deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into Jreeds-3968706-App-management-add-ins

Browse Source
This commit is contained in:
Jreeds001 2020-04-09 18:00:12 -07:00
commit 81399558dd
282 changed files with 3405 additions and 1886 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.openpublishing.redirection.json
View File

@ -116,6 +116,11 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/deployment/update/update-compliance-perspectives.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using",
"redirect_document_id": true
},
{
"source_path": "browsers/edge/hardware-and-software-requirements.md", "source_path": "browsers/edge/hardware-and-software-requirements.md",
"redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge", "redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge",
"redirect_document_id": true "redirect_document_id": true
@ -1497,6 +1502,11 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md", "source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview",
"redirect_document_id": true "redirect_document_id": true
@ -6227,6 +6237,11 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/deployment/update/update-compliance-wdav-status.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started",
"redirect_document_id": true
},
{
"source_path": "windows/manage/update-compliance-using.md", "source_path": "windows/manage/update-compliance-using.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using", "redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using",
"redirect_document_id": true "redirect_document_id": true

1
browsers/internet-explorer/TOC.md
View File

@ -47,6 +47,7 @@
#### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md) #### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
#### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) #### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
#### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) #### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md)
### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md) ### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
#### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md) #### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md) ##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)

13
browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
View File

@ -7,7 +7,8 @@ author: dansimp
ms.prod: ie11 ms.prod: ie11
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
ms.reviewer: ms.reviewer:
audience: itpro manager: dansimp audience: itpro
manager: dansimp
ms.author: dansimp ms.author: dansimp
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
ms.sitesec: library ms.sitesec: library
@ -57,16 +58,20 @@ You can add individual sites to your compatibility list by using the Enterprise
5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. 5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
- **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode.
- **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
- **None**. Opens in whatever browser the employee chooses. - **None**. Opens in whatever browser the employee chooses.
6. Click **Save** to validate your website and to add it to the site list for your enterprise.<p> 6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior.
7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance#updated-schema-attributes).
8. Click **Save** to validate your website and to add it to the site list for your enterprise.<p>
If your site passes validation, its added to the global compatibility list. If the site doesnt pass validation, youll get an error message explaining the problem. Youll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. If your site passes validation, its added to the global compatibility list. If the site doesnt pass validation, youll get an error message explaining the problem. Youll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p> 9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
## Next steps ## Next steps

2
browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
View File

@ -20,7 +20,7 @@ ms.date: 07/27/2017
If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872). If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872).
## Group Policy Object-related Log Files ## Group Policy Object-related Log Files
You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](https://go.microsoft.com/fwlink/p/?LinkId=294917). You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**
   

47
browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md Normal file
View File

@ -0,0 +1,47 @@
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to use Site List Manager to review neutral sites for IE mode
author: dansimp
ms.prod: ie11
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
ms.sitesec: library
ms.date: 04/02/2020
---
# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
**Applies to:**
- Windows 10
- Windows 8
- Windows Server 2012 R2
- Microsoft Edge version 77 or later
> [!NOTE]
> This feature is available on the Enterprise Mode Site List Manager version 11.0.
## Overview
While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users.
The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion.
## Flag neutral sites
To identify neutral sites to review:
1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**.
2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge.
3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again.
## Related topics
- [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode)
- [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites)

4
browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
View File

@ -26,7 +26,7 @@ ms.date: 12/04/2017
- Windows Server 2012 R2 - Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1) - Windows Server 2008 R2 with Service Pack 1 (SP1)
Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration thats designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
@ -49,12 +49,14 @@ The following topics give you more information about the things that you can do
|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). | |[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. |
|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
| [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion.<p> This topic applies to the latest version of the Enterprise Mode Site List Manager.
## Related topics ## Related topics

1
devices/hololens/TOC.md
View File

@ -65,7 +65,6 @@
## [Frequently asked security questions](hololens-faq-security.md) ## [Frequently asked security questions](hololens-faq-security.md)
## [Status of the HoloLens services](hololens-status.md) ## [Status of the HoloLens services](hololens-status.md)
## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb) ## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb)
## [SCEP whitepaper](scep-whitepaper.md)
# [HoloLens release notes](hololens-release-notes.md) # [HoloLens release notes](hololens-release-notes.md)
# [Give us feedback](hololens-feedback.md) # [Give us feedback](hololens-feedback.md)

19
devices/hololens/holographic-3d-viewer-beta.md
View File

@ -1,6 +1,6 @@
--- ---
title: Using 3D Viewer on HoloLens title: Using 3D Viewer Beta on HoloLens
description: Describes the types of files and features that 3D Viewer Beta on HoloLens supports, and how to use and troubleshoot the app. description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
ms.prod: hololens ms.prod: hololens
ms.sitesec: library ms.sitesec: library
author: Teresa-Motiv author: Teresa-Motiv
@ -15,15 +15,18 @@ appliesto:
- HoloLens (1st gen) - HoloLens (1st gen)
--- ---
# Using 3D Viewer on HoloLens # Using 3D Viewer Beta on HoloLens
3D Viewer lets you view 3D models on HoloLens. You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps. 3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications). >[!NOTE]
>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer-beta). If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
There are two ways to open a 3D model on HoloLens. See [Viewing 3D models on HoloLens](#viewing-3d-models-on-hololens) to learn more. To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting). If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting).
@ -122,7 +125,7 @@ By default, 3D Viewer Beta displays 3D models at a comfortable size and position
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit. To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
## Viewing 3D models on HoloLens ## Viewing FBX files on HoloLens
### Open an FBX file from Microsoft Edge ### Open an FBX file from Microsoft Edge

4
devices/hololens/hololens-calibration.md
View File

@ -86,6 +86,8 @@ If calibration is unsuccessful try:
If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md). If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system.
### Calibration data and security ### Calibration data and security
Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful. Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
@ -105,6 +107,8 @@ You can also disable the calibration prompt by following these steps:
### HoloLens 2 eye-tracking technology ### HoloLens 2 eye-tracking technology
The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning. The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning.
> [!NOTE]
> Setting the IPD is not applicable for Hololens 2, since eye positions are computed by the system.
HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers dont need to do anything to leverage this capability. HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers dont need to do anything to leverage this capability.

