log.
-Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2019 2:45:19 PM to be the correct rollback log.
+Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2023 2:44:20 PM to be the correct setup log.
+Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2023 2:45:19 PM to be the correct rollback log.
Gathering baseline information from setup logs...
@@ -208,241 +264,108 @@ SetupDiag found 1 matching issue.
SetupDiag results were logged to: c:\setupdiag\results.xml
Logs ZipFile created at: c:\setupdiag\Logs_14.zip
-
```
## Rules
-When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file that is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. For more information, see the [release notes](#release-notes) section.
+When SetupDiag searches log files, it uses a set of rules to match known issues. These rules are contained in an xml file. The xml file might be updated with new and updated rules as new versions of SetupDiag are made available.
-Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS.
+Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term **down-level** refers to the first phase of the upgrade process, which runs under the original OS.
-1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D
- - This rule indicates that `setup.exe` was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade.
-2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE
- - This is an upgrade block when the target OS doesn't support BitLocker, yet the host OS has BitLocker enabled.
-3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC
- - This block happens when the host OS is booted to a VHD image. Upgrade isn't supported when the host OS is booted from a VHD image.
-4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280
- - This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade isn't supported in the Windows To-Go environment.
-5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90
- - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade isn't supported from this state.
-6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B
- - This block indicates that the host OS is booted to Safe Mode, where upgrade isn't supported.
-7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1
- - This block is encountered when setup determines the system partition (where the boot loader files are stored) doesn't have enough space to be serviced with the newer boot files required during the upgrade process.
-8. CompatBlockedApplicationAutoUninstall - BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
- - This rule indicates there's an application that needs to be uninstalled before setup can continue.
-9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9
- - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies "/compat ignorewarning". This rule indicates setup was executed in /quiet mode but there's an application dismissible block message that has prevented setup from continuing.
-10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4
- - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue.
-11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B
- - This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version and needs to be removed prior to the upgrade.
-12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45
- - This rule indicates the host OS and the target OS language editions don't match.
-13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8
- - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine.
-14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
- - This failure indicates the system ran out of disk space during the down-level operations of upgrade.
-15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191
- - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade.
-16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6
- - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade.
-17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6
- - This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details.
-18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1
- - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
-19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C
- - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
-20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7
- - This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes.
-21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37
- - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine.
-22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
- - Finds fatal advanced installer operations that cause setup failures.
-23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781
- - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in and the error code it produced for diagnostic purposes.
-24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29
- - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in and the error code it produced for diagnostic purposes.
-25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043
- - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes.
-26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14
- - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes.
-27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549
- - This rule indicates the update failed to mount a WIM file. It will show the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes.
-28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E
- - Determines if the given setup was a success or not based off the logs.
-29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC
- - Gives information about failures surfaced early in the upgrade process by setuphost.exe
-30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55
- - Gives failure information surfaced by SetupPlatform, later in the down-level phase.
-31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD
- - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly.
-32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1
- - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes.
-33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48
- - Gives last operation, failure phase and error information when a rollback occurs.
-34. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71
- - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported.
-35. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10.
- - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code.
-36. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
- - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code.
-37. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317
- - Matches a specific failure where the advanced installer service or components aren't operating or started on the system. Will output the error code.
-38. UserProfileCreationFailureDuringFinalize - C6677BA6-2E53-4A88-B528-336D15ED1A64
- - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code.
-39. WimApplyExtractFailure - 746879E9-C9C5-488C-8D4B-0C811FF3A9A8
- - Matches a WIM apply failure during WIM extraction phases of setup. Will output the extension, path and error code.
-40. UpdateAgentExpanderFailure - 66E496B3-7D19-47FA-B19B-4040B9FD17E2
- - Matches DPX expander failures in the down-level phase of update from Windows Update. Will output the package name, function, expression and error code.
-41. FindFatalPluginFailure - E48E3F1C-26F6-4AFB-859B-BF637DA49636
- - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code.
-42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
- - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
-43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9
- - Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug-in name, plug-in action and error code.
-44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9
- - Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code.
-45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960
- - Detects all compat blocks from Server compliance plug-ins. Outputs the block information and remediation.
-46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71
- - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code.
-47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E
- - Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration
-48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78
- - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. Outputs the package name and error code.
-49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
- - Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code.
-50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317
- - Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS.
-51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4
- - Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider.
-52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD
- - Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code.
-53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980
- - A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code.
-54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960
- - These are for server upgrades only, will output the compliance block and remediation required.
-55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0
- - Captures failures due to having an unrecognized wimmount.sys driver registered on the system.