2
devices/hololens/hololens-connect-devices.md
View File

@ -32,7 +32,7 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices:
- HoloLens (1st gen) clicker - HoloLens (1st gen) clicker
> [!NOTE] > [!NOTE]
> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [I'm having problems pairing or using a Bluetooth device](hololens-FAQ.md#im-having-problems-pairing-or-using-a-bluetooth-device). > Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [HoloLens Settings lists devices as available, but the devices don't work](hololens-FAQ.md#hololens-settings-lists-devices-as-available-but-the-devices-dont-work).
### Pair a Bluetooth keyboard or mouse ### Pair a Bluetooth keyboard or mouse

30
devices/hololens/hololens-cortana.md
View File

@ -30,7 +30,7 @@ This article teaches you how to control HoloLens and your holographic world with
## Built-in voice commands ## Built-in voice commands
Get around HoloLens faster with these basic commands. In order to use these you need to enable Speech during first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of Start menu. Get around HoloLens faster with these basic commands. In order to use these, you need to enable Speech during the first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of the Start menu. For the best speech recognition results, HoloLens 2 uses the Microsoft cloud-based services. However, you can use Settings to disable this feature. To do this, in Settings, turn off **Online speech recognition**. After you change this setting, HoloLens 2 will only process voice data locally to recognize commands and dictation, and Cortana will not be available.
### General speech commands ### General speech commands
@ -48,6 +48,19 @@ Use these commands throughout Windows Mixed Reality to get around faster. Some c
|Hide and show hand ray | "Hide hand ray" / "Show hand ray" | |Hide and show hand ray | "Hide hand ray" / "Show hand ray" |
|See available speech commands | "What can I say?" | |See available speech commands | "What can I say?" |
Starting with version 19041.x of HoloLens 2, you can also use these commands:
| Say this | To do this |
| - | - |
| "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. |
| "Shutdown device" | Bring up a dialogue to confirm you want to turn off the device. You can say "yes" to confirm. |
| "Brightness up/down" | Increase or decrease the display brightness by 10%. |
| "Volume up/down" | Increase or decrease the volume by 10%. |
| "What's my IP address" | Bring up a dialogue displaying your device's current IP address on the local network. |
| "Take a picture" | Capture a mixed reality photo of what you are currently seeing. |
| "Take a video" | Start recording a mixed reality video. |
| "Stop recording" | Stops the current mixed reality video recording if one is in progress. |
### Hologram commands ### Hologram commands
To use these commands, gaze at a 3D object, hologram, or app window. To use these commands, gaze at a 3D object, hologram, or app window.
@ -87,7 +100,7 @@ Sometimes it's helpful to spell out things like email addresses. For instance, t
## Do more with Cortana ## Do more with Cortana
Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. She can give you suggestions, ideas, reminders, alerts, and more. To get her attention, select Cortana on **Start** or say "Hey Cortana" anytime. Cortana can help you do all kinds of things on your HoloLens, but depending on which version of Windows Holographic you're using, the capablities may be different. You can learn more about the updated capabilites of the latest version of Cortana [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
![Hey Cortana!](images/cortana-on-hololens.png) ![Hey Cortana!](images/cortana-on-hololens.png)
@ -96,22 +109,27 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
**Hey, Cortana**... **Hey, Cortana**...
- What can I say? - What can I say?
- Launch <*app name*>.
- What time is it?
- Show me the latest NBA scores.
- Tell me a joke.
If you're using *version 18362.x or earlier*, you can also use these commands:
**Hey, Cortana**...
- Increase the volume. - Increase the volume.
- Decrease the brightness. - Decrease the brightness.
- Shut down. - Shut down.
- Restart. - Restart.
- Go to sleep. - Go to sleep.
- Mute. - Mute.
- Launch <*app name*>.
- Move <*app name*> here (gaze at the spot that you want the app to move to). - Move <*app name*> here (gaze at the spot that you want the app to move to).
- Go to Start. - Go to Start.
- Take a picture. - Take a picture.
- Start recording. (Starts recording a video.) - Start recording. (Starts recording a video.)
- Stop recording. (Stops recording a video.) - Stop recording. (Stops recording a video.)
- What time is it?
- Show me the latest NBA scores.
- How much battery do I have left? - How much battery do I have left?
- Tell me a joke.
Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another. Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.

4
devices/hololens/hololens-faq-security.md
View File

@ -73,8 +73,6 @@ appliesto:
1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?** 1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client. 1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client.
1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices. 1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices.
1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?**
1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities.
## HoloLens 2nd Gen Security Questions ## HoloLens 2nd Gen Security Questions
@ -125,5 +123,3 @@ appliesto:
1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?** 1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client. 1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client.
1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices. 1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices.
1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?**
1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities.

8
devices/hololens/hololens-insider.md
View File

@ -67,6 +67,7 @@ Here's a quick summary of what's new:
- Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview. - Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview.
- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time. - Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
- Support for additional system voice commands - Support for additional system voice commands
- An updated Cortana app with a focus on productivity
- Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate - Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
- Performance and stability improvements across the product - Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device - More information in settings on HoloLens about the policy pushed to the device
@ -95,9 +96,16 @@ You can now can access these commands with your voice:
- "Volume up" - "Volume up"
- "Volume down" - "Volume down"
- "What is my IP address?" - "What is my IP address?"
- "Take a picture"
- "Take a video" / "Stop recording"
If you're running your system with a different language, please try the appropriate commands in that language. If you're running your system with a different language, please try the appropriate commands in that language.
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Dark mode ### Dark mode
Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."** Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
Here are some of the in-box apps that support Dark mode! Here are some of the in-box apps that support Dark mode!

80
devices/hololens/scep-whitepaper.md
View File

@ -1,80 +0,0 @@
---
title: SCEP Whitepaper
description: A whitepaper that describes how Microsoft mitigates the vulnerabilities of SCEP.
ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
author: pawinfie
ms.author: pawinfie
ms.date: 02/12/2020
keywords: hololens, Windows Mixed Reality, security
ms.prod: hololens
ms.sitesec: library
ms.topic: article
audience: ITPro
ms.localizationpriority: high
ms.custom:
- CI 111456
- CSSTroubleshooting
appliesto:
- HoloLens 1 (1st gen)
- HoloLens 2
---
# SCEP whitepaper
## High Level
### How the SCEP Challenge PW is secured
We work around the weakness of the SCEP protocol by generating custom challenges in Intune itself. The challenge string we create is signed/encrypted, and contains the information we've configured in Intune for certificate issuance into the challenge blob. This means the blob used as the challenge string contains the expected CSR information like the Subject Name, Subject Alternative Name, and other attributes.
We then pass that to the device and then the device generates it's CSR and passes it, and the blob to the SCEP URL it received in the MDM profile. On NDES servers running the Intune SCEP module we perform a custom challenge validation that validates the signature on the blob, decrypts the challenge blob itself, compare it to the CSR received, and then determine if we should issue the cert. If any portion of this check fails then the certificate request is rejected.
## Behind the scenes
### Intune Connector has a number of responsibilities
1. The connector is SCEP policy module which contains a "Certification Registration Point" component which interacts with the Intune service, and is responsible for validating, and securing the SCEP request coming into the NDES server.
1. The connector will install an App Pool on the NDES IIS server > Microsoft Intune CRP service Pool, and a CertificateRegistrationSvc under the "Default Web Site" on IIS.
1. **When the Intune NDES connector is first configured/setup on the NDES server, a certificate is issued from the Intune cloud service to the NDES server. This cert is used to securely communicate with the Intune cloud service - customer tenant. The cert is unique to the customers NDES server. Can be viewed in Certlm.msc issued by SC_Online_Issuing. This certs Public key is used by Intune in the cloud to encrypt the challenge blob. In addition, when the connector is configured, Intune's public key is sent to the NDES server.**
>[!NOTE]
>The connector communication with Intune is strictly outbound traffic.
1. The Intune cloud service combined with the Intune connector/policy module addresses the SCEP protocol challenge password weakness (in the SCEP protocol) by generating a custom challenge. The challenge is generated in Intune itself.
1. In the challenge blob, Intune puts information that we expect in the cert request (CSR - Certificate Signing Request) coming from a mobile device like the following: what we expect the Subject and SAN (validated against AAD attributes/properties of the user/device) to be, and specifics contained in the Intune SCEP profile that is created by an Intune admin, i.e., Request Handling, EKU, Renewal, validity period, key size, renewal period.
>[!NOTE]
>The Challenge blob is Encrypted with the Connectors Public Key, and Signed with Intune's (cloud service) Private Key. The device cannot decrypt the challenge
1. When an Intune admin creates a SCEP profile in their tenant, Intune will send the SCEP profile payload along with the Encrypted and Signed Challenge to the targeted device. The device generates a CSR, and reaches out to NDES URL (contained in the SCEP profile). The device cert request payload contains the CSR, and the encrypted, signed challenge blob.
1. When the device reaches out to the NDES server (via the NDES/SCEP URL provided in the SCEP Profile payload), the SCEP cert request validation is performed by the policy module running on the NDES server. The challenge signature is verified using Intune's public key (which is on the NDES server, when the connector was installed and configured) and decrypted using the connectors private key. The policy module compares the CSR details against the decrypted challenge and determines if a cert should be issued. If the CSR passes validation, the NDES server requests a certificate from the CA on behalf of the user/device.
>[!NOTE]
>The above process takes place on the NDES server running the Policy Module. No interaction with the Intune cloud service takes place.
1. The NDES connector notification/reporting of cert delivery takes place after NDES sends the issued cert to the device. This is performed as a separate operation outside the cert request flow. Meaning that once NDES sends the cert to the device via the AAD app proxy (or other publishing firewall/proxy, a log is written with the cert delivery details on the NDES server by the connector (file location \Program Files\Microsoft Intune\CertificateRequestStatus\Succeed\ folder. The connector will look here, and send updates to Intune.
1. The mobile device must be enrolled in Intune. If not, we reject the request as well
1. The Intune connector disables the standard NDES challenge password request URL on the NDES server.
1. The NDES server SCEP URI in most customer deployments is made available to the internet via Azure App Proxy, or an on-prem reverse proxy, i.e. F5.
>[!NOTE]
>The Azure App Proxy is an outbound-only connection over Port 443, from the customers onprem network where the App Proxy connector is running on a server. The AAD app proxy can also be hosted on the NDES server. No inbound ports required when using Azure App Proxy.
1. The mobile device talks only to the NDES URI
1. Side note: AAD app proxy's role is to make onprem resources (like NDES and other customer onprem web services) securely available to the internet.
1. The Intune connector must communicate with the Intune cloud service. The connector communication will not go through the Azure App Proxy. The connector will talk with the Intune cloud service via whatever mechanism a customer has onprem to allow outbound traffic to the internet, i.e. Internal proxy service.
>[!NOTE]
> if a proxy is used by the customer, no SSL packet inspection can take place for the NDES/Connector server going out.
1. Connector traffic with Intune cloud service consists of the following operations:
1. 1st time configuration of the connector: Authentication to AAD during the initial connector setup.
1. Connector checks in with Intune, and will process and any cert revocation transactions (i.e, if the Intune tenant admin issues a remote wipe full or partial, also If a user unenrolls their device from Intune), reporting on issued certs, renewing the connectors' SC_Online_Issuing certificate from Intune. Also note: the NDES Intune connector has shared PKCS cert functionality (if you decide to issue PKCS/PFX based certs) so the connector checks to Intune for PKCS cert requests even though there won't be any requests to process. We are splitting that functionality out, so this connector just handles SCEP, but no ETA yet.
1. [Here](https://docs.microsoft.com/intune/intune-endpoints#microsoft-intune-certificate-connector) is a reference for Intune NDES connector network communications.

0
devices/surface-hub/images/sccm-additional.png → devices/surface-hub/images/configmgr-additional.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

0
devices/surface-hub/images/sccm-create.png → devices/surface-hub/images/configmgr-create.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 47 KiB

After

Width:  |  Height:  |  Size: 47 KiB

0
devices/surface-hub/images/sccm-oma-uri.png → devices/surface-hub/images/configmgr-oma-uri.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

0
devices/surface-hub/images/sccm-platform.png → devices/surface-hub/images/configmgr-platform.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

0
devices/surface-hub/images/sccm-team.png → devices/surface-hub/images/configmgr-team.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 37 KiB

14
devices/surface-hub/index.yml
View File

@ -25,17 +25,17 @@ highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items: items:
# Card # Card
- title: What is Surface Hub 2S? - title: What's new in Surface Hub 2S?
itemType: overview itemType: whats-new
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099 url: surface-hub-2s-whats-new.md
# Card # Card
- title: Surface Hub security overview - title: Surface Hub security overview
itemType: learn itemType: learn
url: surface-hub-security.md url: surface-hub-security.md
# Card # Card
- title: What's new in Surface Hub 2S? - title: Manage Surface Hub 2S with Intune
itemType: whats-new itemType: how-to-guide
url: surface-hub-2s-whats-new.md url: surface-hub-2s-manage-intune.md
# Card # Card
- title: Operating system essentials - title: Operating system essentials
itemType: learn itemType: learn