-56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C
- - Detects failures in the kernel mode file operations.
-57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE
- - Detects failures in WimMount.sys registration on the system.
-58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C
- - Captures failure information when DISM fails to start an image session successfully.
-59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52
- - Detects failures in down-level phase before setup platform is invoked.
-60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852
- - Captures failure information when setup platform encounters a fatal error.
-61. UserProfileSuffixMismatch - B4BBCCCE-F99D-43EB-9090-078213397FD8
- - Detects when a file or other object causes the migration or creation of a user profile to fail during the update.
-
-## Release notes
-
-07/27/2021 - SetupDiag v1.6.2107.27002 is released with 61 rules, as a standalone tool available in the Download Center.
-- This version contains compliance updates and minor bug fixes.
-- With this release and subsequent releases, the version number of the downloadable SetupDiag tool is different from the one included with Windows Setup.
-
-05/06/2021 - SetupDiag v1.6.1.0 is released with 61 rules, as a standalone tool available in the Download Center.
-- This version of SetupDiag is included with Windows 10, version 21H1.
-- A new rule is added: UserProfileSuffixMismatch.
-- All outputs to the command line are now invariant culture for purposes of time/date format
-- Fixed an issue with registry output in which the "no match found" result caused a corrupted REG_SZ value.
-
-08/08/2019 - SetupDiag v1.6.0.42 is released with 60 rules, as a standalone tool available from the Download Center.
- - Log detection performance is improved. Log detection takes around 10 seconds or less where before it could take up to a minute.
- - Added Setup Operation and Setup Phase information to both the results log and the registry information.
- - This is the last Operation and Phase that Setup was in when the failure occurred.
- - Added detailed Setup Operation and Setup Phase information (and timing) to output log when /verbose is specified.
- - Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore won't be available.
- - Added more info to the Registry output.
- - Detailed 'FailureData' info where available. Example: "AppName = MyBlockedApplication" or "DiskSpace = 6603" (in MB)
- - "Key = Value" data specific to the failure found.
- - Added 'UpgradeStartTime', 'UpgradeEndTime' and 'UpgradeElapsedTime'
- - Added 'SetupDiagVersion', 'DateTime' (to indicate when SetupDiag was executed on the system), 'TargetOSVersion', 'HostOSVersion' and more…
-
-
-06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.
-- All date and time outputs are updated to localized format per user request.
-- Added setup Operation and Phase information to /verbose log.
-- Added last Setup Operation and last Setup Phase information to most rules where it makes sense (see new output below).
-- Performance improvement in searching setupact.logs to determine correct log to parse.
-- Added SetupDiag version number to text report (xml and json always had it).
-- Added "no match" reports for xml and json per user request.
-- Formatted Json output for easy readability.
-- Performance improvements when searching for setup logs; this should be much faster now.
-- Added seven new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
-- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
- - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
- - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it's always up to date.
- - This registry key also gets deleted when a new update instance is invoked.
- - For an example, see [Sample registry key](#sample-registry-key).
-
-05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
-- This release dds the ability to find and diagnose reset and recovery failures (Push-Button Reset).
-
-12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
-- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
- - The FindDownlevelFailure rule is up to 10 times faster.
-- New rules have been added to analyze failures upgrading to Windows 10 version 1809.
-- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
-- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
-- Some functional and output improvements were made for several rules.
-
-07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
-- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but doesn't have debugger binaries installed.
-
-07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
-- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
-- New feature: Ability to output logs in JSON and XML format.
- - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
- - If the "/Format:xml" or "/Format:json" parameter is omitted, the log output format will default to text.
-- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
-- Three new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
-
-05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
-- Fixed a bug in device install failure detection in online mode.
-- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
-- Telemetry is refactored to only send the rule name and GUID (or "NoRuleMatched" if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
-
-05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center.
-- A performance enhancement has been added to result in faster rule processing.
-- Rules output now includes links to support articles, if applicable.
-- SetupDiag now provides the path and name of files that it's processing.
-- You can now run SetupDiag by selecting it and then examining the output log file.
-- An output log file is now always created, whether or not a rule was matched.
-
-03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
+| Rule Name | GUID | Description |
+| --- | --- |
+| **CompatScanOnly** | FFDAFD37-DB75-498A-A893-472D49A1311D | This rule indicates that `setup.exe` was called with a specific command line parameter that indicated setup was to do a compatibility scan only, not an upgrade. |
+| **PlugInComplianceBlock** | D912150B-1302-4860-91B5-527907D08960 | Detects all compatibility blocks from Server compliance plug-ins. This rule is for server upgrades only. It outputs the compliance block and remediation required. |
+| **BitLockerHardblock** | C30152E2-938E-44B8-915B-D1181BA635AE | This block is an upgrade block when the target OS doesn't support BitLocker, yet the host OS has BitLocker enabled. |
+| **VHDHardblock** | D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC | This block happens when the host OS is booted to a VHD image. Upgrade isn't supported when the host OS is booted from a VHD image. |
+| **PortableWorkspaceHardblock** | 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 | This block indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade isn't supported in the Windows To-Go environment. |
+| **AuditModeHardblock** | A03BD71B-487B-4ACA-83A0-735B0F3F1A90 | This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade isn't supported from this state. |
+| **SafeModeHardblock** | 404D9523-B7A8-4203-90AF-5FBB05B6579B | This block indicates that the host OS is booted to Safe Mode, where upgrade isn't supported. |
+| **InsufficientSystemPartitionDiskSpaceHardblock** | 3789FBF8-E177-437D-B1E3-D38B4C4269D1 | This block is encountered when setup determines the system partition doesn't have enough space to be serviced with the newer boot files required during the upgrade process. The system partition is where the boot loader files are stored |
+| **CompatBlockedApplicationAutoUninstall** | BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 | This rule indicates there's an application that needs to be uninstalled before setup can continue. |
+| **CompatBlockedApplicationDismissable** | EA52620B-E6A0-4BBC-882E-0686605736D9 | When setup is run in **/quiet** mode, there are dismissible application messages that turn into blocks unless the command line also specifies **/compat ignorewarning**. This rule indicates setup was executed in **/quiet** mode but there's an application dismissible block message that prevented setup from continuing. |
+| **CompatBlockedFODDismissable** | 7B693C42-793E-4E9E-A10B-ED0F33D45E2A | When setup is run in **/quiet** mode, there are dismissible Feature On Demand messages that turn into blocks unless the command line also specifies **/compat ignorewarning**. This rule indicates setup was executed in **/quiet** mode but there's a Feature On Demand dismissible block message that prevented setup from continuing, usually that the target OS image is missing a Feature On Demand that is installed in the current OS. Removal of the Feature On Demand in the current OS should also resolve the issue.
+| **CompatBlockedApplicationManualUninstall** | 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 | This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This block typically requires manual removal of the files associated with this application to continue. |
+| **GenericCompatBlock** | 511B9D95-C945-4F9B-BD63-98F1465E1CF6 | The rule indicates that system doesn't meet a hardware requirement for running Windows. For example, the device is missing a requirement for TPM 2.0. This issue can occur even when an attempt is made to bypass the hardware requirements. |
+| **GatedCompatBlock** | 34A9F145-3842-4A68-987F-4622EE0FC162 | This rule indicates that the upgrade failed due to a temporary block. A temporary block is put in place when an issue is found with a specific piece of software or hardware driver and the issue has a fix pending. The block is lifted once the fix is widely available. |
+| **HardblockDeviceOrDriver** | ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B | This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version. The device driver needs to be removed prior to the upgrade. |
+| **HardblockMismatchedLanguage** | 60BA8449-CF23-4D92-A108-D6FCEFB95B45 | This rule indicates the host OS and the target OS language editions don't match. |
+| **HardblockFlightSigning** | 598F2802-3E7F-4697-BD18-7A6371C8B2F8 | This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This rule blocks the pre-release signed build from booting if installed on the machine. |
+| **DiskSpaceBlockInDownLevel** | 6080AFAC-892E-4903-94EA-7A17E69E549E | This failure indicates the system ran out of disk space during the down-level operations of upgrade. |
+| **DiskSpaceFailure** | 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 | This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. |
+| **PreReleaseWimMountDriverFound** | 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 | Captures failures due to having an unrecognized `wimmount.sys` driver registered on the system. |
+| **DebugSetupMemoryDump** | C7C63D8A-C5F6-4255-8031-74597773C3C6 | This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag debugs the memory dump and provide details. |
+| **DebugSetupCrash** | CEEBA202-6F04-4BC3-84B8-7B99AED924B1 | This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
+| **DebugMemoryDump** | 505ED489-329A-43F5-B467-FCAAF6A1264C | This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
+| **DeviceInstallHang** | 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 | This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. |