110
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -18,7 +18,7 @@ ms.localizationpriority: medium
Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx). Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx).
Surface Hub has been validated with Microsofts first-party MDM providers: Surface Hub has been validated with Microsoft's first-party MDM providers:
- Microsoft Intune standalone - Microsoft Intune standalone
- On-premises MDM with Microsoft Endpoint Configuration Manager - On-premises MDM with Microsoft Endpoint Configuration Manager
@ -65,25 +65,25 @@ For more information, see [SurfaceHub configuration service provider](https://ms
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes | | Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes | | Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes | | Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager | Yes |
| Friendly name for wireless projection | Properties/FriendlyName | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Friendly name for wireless projection | Properties/FriendlyName | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | | Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set default volume | Properties/DefaultVolume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set default volume | Properties/DefaultVolume | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set screen timeout | Properties/ScreenTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set screen timeout | Properties/ScreenTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set session timeout | Properties/SessionTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set session timeout | Properties/SessionTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set sleep timeout | Properties/SleepTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set sleep timeout | Properties/SleepTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -97,12 +97,12 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> . | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> . | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -110,15 +110,15 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -126,13 +126,13 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -140,7 +140,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes | | Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -150,8 +150,8 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Reboot the device immediately | Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes | | Reboot the device immediately | Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -180,7 +180,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -188,7 +188,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -196,12 +196,12 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Generate OMA URIs for settings ### Generate OMA URIs for settings
You need to use a settings OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager. You need to use a setting's OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager.
**To generate the OMA URI for any setting in the CSP documentation** **To generate the OMA URI for any setting in the CSP documentation**
1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>` <br> 1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>` <br>
@ -217,15 +217,13 @@ The data type is also stated in the CSP documentation. The most common data type
- bool (Boolean) - bool (Boolean)
<span id="example-intune">
## Example: Manage Surface Hub settings with Microsoft Intune ## Example: Manage Surface Hub settings with Microsoft Intune
You can use Microsoft Intune to manage Surface Hub settings. For custom settings, follow the instructions in [How to configure custom device settings in Microsoft Intune](https://docs.microsoft.com/intune/custom-settings-configure). For **Platform**, select **Windows 10 and later**, and in **Profile type**, select **Device restrictions (Windows 10 Team)**. You can use Microsoft Intune to manage Surface Hub settings. For custom settings, follow the instructions in [How to configure custom device settings in Microsoft Intune](https://docs.microsoft.com/intune/custom-settings-configure). For **Platform**, select **Windows 10 and later**, and in **Profile type**, select **Device restrictions (Windows 10 Team)**.
<span id="example-sccm"> ## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs. Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
> [!NOTE] > [!NOTE]
@ -238,26 +236,26 @@ Configuration Manager supports managing modern devices that do not require the C
3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item. 3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item.
4. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**. 4. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**.
![example of UI](images/sccm-create.png) ![example of UI](images/configmgr-create.png)
5. On the **Supported Platforms** page, expand **Windows 10** and select **All Windows 10 Team and higher**. Unselect the other Windows platforms, and then click **Next**. 5. On the **Supported Platforms** page, expand **Windows 10** and select **All Windows 10 Team and higher**. Unselect the other Windows platforms, and then click **Next**.
![select platform](images/sccm-platform.png) ![select platform](images/configmgr-platform.png)
7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**. 7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**.
8. On the **Windows 10 Team** page, configure the settings you require. 8. On the **Windows 10 Team** page, configure the settings you require.
![Windows 10 Team](images/sccm-team.png) ![Windows 10 Team](images/configmgr-team.png)
9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**. 9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**.
![additional settings](images/sccm-additional.png) ![additional settings](images/configmgr-additional.png)
10. On the **Additional Settings** page, click **Add**. 10. On the **Additional Settings** page, click **Add**.
11. In the **Browse Settings** dialog, click **Create Setting**. 11. In the **Browse Settings** dialog, click **Create Setting**.
12. In the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting. 12. In the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting.
13. Under **Setting type**, select **OMA URI**. 13. Under **Setting type**, select **OMA URI**.
14. Complete the form to create a new setting, and then click **OK**. 14. Complete the form to create a new setting, and then click **OK**.
![OMA URI setting](images/sccm-oma-uri.png) ![OMA URI setting](images/configmgr-oma-uri.png)
15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**. 15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**.
16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**. 16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**.
17. Repeat steps 9 to 15 for each custom setting you want to add to the configuration item. 17. Repeat steps 9 to 15 for each custom setting you want to add to the configuration item.

12
devices/surface-hub/whiteboard-collaboration.md
View File

@ -1,6 +1,6 @@
--- ---
title: Set up and use Microsoft Whiteboard title: Set up and use Microsoft Whiteboard
description: Microsoft Whiteboards latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. description: Microsoft Whiteboard's latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
ms.prod: surface-hub ms.prod: surface-hub
ms.sitesec: library ms.sitesec: library
author: dansimp author: dansimp
@ -14,7 +14,7 @@ ms.localizationpriority: medium
# Set up and use Microsoft Whiteboard # Set up and use Microsoft Whiteboard
The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices to collaborate in real time on the same board. The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices with the Microsoft Whiteboard app installed to collaborate in real time on the same board.
## Prerequisites ## Prerequisites
@ -48,14 +48,16 @@ On the other device, such as a Surface Hub, when you are signed in, the shared b
- You can also change the background color and design from solid to grid or dots. Pick the background, then choose the color from the wheel around it. - You can also change the background color and design from solid to grid or dots. Pick the background, then choose the color from the wheel around it.
- You can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working. - You can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working.
For more information, see [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d).
> [!NOTE] > [!NOTE]
> If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After youre done, tap **Settings** > **Export to email** or save a copy of the board. The SVG export provides higher resolution than PNG and can be opened in a web browser. > If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you're done, tap **Settings** > **Export to email** or save a copy of the board. If you choose to export to SVG, it exports vector graphics and provides higher resolution than PNG and can be opened in a web browser.
## New features in Whiteboard ## New features in Whiteboard
The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a host of new features including: The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a host of new features including:
- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery. - **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery. There is no local folder name or directory.
- **Extended collaboration across devices** - You can collaborate using new apps for Windows 10 PC and iOS, and a web version for other devices. - **Extended collaboration across devices** - You can collaborate using new apps for Windows 10 PC and iOS, and a web version for other devices.
- **Richer canvas** - In addition to ink and images, Whiteboard now includes sticky notes, text and GIFs, with more objects coming soon. - **Richer canvas** - In addition to ink and images, Whiteboard now includes sticky notes, text and GIFs, with more objects coming soon.
- **Intelligence** In addition to ink to shape and table, Whiteboard now includes ink beautification to improve handwriting and ink grab to convert images to ink. - **Intelligence** In addition to ink to shape and table, Whiteboard now includes ink beautification to improve handwriting and ink grab to convert images to ink.
@ -68,3 +70,5 @@ The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a
- [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub) - [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
- [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01) - [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
- [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)