+| **DriverPackageMissingFileFailure** | 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 | This rule indicates that a driver package had a missing file during device install. Updating the driver package might help resolve the issue. |
+| **UnsignedDriverBootFailure** | CD270AA4-C044-4A22-886A-F34EF2E79469 | This rule indicates that an unsigned driver caused a boot failure. |
+| **BootFailureDetected** | 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 | This rule indicates a boot failure occurred during a specific phase of the update. The rule indicates the failure code and phase for diagnostic purposes. |
+| **WinSetupBootFilterFailure** | C073BFC8-5810-4E19-B53B-4280B79E096C | Detects failures in the kernel mode file operations. |
+| **FindDebugInfoFromRollbackLog** | 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 | This rule determines and gives details when a bug check occurs during the setup/upgrade process that resulted in a memory dump. However, a debugger package isn't required on the executing machine. |
+| **AdvancedInstallerFailed** | 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC | Finds fatal advanced installer operations that cause setup failures. Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. |
+| **AdvancedInstallerPluginInstallFailed** | 2F784A0E-CEB1-47C5-8072-F1294C7CB4AE | This rule indicates some component that was being installed via an advanced installer (FeatureOnDemand, Language Packs, .NET packages, etc.) failed to install. The rule calls out what was being installed. If the failed component is a FeatureOnDemand, remove the Windows Feature, reboot, and try the upgrade again. If the failed component is a Language Pack, remove the additional language pack, reboot, and try the upgrade again. |
+| **AdvancedInstallerGenericFailure** | 4019550D-4CAA-45B0-A222-349C48E86F71 | A rule to match AdvancedInstaller read/write failures in a generic sense. Triggers on advanced installer failures in a generic sense. It outputs the application called, phase, mode, component and error code. |
+| **FindMigApplyUnitFailure** | A4232E11-4043-4A37-9BF4-5901C46FD781 | Detects a migration unit failure that caused the update to fail. This rule outputs the name of the migration plug-in and the error code it produced for diagnostic purposes. |
+| **FindMigGatherUnitFailure** | D04C064B-CD77-4E64-96D6-D26F30B4EE29 | Detects a migration gather unit failure that caused the update to fail. This rule outputs the name of the gather unit/plug-in and the error code it produced for diagnostic purposes. |
+| **FindMigGatherApplyFailure** | A9964E6C-A2A8-45FF-B6B5-25E0BD71428E | Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration |
+| **OptionalComponentFailedToGetOCsFromPackage** | D012E2A2-99D8-4A8C-BBB2-088B92083D78 | This rule matches a specific Optional Component failure when attempting to enumerate components in a package. Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. It outputs the package name and error code. This rule replaces the OptionalComponentInstallFailure rule present. |
+| **OptionalComponentOpenPackageFailed** | 22952520-EC89-4FBD-94E0-B67DF88347F6 | Matches a specific Optional Component failure when attempting to open an OC package. It outputs the package name and error code. Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. |
+| **OptionalComponentInitCBSSessionFailed** | 63340812-9252-45F3-A0F2-B2A4CA5E9317 | Matches a specific failure where the advanced installer service or components aren't operating or started on the system. Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. |
+| **CriticalSafeOSDUFailure** | 73566DF2-CA26-4073-B34C-C9BC70DBF043 | This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It indicates the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. |
+| **UserProfileCreationFailureDuringOnlineApply** | 678117CE-F6A9-40C5-BC9F-A22575C78B14 | Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It indicates the operation and error code associated with the failure for diagnostic purposes. |
+| **UserProfileCreationFailureDuringFinalize** | C6677BA6-2E53-4A88-B528-336D15ED1A64 | Matches a specific User Profile creation error during the finalize phase of setup. It outputs the failure code. |
+| **UserProfileSuffixMismatch** | B4BBCCCE-F99D-43EB-9090-078213397FD8 | Detects when a file or other object causes the migration or creation of a user profile to fail during the update. |
+| **DuplicateUserProfileFailure** | BD7B3109-80F1-4421-8F0A-B34CD25F4B51 | This rule indicates a fatal error while migrating user profiles, usually with multiple SIDs associated with a single user profile. This error usually occurs when software creates local user accounts that aren't ever used or signed in with. The rule indicates the SID and UserName of the account that is causing the failure. To attempt to resolve the issue, first back up all the user's files for the affected user account. After the user's files are backed up, delete the account in a supported manner. Make sure that the account isn't one that is needed or is currently used to sign into the device. After deleting the account, reboot, and try the upgrade again. |
+| **WimMountFailure** | BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 | This rule indicates the update failed to mount a WIM file. It shows the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes. |
+| **WimMountDriverIssue** | 565B60DD-5403-4797-AE3E-BC5CB972FBAE | Detects failures in `WimMount.sys` registration on the system. |
+| **WimApplyExtractFailure** | 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 | Matches a WIM apply failure during WIM extraction phases of setup. It outputs the extension, path and error code. |
+| **UpdateAgentExpanderFailure** | 66E496B3-7D19-47FA-B19B-4040B9FD17E2 | Matches DPX expander failures in the down-level phase of update from Windows Update. It outputs the package name, function, expression and error code. |
+| **FindFatalPluginFailure** | E48E3F1C-26F6-4AFB-859B-BF637DA49636 | Matches any plug-in failure that setupplatform decides is fatal to setup. It outputs the plugin name, operation and error code. |
+| **MigrationAbortedDueToPluginFailure** | D07A24F6-5B25-474E-B516-A730085940C9 | Indicates a critical failure in a migration plugin that causes setup to abort the migration. Provides the setup operation, plug-in name, plug-in action and error code. |
+| **DISMAddPackageFailed** | 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 | Indicates a critical failure during a DISM add package operation. Specifies the Package Name, DISM error and add package error code. |
+| **DISMImageSessionFailure** | 61B7886B-10CD-4C98-A299-B987CB24A11C | Captures failure information when DISM fails to start an image session successfully. |
+| **DISMproviderFailure** | D76EF86F-B3F8-433F-9EBF-B4411F8141F4 | Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. |
+| **SysPrepLaunchModuleFailure** | 7905655C-F295-45F7-8873-81D6F9149BFD | Indicates a sysPrep plug-in failed in a critical operation. Indicates the plug-in name, operation name and error code. |
+| **UserProvidedDriverInjectionFailure** | 2247C48A-7EE3-4037-AFAB-95B92DE1D980 | A driver provided to setup (via command line input) failed in some way. Outputs the driver install function and error code. |
+| **DriverMigrationFailure** | 9378D9E2-256E-448C-B02F-137F611F5CE3 | This rule indicates a fatal failure when migrating drivers. |
+| **UnknownDriverMigrationFailure** | D7541B80-5071-42CE-AD14-FBE8C0C4F7FD | This rule indicates a bad driver package resides on the system. The driver package causes the upgrade to fail when the driver package is attempted to migrate to the new OS. The rule usually indicates the driver package name that caused the issue. The remediation is to remove the bad driver package, reboot, and try the upgrade again. If an update to this driver is available from the OEM, updating the driver package is recommended. |
+| | |
+| **FindSuccessfulUpgrade** | 8A0824C8-A56D-4C55-95A0-22751AB62F3E | Determines if the given setup was a success or not based off the logs. |
+| **FindSetupHostReportedFailure** | 6253C04F-2E4E-4F7A-B88E-95A69702F7EC | Gives information about failures surfaced early in the upgrade process by `setuphost.exe` |
+| **FindDownlevelFailure** | 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 | Gives failure information surfaced by SetupPlatform, later in the down-level phase. |
+| **FindAbruptDownlevelFailure** | 55882B1A-DA3E-408A-9076-23B22A0472BD | Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. |
+| **FindEarlyDownlevelError** | A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 | Detects failures in down-level phase before setup platform is invoked. |
+| **FindSPFatalError** | A4028172-1B09-48F8-AD3B-86CDD7D55852 | Captures failure information when setup platform encounters a fatal error. |
+| **FindSetupPlatformFailedOperationInfo** | 307A0133-F06B-4B75-AEA8-116C3B53C2D1 | Gives last phase and error information when SetupPlatform indicates a critical failure. This rule indicates the operation and error associated with the failure for diagnostic purposes. |
+| **FindRollbackFailure** | 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 | Gives last operation, failure phase and error information when a rollback occurs. |
## Sample logs
### Text log sample
-```
+```txt
Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
System Information:
- Machine Name = Offline
- Manufacturer = MSI
- Model = MS-7998
- HostOSArchitecture = x64
- FirmwareType = PCAT
- BiosReleaseDate = 20160727000000.000000+000
- BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
- BiosVersion = 1.70
- HostOSVersion = 10.0.15063
- HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
- TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
- HostOSLanguageId = 2057
- HostOSEdition = Core
- RegisteredAV = Windows Defender,
- FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
- UpgradeStartTime = 3/21/2018 9:47:16 PM
- UpgradeEndTime = 3/21/2018 10:02:40 PM
- UpgradeElapsedTime = 00:15:24
- ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
+ Machine Name = Offline
+ Manufacturer = MSI
+ Model = MS-7998
+ HostOSArchitecture = x64
+ FirmwareType = PCAT
+ BiosReleaseDate = 20160727000000.000000+000
+ BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
+ BiosVersion = 1.70
+ HostOSVersion = 10.0.15063
+ HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
+ TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
+ HostOSLanguageId = 2057
+ HostOSEdition = Core
+ RegisteredAV = Windows Defender,
+ FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
+ UpgradeStartTime = 3/21/2023 9:47:16 PM
+ UpgradeEndTime = 3/21/2023 10:02:40 PM
+ UpgradeElapsedTime = 00:15:24
+ ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
@@ -455,7 +378,7 @@ Refer to https://learn.microsoft.com/windows/deployment/upgrade/upgrade-error-co
```xml
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-## In this topic
-
-This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub.