20
devices/surface/index.yml
View File

@ -24,17 +24,18 @@ additionalContent:
- title: For IT Professionals # < 60 chars (optional) - title: For IT Professionals # < 60 chars (optional)
items: items:
# Card # Card
- title: Surface devices - title: Surface devices documentation
summary: Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. summary: Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
url: https://docs.microsoft.com/en-us/surface/get-started url: https://docs.microsoft.com/en-us/surface/get-started
# Card # Card
- title: Surface Hub - title: Surface Hub documentation
summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Learn how to plan, deploy, manage, and support your Surface Hub devices. summary: Learn how to deploy and manage Surface Hub 2S, the all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device.
url: https://docs.microsoft.com/surface-hub/index url: https://docs.microsoft.com/surface-hub/index
# Card # Card
- title: Surface for Business - title: Surface Hub adoption guidance
summary: Explore how Surface devices are transforming the modern workplace with people-centric design and flexible form factors, helping you get the most out of AI, big data, the cloud, and other foundational technologies. summary: Get best practices for technical readiness and adoption across your lines of business.
url: https://www.microsoft.com/surface/business url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
- title: Other resources # < 60 chars (optional) - title: Other resources # < 60 chars (optional)
items: items:
# Card # Card
@ -51,8 +52,7 @@ additionalContent:
url: https://docs.microsoft.com/learn/browse/?term=Surface url: https://docs.microsoft.com/learn/browse/?term=Surface
- text: Microsoft Mechanics Surface videos - text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
- text: Surface Hub 2S adoption and training
url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
# Card # Card
- title: Need help? - title: Need help?
links: links:
@ -60,3 +60,5 @@ additionalContent:
url: https://support.microsoft.com/products/surface-devices url: https://support.microsoft.com/products/surface-devices
- text: Surface Hub - text: Surface Hub
url: https://support.microsoft.com/hub/4343507/surface-hub-help url: https://support.microsoft.com/hub/4343507/surface-hub-help
- text: Contact Surface Hub Support
url: https://support.microsoft.com/supportforbusiness/productselection?sapId=bb7066fb-e329-c1c0-9c13-8e9949c6a64e

2
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -29,7 +29,7 @@ Before you run the diagnostic tool, make sure you have the latest Windows update
**To run the Surface Diagnostic Toolkit for Business:** **To run the Surface Diagnostic Toolkit for Business:**
1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B). 1. Download the Surface Diagnostic Toolkit for Business. To do this, go to the [**Surface Tools for IT** download page](https://www.microsoft.com/download/details.aspx?id=46703), choose **Download**, select **Surface Diagnostic Toolkit for Business** from the provided list, and choose **Next**.
2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business). 2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required.