+This article describes how to submit problems with a Windows upgrade to Microsoft using the Windows Feedback Hub.
## About the Feedback Hub
-The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
+The Feedback Hub app allows reporting to Microsoft of any problems encountered while using Windows. It also allows sending suggestions to Microsoft on how to improve the Windows experience. Previously, the Feedback Hub could only be used through the Windows Insider Program. Now anyone can use this tool. The Feedback Hub app can be downloaded from the [Microsoft Store](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
-The Feedback Hub requires Windows 10. If you're having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information. However, you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you're upgrading to Windows 10 from a previous version of Windows 10, the Feedback Hub will collect log files automatically.
+The Feedback Hub requires a currently supported version of Windows. The Feedback Hub can be used to submit information to Microsoft if problems are encountered while upgrading Windows. If upgrading to a currently supported version of Windows from a previous version that's Windows 10 or newer, the Feedback Hub automatically collects log files. For operating systems prior to Windows 10 that don't support the Feedback Hub, the log files must be manually collected. The log files can then be attached to the feedback item using a device that is running a currently supported version of Windows that supports the Feedback Hub.
## Submit feedback
-To submit feedback about a failed Windows 10 upgrade, select the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md)
+To submit feedback about a failed Windows upgrade, open the [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md).
-The Feedback Hub will open.
+In the Feedback Hub, fill out all four sections with as much detail as possible:
-- Under **Tell us about it**, and then under **Summarize your issue**, type **Upgrade failing**.
-- Under **Give us more detail**, provide additional information about the failed upgrade, such as:
- - When did the failure occur?
- - Were there any reboots?
- - How many times did the system reboot?
- - How did the upgrade fail?
- - Were any error codes visible?
- - Did the computer fail to a blue screen?
- - Did the computer automatically rollback or did it hang, requiring you to power cycle it before it rolled back?
-- Additional details
- - What type of security software is installed?
- - Is the computer up to date with latest drivers and firmware?
- - Are there any external devices connected?
-- If you used the link above, the category and subcategory will be automatically selected. If it isn't selected, choose **Install and Update** and **Windows Installation**.
+1. **Enter your feedback**
+1. **Choose a category**
+1. **Find similar feedback**
+1. **Add more details**
-You can attach a screenshot or file if desired. This is optional, but can be helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
+Recommended information that can be included under the **Add more details** section include:
-Select **Submit** to send your feedback.
+- When did the failure occur?
+ - Were there any reboots?
+ - How many times did the system reboot?
+- How did the upgrade fail?
+ - Were any error codes visible?
+ - Did the computer fail to a blue screen?
+ - Did the computer automatically rollback or did it hang, requiring the computer to be power cycled before it rolled back?
+- What type of security software is installed?
+- Is the computer up to date with latest drivers and firmware?
+- Are there any external devices connected?
-See the following example:
+Using the **Attach a screenshot** and **Attach a file** options allows screenshots or files to be included as part of the feedback item. Attachments and screenshots are optional, but can be helpful when diagnosing the upgrade issue. For example, log files can be included as attachments to the feedback item. The location of the Windows upgrade log files is described in the article [Windows Setup log files and event logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
-
+Finally the **Recreate my problem** option can be used to potentially send additional data and logs for Microsoft to evaluate.
-After you select Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue. You can check on your feedback periodically to see what solutions have been provided.
+Once all the feedback items are completed, select the **Submit** button to send the feedback. Microsoft receives the feedback and begins analyzing the issue. The submitted feedback can be checked on periodically to see what solutions are provided.
-## Link to your feedback
+## Link to the feedback
-After your feedback is submitted, you can email or post links to it by opening the Feedback Hub, clicking My feedback at the top, clicking the feedback item you submitted, clicking **Share**, then copying the short link that is displayed.
+After the feedback is submitted, additional information and items can be added to the feedback item. To do so:
-
+1. Open the [Feedback Hub](feedback-hub:).
+1. At the top of the Feedback Hub, select **My feedback**.
+1. Select the feedback item that was submitted.
+1. Select **Share**.
+1. Copy and then use the short link that is displayed.
+
+:::image type="content" alt-text="Share example." source="../images/share.jpg":::
## Related articles
-
-[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 7686e7d15b..3a3e1ce84b 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -1,7 +1,7 @@
---
title: Windows 10 upgrade paths (Windows 10)
description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported.
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
@@ -10,7 +10,7 @@ ms.topic: conceptual
ms.collection:
- highpri
- tier2
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/02/2023
appliesto:
- ✅ Windows 10
diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md
index 44c3c79c40..f09b8e67cc 100644
--- a/windows/deployment/upgrade/windows-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-edition-upgrades.md
@@ -3,14 +3,14 @@ title: Windows edition upgrade
description: With Windows, you can quickly upgrade from one edition of Windows to another, provided the upgrade path is supported.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: conceptual
ms.collection:
- highpri
- tier2
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/02/2023
appliesto:
- ✅ Windows 10
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index 57c9590028..6bf70a9220 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -3,30 +3,32 @@ title: Windows error reporting - Windows IT Pro
manager: aaroncz
ms.author: frankroj
description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup.
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.localizationpriority: medium
ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.subservice: itpro-deploy
+ms.date: 01/18/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Windows Error Reporting
-**Applies to**
-- Windows 10
-
> [!NOTE]
-> This is a 300 level topic (moderately advanced).
-> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+>
+> This article is a 300 level article (moderately advanced).
+>
+> See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
-
-When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. You can use Event Viewer to review this event, or you can use Windows PowerShell.
+When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. Event Viewer or Windows PowerShell can be used to review this event.
To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
> [!IMPORTANT]
-> The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable.
+>
+> The following Event logs are only available if Windows was updated from a previous version of Windows to a new version of Windows.
```powershell
$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
@@ -34,37 +36,35 @@ $event = [xml]$events[0].ToXml()
$event.Event.EventData.Data
```
-To use Event Viewer:
+To use Event Viewer:
+
1. Open Event Viewer and navigate to **Windows Logs\Application**.
-2. Select **Find**, and then search for **winsetupdiag02**.
-3. Double-click the event that is highlighted.
+1. Select **Find**, and then search for **winsetupdiag02**.
+1. Double-click the event that is highlighted.
> [!NOTE]
-> For legacy operating systems, the Event Name was WinSetupDiag01.
+>
+> For legacy operating systems, the Event Name was WinSetupDiag01.
Ten parameters are listed in the event:
-| Parameters |
-| ------------- |
-|P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
-|P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
-|P3: New OS Architecture (x=default,0=X86,9=AMD64) |
-|P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
-|**P5: Result Error Code** (Ex: 0xc1900101) |
-|**P6: Extend Error Code** (Ex: 0x20017) |
-|P7: Source OS build (Ex: 9600) |
-|P8: Source OS branch (not typically available) |
-|P9: New OS build (Ex: 16299} |
-|P10: New OS branch (Ex: rs3_release} |
+| Parameters |
+| ------------- |
+| P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
+| P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
+| P3: New OS Architecture (x=default,0=X86,9=AMD64) |
+| P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
+| **P5: Result Error Code** (Ex: 0xc1900101) |
+| **P6: Extend Error Code** (Ex: 0x20017) |
+| P7: Source OS build (Ex: 9600) |
+| P8: Source OS branch (not typically available) |
+| P9: New OS build (Ex: 16299) |
+| P10: New OS branch (Ex: rs3_release) |
-The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below.
+The event also contains links to log files that can be used to perform a detailed diagnosis of the error. The following example is an example of this event from a successful upgrade:
:::image type="content" alt-text="Windows Error Reporting." source="../images/event.png" lightbox="../images/event.png":::
## Related articles
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
\ No newline at end of file
+- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors).