48
devices/surface/surface-dock-firmware-update.md
View File

@ -1,5 +1,5 @@
--- ---
title: Microsoft Surface Dock Firmware Update title: Microsoft Surface Dock Firmware Update - Technical information for IT administrators
description: This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device. description: This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device.
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: w10 ms.prod: w10
@ -12,22 +12,31 @@ ms.reviewer: scottmca
manager: dansimp manager: dansimp
ms.audience: itpro ms.audience: itpro
--- ---
# Microsoft Surface Dock Firmware Update # Microsoft Surface Dock Firmware Update: Technical information for IT administrators
This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device.
Microsoft Surface Dock Firmware Update supersedes the earlier Microsoft Surface Dock Updater tool, previously available for download as part of Surface Tools for IT. It was named Surface_Dock_Updater_vx.xx.xxx.x.msi (where x indicates the version number). The earlier tool is no longer available for download and should not be used.
> [!IMPORTANT] > [!IMPORTANT]
>Microsoft periodically releases new versions of Surface Dock Firmware Update. The MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version. > This article contains technical instructions for IT administrators. If you are a home user, please see [How to update your Surface Dock Firmware](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock)on the Microsoft Support site. The instructions at the support site are the same as the general installation steps below, but this article has additional information for monitoring, verifying, and deploying the update to multiple devices on a network.
This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device.
This tool supersedes the earlier Microsoft Surface Dock Updater tool, previously available for download as part of Surface Tools for IT. The earlier tool was named Surface_Dock_Updater_vx.xx.xxx.x.msi (where x indicates the version number) and is no longer available for download and should not be used.
## Install the Surface Dock Firmware Update
This section describes how to manually install the firmware update.
> [!NOTE]
> Microsoft periodically releases new versions of Surface Dock Firmware Update. The MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version.
1. Download and install [Microsoft Surface Dock Firmware Update](https://www.microsoft.com/download/details.aspx?id=46703).
- The update requires a Surface device running Windows 10, version 1803 or later.
- Installing the MSI file might prompt you to restart Surface. However, restarting is not required to perform the update.
2. Disconnect your Surface device from the Surface Dock (using the power adapter), wait ~5 seconds, and then reconnect. The Surface Dock Firmware Update will update the dock silently in background. The process can take a few minutes to complete and will continue even if interrupted.
## Monitor the Surface Dock Firmware Update ## Monitor the Surface Dock Firmware Update
This section is optional and provides an overview of how to monitor installation of the firmware update. When you are ready to install the update, see [Install the Surface Dock Firmware Update](#install-the-surface-dock-firmware-update) below. For more detailed information about monitoring the update process, see the following sections in this article: This section is optional and provides an overview of how to monitor installation of the firmware update.
- [How to verify completion of firmware update](#how-to-verify-completion-of-the-firmware-update)
- [Event logging](#event-logging)
- [Troubleshooting tips](#troubleshooting-tips)
- [Versions reference](#versions-reference)
To monitor the update: To monitor the update:
@ -39,7 +48,6 @@ To monitor the update:
Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF\Services\SurfaceDockFwUpdate\Parameters" Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF\Services\SurfaceDockFwUpdate\Parameters"
``` ```
3. Install the update as described in the [next section](#install-the-surface-dock-firmware-update) of this article. 3. Install the update as described in the [next section](#install-the-surface-dock-firmware-update) of this article.
4. Event 2007 with the following text indicates a successful update: **Firmware update finished. hr=0 DriverTelementry EventCode = 2007**. 4. Event 2007 with the following text indicates a successful update: **Firmware update finished. hr=0 DriverTelementry EventCode = 2007**.
- If the update is not successful, then event ID 2007 will be displayed as an **Error** event rather than **Information**. Additionally, the version reported in the Windows Registry will not be current. - If the update is not successful, then event ID 2007 will be displayed as an **Error** event rather than **Information**. Additionally, the version reported in the Windows Registry will not be current.
5. When the update is complete, updated DWORD values will be displayed in the Windows Registry, corresponding to the current version of the tool. See the [Versions reference](#versions-reference) section in this article for details. For example: 5. When the update is complete, updated DWORD values will be displayed in the Windows Registry, corresponding to the current version of the tool. See the [Versions reference](#versions-reference) section in this article for details. For example:
@ -49,15 +57,11 @@ To monitor the update:
>[!TIP] >[!TIP]
>If you see "The description for Event ID xxxx from source SurfaceDockFwUpdate cannot be found" in event text, this is expected and can be ignored. >If you see "The description for Event ID xxxx from source SurfaceDockFwUpdate cannot be found" in event text, this is expected and can be ignored.
## Install the Surface Dock Firmware Update Also see the following sections in this article:
- [How to verify completion of firmware update](#how-to-verify-completion-of-the-firmware-update)
This section describes how to install the firmware update. - [Event logging](#event-logging)
- [Troubleshooting tips](#troubleshooting-tips)
1. Download and install [Microsoft Surface Dock Firmware Update](https://www.microsoft.com/download/details.aspx?id=46703). - [Versions reference](#versions-reference)
- The update requires a Surface device running Windows 10, version 1803 or later.
- Installing the MSI file might prompt you to restart Surface. However, restarting is not required to perform the update.
2. Disconnect your Surface device from the Surface Dock (using the power adapter), wait ~5 seconds, and then reconnect. The Surface Dock Firmware Update will update the dock silently in background. The process can take a few minutes to complete and will continue even if interrupted.
## Network deployment ## Network deployment

1
devices/surface/surface-system-sku-reference.md
View File

@ -39,6 +39,7 @@ System Model and System SKU are variables that are stored in the System Manageme
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial | | Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer | | Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial | | Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop | Surface Laptop | Surface_Laptop |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer | | Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial | | Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 | | Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 |

12
education/windows/take-tests-in-windows-10.md
View File

@ -34,8 +34,12 @@ Many schools use online testing for formative and summative assessments. It's cr
![Set up and user flow for the Take a Test app](images/take_a_test_flow_dark.png) ![Set up and user flow for the Take a Test app](images/take_a_test_flow_dark.png)
There are several ways to configure devices for assessments. You can: There are several ways to configure devices for assessments, depending on your use case:
- **Configure an assessment URL and a dedicated testing account**
- For higher stakes testing such as mid-term exams, you can set up a device with a dedicated testing account and URL.
- For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing.
1. **Configure an assessment URL and a dedicated testing account**
In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing. In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
@ -58,9 +62,9 @@ There are several ways to configure devices for assessments. You can:
For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md). For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md).
- **Distribute the assessment URL through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link** 2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method**
This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments. This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link.
You can enable this using a schema activation. You can enable this using a schema activation.

24
mdop/appv-v5/app-v-51-supported-configurations.md
View File

@ -10,18 +10,16 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.prod: w10 ms.prod: w10
ms.date: 09/27/2016 ms.date: 04/02/2020
--- ---
# App-V 5.1 Supported Configurations # App-V 5.1 Supported Configurations
This topic specifies the requirements to install and run Microsoft Application Virtualization (App-V) 5.1 in your environment. This topic specifies the requirements to install and run Microsoft Application Virtualization (App-V) 5.1 in your environment.
## App-V Server system requirements ## App-V Server system requirements
This section lists the operating system and hardware requirements for all of the App-V Server components. This section lists the operating system and hardware requirements for all of the App-V Server components.
### Unsupported App-V 5.1 Server scenarios ### Unsupported App-V 5.1 Server scenarios
@ -151,7 +149,7 @@ The following table lists the SQL Server versions that are supported for the App
</tbody> </tbody>
</table> </table>
For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f).
### Publishing server operating system requirements ### Publishing server operating system requirements
@ -309,7 +307,6 @@ The following table lists the SQL Server versions that are supported for the App
## <a href="" id="bkmk-client-supp-cfgs"></a>App-V client system requirements ## <a href="" id="bkmk-client-supp-cfgs"></a>App-V client system requirements
The following table lists the operating systems that are supported for the App-V 5.1 client installation. The following table lists the operating systems that are supported for the App-V 5.1 client installation.
**Note:** With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client **Note:** With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
@ -422,7 +419,6 @@ App-V adds no additional requirements beyond those of Windows Server.
## Sequencer system requirements ## Sequencer system requirements
The following table lists the operating systems that are supported for the App-V 5.1 Sequencer installation. The following table lists the operating systems that are supported for the App-V 5.1 Sequencer installation.
<table> <table>
@ -485,7 +481,6 @@ See the Windows or Windows Server documentation for the hardware requirements. A
## <a href="" id="bkmk-supp-ver-sccm"></a>Supported versions of System Center Configuration Manager ## <a href="" id="bkmk-supp-ver-sccm"></a>Supported versions of System Center Configuration Manager
The App-V client supports the following versions of System Center Configuration Manager: The App-V client supports the following versions of System Center Configuration Manager:
- Microsoft System Center 2012 Configuration Manager - Microsoft System Center 2012 Configuration Manager
@ -549,23 +544,8 @@ The following App-V and System Center Configuration Manager version matrix shows
For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx).
## Related topics ## Related topics
[Planning to Deploy App-V](planning-to-deploy-app-v51.md) [Planning to Deploy App-V](planning-to-deploy-app-v51.md)
[App-V 5.1 Prerequisites](app-v-51-prerequisites.md) [App-V 5.1 Prerequisites](app-v-51-prerequisites.md)

3
windows/application-management/app-v/appv-supported-configurations.md
View File

@ -51,12 +51,15 @@ The following table lists the SQL Server versions that the App-V Management data
|SQL Server version|Service pack|System architecture| |SQL Server version|Service pack|System architecture|
|---|---|---| |---|---|---|
|Microsoft SQL Server 2019||32-bit or 64-bit|
|Microsoft SQL Server 2017||32-bit or 64-bit| |Microsoft SQL Server 2017||32-bit or 64-bit|
|Microsoft SQL Server 2016|SP2|32-bit or 64-bit| |Microsoft SQL Server 2016|SP2|32-bit or 64-bit|
|Microsoft SQL Server 2014||32-bit or 64-bit| |Microsoft SQL Server 2014||32-bit or 64-bit|
|Microsoft SQL Server 2012|SP2|32-bit or 64-bit| |Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit| |Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f).
### Publishing server operating system requirements ### Publishing server operating system requirements
The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later. The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.

8
windows/client-management/generate-kernel-or-complete-crash-dump.md
View File

@ -9,7 +9,7 @@ ms.localizationpriority: medium
ms.author: delhan ms.author: delhan
ms.date: 8/28/2019 ms.date: 8/28/2019
ms.reviewer: ms.reviewer:
manager: dcscontentpm manager: willchen
--- ---
# Generate a kernel or complete crash dump # Generate a kernel or complete crash dump
@ -61,7 +61,7 @@ If you can log on while the problem is occurring, you can use the Microsoft Sysi
2. Select **Start**, and then select **Command Prompt**. 2. Select **Start**, and then select **Command Prompt**.
3. At the command line, run the following command: 3. At the command line, run the following command:
```cmd ```console
notMyfault.exe /crash notMyfault.exe /crash
``` ```
@ -80,6 +80,7 @@ To do this, follow these steps:
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
1. In Registry Editor, locate the following registry subkey: 1. In Registry Editor, locate the following registry subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl** **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**. 2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**.
@ -101,6 +102,8 @@ To do this, follow these steps:
9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction. 9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](https://docs.microsoft.com/azure/virtual-machines/linux/serial-console-nmi-sysrq).
### Use the keyboard ### Use the keyboard
[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard) [Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
@ -108,4 +111,3 @@ To do this, follow these steps:
### Use Debugger ### Use Debugger
[Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger) [Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)

5
windows/client-management/mdm/accounts-csp.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: lomayor author: lomayor
ms.date: 04/17/2018 ms.date: 03/27/2020
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
--- ---
@ -39,6 +39,9 @@ Available naming macros:
Supported operation is Add. Supported operation is Add.
> [!Note]
> For desktop PCs on the next major release of Windows 10 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md).
<a href="" id="users"></a>**Users** <a href="" id="users"></a>**Users**
Interior node for the user account information. Interior node for the user account information.

42
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -9,7 +9,6 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: lomayor author: lomayor
ms.date: 09/05/2017
--- ---
# Azure Active Directory integration with MDM # Azure Active Directory integration with MDM
@ -37,7 +36,8 @@ Windows 10 introduces a new way to configure and deploy corporate owned Windows
Azure AD Join also enables company owned devices to be automatically enrolled in, and managed by an MDM. Furthermore, Azure AD Join can be performed on a store-bought PC, in the out-of-box experience (OOBE), which helps organizations streamline their device deployment. An administrator can require that users belonging to one or more groups enroll their devices for management with an MDM. If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device will not be joined to Azure AD. Azure AD Join also enables company owned devices to be automatically enrolled in, and managed by an MDM. Furthermore, Azure AD Join can be performed on a store-bought PC, in the out-of-box experience (OOBE), which helps organizations streamline their device deployment. An administrator can require that users belonging to one or more groups enroll their devices for management with an MDM. If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device will not be joined to Azure AD.
> **Important**  Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](https://msdn.microsoft.com/library/azure/dn499825.aspx) license. > [!IMPORTANT]
> Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](https://msdn.microsoft.com/library/azure/dn499825.aspx) license.
### BYOD scenario ### BYOD scenario
@ -60,7 +60,8 @@ For Azure AD enrollment to work for an Active Directory Federated Services (AD F
Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar. Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar.
> **Note**  Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account. > [!NOTE]
> Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
### MDM endpoints involved in Azure AD integrated enrollment ### MDM endpoints involved in Azure AD integrated enrollment
@ -80,7 +81,7 @@ To support Azure AD enrollment, MDM vendors must host and expose a Terms of Use
<a href="" id="terms-of-use-endpoint-"></a>**Terms of Use endpoint** <a href="" id="terms-of-use-endpoint-"></a>**Terms of Use endpoint**
Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting users consent before the actual enrollment phase begins. Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting users consent before the actual enrollment phase begins.
Its important to understand that the Terms of Use flow is a "black box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL, and the user is expected to be redirected back after approving (or in some cases rejecting) the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios (e.g., different levels of control are applied on BYOD vs. company-owned devices) or implement user/group based targeting (e.g. users in certain geographies may be subject to stricter device management policies). Its important to understand that the Terms of Use flow is a "black box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL, and the user is expected to be redirected back after approving (or in some cases rejecting) the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios (e.g., different levels of control are applied on BYOD vs. company-owned devices) or implement user/group based targeting (e.g., users in certain geographies may be subject to stricter device management policies).
The Terms of Use endpoint can be used to implement additional business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which could lead to a highly degraded user experience. Its not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD. The Terms of Use endpoint can be used to implement additional business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which could lead to a highly degraded user experience. Its not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD.
@ -103,7 +104,8 @@ A cloud-based MDM is a SaaS application that provides device management capabili
The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661). The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661).
> **Note**  For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal. > [!NOTE]
> For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal.
The keys used by the MDM application to request access tokens from Azure AD are managed within the tenant of the MDM vendor and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, regardless of the customer tenent to which the device being managed belongs. The keys used by the MDM application to request access tokens from Azure AD are managed within the tenant of the MDM vendor and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, regardless of the customer tenent to which the device being managed belongs.
@ -136,7 +138,7 @@ For more information about how to register a sample application with Azure AD, s
An on-premises MDM application is inherently different that a cloud MDM. It is a single-tenant application that is present uniquely within the tenant of the customer. Therefore, customers must add the application directly within their own tenant. Additionally, each instance of an on-premises MDM application must be registered separately and has a separate key for authentication with Azure AD. An on-premises MDM application is inherently different that a cloud MDM. It is a single-tenant application that is present uniquely within the tenant of the customer. Therefore, customers must add the application directly within their own tenant. Additionally, each instance of an on-premises MDM application must be registered separately and has a separate key for authentication with Azure AD.
The customer experience for adding an on-premises MDM to their tenant is similar to that as the cloud-based MDM. There is an entry in the Azure AD app gallery to add an on-premises MDN to the tenant and administrators can configure the required URLs for enrollment and Terms of Use. To add an on-premises MDM application to the tenant, there is an entry under the Azure AD service, specifically under **Mobility (MDM and MAM)** > **Add application**. Administrators can configure the required URLs for enrollment and Terms of Use.
Your on-premises MDM product must expose a configuration experience where administrators can provide the client ID, app ID, and the key configured in their directory for that MDM application. You can use this client ID and key to request tokens from Azure AD when reporting device compliance. Your on-premises MDM product must expose a configuration experience where administrators can provide the client ID, app ID, and the key configured in their directory for that MDM application. You can use this client ID and key to request tokens from Azure AD when reporting device compliance.
@ -236,7 +238,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
<thead> <thead>
<tr class="header"> <tr class="header">
<th>CXH-HOST (HTTP HEADER)</th> <th>CXH-HOST (HTTP HEADER)</th>
<th>Senario</th> <th>Scenario</th>
<th>Background Theme</th> <th>Background Theme</th>
<th>WinJS</th> <th>WinJS</th>
<th>Scenario CSS</th> <th>Scenario CSS</th>
@ -343,14 +345,14 @@ The following claims are expected in the access token passed by Windows to the T
</tbody> </tbody>
</table> </table>
&gt; <strong>Note</strong> There is no device ID claim in the access token because the device may not yet be enrolled at this time. > [!NOTE]
> There is no device ID claim in the access token because the device may not yet be enrolled at this time.
To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654). To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654).
Here's an example URL. Here's an example URL.
``` syntax ```console
https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm/ToUResponse&client-request-id=34be581c-6ebd-49d6-a4e1-150eff4b7213&api-version=1.0 https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm/ToUResponse&client-request-id=34be581c-6ebd-49d6-a4e1-150eff4b7213&api-version=1.0
Authorization: Bearer eyJ0eXAiOi Authorization: Bearer eyJ0eXAiOi
``` ```
@ -390,7 +392,7 @@ If an error was encountered during the terms of use processing, the MDM can retu
Here is the URL format: Here is the URL format:
``` syntax ```console
HTTP/1.1 302 HTTP/1.1 302
Location: Location:
<redirect_uri>?error=access_denied&error_description=Access%20is%20denied%2E <redirect_uri>?error=access_denied&error_description=Access%20is%20denied%2E
@ -426,7 +428,7 @@ The following table shows the error codes.
<td style="vertical-align:top"><p>unsupported version</p></td> <td style="vertical-align:top"><p>unsupported version</p></td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td style="vertical-align:top"><p>Tenant or user data are missingor other required prerequisites for device enrollment are not met</p></td> <td style="vertical-align:top"><p>Tenant or user data are missing or other required prerequisites for device enrollment are not met</p></td>
<td style="vertical-align:top"><p>302</p></td> <td style="vertical-align:top"><p>302</p></td>
<td style="vertical-align:top"><p>unauthorized_client</p></td> <td style="vertical-align:top"><p>unauthorized_client</p></td>
<td style="vertical-align:top"><p>unauthorized user or tenant</p></td> <td style="vertical-align:top"><p>unauthorized user or tenant</p></td>
@ -601,7 +603,7 @@ In this scenario, the MDM enrollment applies to a single user who initially adde
<a href="" id="evaluating-azure-ad-user-tokens"></a>**Evaluating Azure AD user tokens** <a href="" id="evaluating-azure-ad-user-tokens"></a>**Evaluating Azure AD user tokens**
The Azure AD token is in the HTTP Authorization header in the following format: The Azure AD token is in the HTTP Authorization header in the following format:
``` syntax ```console
Authorization:Bearer <Azure AD User Token Inserted here> Authorization:Bearer <Azure AD User Token Inserted here>
``` ```
@ -621,7 +623,7 @@ Access token issued by Azure AD are JSON web tokens (JWTs). A valid JWT token is
An alert is sent when the DM session starts and there is an Azure AD user logged in. The alert is sent in OMA DM pkg\#1. Here's an example: An alert is sent when the DM session starts and there is an Azure AD user logged in. The alert is sent in OMA DM pkg\#1. Here's an example:
``` syntax ```xml
Alert Type: com.microsoft/MDM/AADUserToken Alert Type: com.microsoft/MDM/AADUserToken
Alert sample: Alert sample:
@ -636,7 +638,7 @@ Alert sample:
<Data>UserToken inserted here</Data> <Data>UserToken inserted here</Data>
</Item> </Item>
</Alert> </Alert>
… other xml tags … … other XML tags …
</SyncBody> </SyncBody>
``` ```
@ -665,7 +667,7 @@ Here's an example.
<Data>user</Data> <Data>user</Data>
</Item> </Item>
</Alert> </Alert>
… other xml tags … … other XML tags …
</SyncBody> </SyncBody>
``` ```
@ -682,9 +684,10 @@ For a sample that illustrates how an MDM can obtain an access token using OAuth
The following sample REST API call illustrates how an MDM can use the Azure AD Graph API to report compliance status of a device currently being managed by it. The following sample REST API call illustrates how an MDM can use the Azure AD Graph API to report compliance status of a device currently being managed by it.
> **Note**  This is only applicable for approved MDM apps on Windows 10 devices. > [!NOTE]
> This is only applicable for approved MDM apps on Windows 10 devices.
``` syntax ```console
Sample Graph API Request: Sample Graph API Request:
PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655ca7f52ae1?api-version=beta HTTP/1.1 PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655ca7f52ae1?api-version=beta HTTP/1.1
@ -713,7 +716,7 @@ Response:
When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data. When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
![aadj unenerollment](images/azure-ad-unenrollment.png) ![aadj unenrollment](images/azure-ad-unenrollment.png)
## Error codes ## Error codes
@ -921,4 +924,3 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di