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 4a534442ee..90b71af916 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -3,10 +3,10 @@ title: Windows Upgrade and Migration Considerations (Windows 10)
description: Discover the Microsoft tools you can use to move files and settings between installations including special considerations for performing an upgrade or migration.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 08/09/2023
---
diff --git a/windows/deployment/upgrade/windows-upgrade-paths.md b/windows/deployment/upgrade/windows-upgrade-paths.md
index c8ea3f2dda..cf0bfb9763 100644
--- a/windows/deployment/upgrade/windows-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-upgrade-paths.md
@@ -1,7 +1,7 @@
---
title: Windows upgrade paths
description: Upgrade to current versions of Windows from a previous version of Windows
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
manager: aaroncz
@@ -10,7 +10,7 @@ ms.topic: conceptual
ms.collection:
- highpri
- tier2
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/02/2023
appliesto:
- ✅ Windows 10
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 9eebdd0921..398bf0db0c 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -1,83 +1,99 @@
---
-title: User State Migration Tool (USMT) - Getting Started (Windows 10)
-description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT).
+title: User State Migration Tool (USMT) - Getting Started
+description: Plan, collect, and prepare the source computer for migration using the User State Migration Tool (USMT).
+ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 11/01/2022
+ms.subservice: itpro-deploy
+ms.date: 01/09/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Getting started with the User State Migration Tool (USMT)
-This article outlines the general process that you should follow to migrate files and settings.
+This article outlines the general process to follow to migrate files and settings.
-## Step 1: Plan your migration
+## Step 1: Plan the migration
-1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
+1. [Plan The Migration](usmt-plan-your-migration.md). Depending on whether the migration scenario is refreshing or replacing computers, an online migration or an offline migration can be chosen. Offline migrations can use either Windows Preinstallation Environment (WinPE) or the files in the **Windows.old** directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
-1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
+1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data to consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
-1. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+1. Determine where to store data. Depending on the size of the migration store, data can be stored in one of the following locations:
-1. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
+ - Remotely.
+ - Locally in a hard-link migration store or on a local external storage device.
+ - Directly on the destination computer.
-1. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files.
+ For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+
+1. Use the `/GenMigXML` command-line option to determine which files are included in the migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
+
+1. If necessary, modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom **.xml** files. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, custom **.xml** file can be created or modify the rules in the existing migration **.xml** files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration **.xml** files.
> [!IMPORTANT]
- > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files.
+ >
+ > Microsoft recommends to always make copies of the **.xml** files included in User State Migration Tool (USMT) and then modify the copies. Never modify the original **.xml** files.
- You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
+ The `MigXML.xsd` file can be used to help write and validate the **.xml** files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
+
+1. Create a [Config.xml File](usmt-configxml-file.md) if to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options:
-1. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options:
- [/genconfig](usmt-scanstate-syntax.md#migration-rule-options).
- - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the .xml files that you plan to use with `ScanState.exe`.
-
+ - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the **.xml** files that are being used with `ScanState.exe`.
+
For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files:
```cmd
ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
```
-1. Open the `Config.xml` that was generated in the previous step. Review the migration state of each of the components listed in the `Config.xml` file. If necessary, edit the `Config.xml` file and specify `migrate=no` for any components that you don't want to migrate.
+1. Open the `Config.xml` that was generated in the previous step. Review the migration state of each of the components listed in the `Config.xml` file. If necessary, edit the `Config.xml` file and specify `migrate=no` for any components that don't need to be migrated.
## Step 2: Collect files and settings from the source computer
1. Back up the source computer.
-1. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
+1. Close all applications. If some applications are running when the `ScanState.exe` command is run, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
> [!NOTE]
- > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `
|
-*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: Set USMT_WORKING_DIR=[path to working directory]
|
+|**USMT_WORKING_DIR**|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:Set MIG_OFFLINE_PLATFORM_ARCH=32
`Set USMT_WORKING_DIR=
`Set MIG_OFFLINE_PLATFORM_ARCH=32`|
## Offline.xml elements
-Use an `Offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `Offline.xml` file specifies which directories to scan for windows files. An `Offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option.
+Use an `Offline.xml` file when running the **ScanState** tool on a computer that has multiple Windows directories. The `Offline.xml` file specifies which directories to scan for windows files. An `Offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option.
-### <offline>
+### \
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).|
-|*MigApps.xml file*|Applications settings.|
-|*MigUser.xml* or *MigDocs.xml* files|User files and profile settings.|
-|*Custom XML files*|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.|
+|**Config.xml file**|Operating-system components such as desktop wallpaper and background theme.
The `Config.xml` can also be extended to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).|
+|**MigApps.xml file**|Applications settings.|
+|**MigUser.xml** or **MigDocs.xml** files|User files and profile settings.|
+|**Custom XML files**|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.|
-For example, you can use all of the XML migration file types for a single migration, as in the following example:
+For example, all of the XML migration file types can be used for a single migration, as in the following example:
```cmd
ScanState.exe