157
windows/client-management/mdm/devdetail-csp.md
View File

@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: manikadhiman author: manikadhiman
ms.date: 07/11/2018 ms.date: 03/27/2020
--- ---
# DevDetail CSP # DevDetail CSP
@ -29,121 +29,136 @@ The following diagram shows the DevDetail configuration service provider managem
![devdetail csp (dm)](images/provisioning-csp-devdetail-dm.png) ![devdetail csp (dm)](images/provisioning-csp-devdetail-dm.png)
<a href="" id="devtyp"></a>**DevTyp** <a href="" id="devtyp"></a>**DevTyp**
<p style="margin-left: 20px"><p style="margin-left: 20px">Required. Returns the device model name /SystemProductName as a string. Required. Returns the device model name /SystemProductName as a string.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="oem"></a>**OEM** <a href="" id="oem"></a>**OEM**
<p style="margin-left: 20px">Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2. Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="fwv"></a>**FwV** <a href="" id="fwv"></a>**FwV**
<p style="margin-left: 20px">Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision. Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
<p style="margin-left: 20px">For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion. For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="swv"></a>**SwV** <a href="" id="swv"></a>**SwV**
<p style="margin-left: 20px">Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge. Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="hwv"></a>**HwV** <a href="" id="hwv"></a>**HwV**
<p style="margin-left: 20px">Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision. Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
<p style="margin-left: 20px">For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion. For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="lrgobj"></a>**LrgObj** <a href="" id="lrgobj"></a>**LrgObj**
<p style="margin-left: 20px">Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2. Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="uri-maxdepth"></a>**URI/MaxDepth** <a href="" id="uri-maxdepth"></a>**URI/MaxDepth**
<p style="margin-left: 20px">Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0). Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0).
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<p style="margin-left: 20px">This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth. This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
<a href="" id="uri-maxtotlen"></a>**URI/MaxTotLen** <a href="" id="uri-maxtotlen"></a>**URI/MaxTotLen**
<p style="margin-left: 20px">Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0). Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<p style="margin-left: 20px">This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length. This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
<a href="" id="uri-maxseglen"></a>**URI/MaxSegLen** <a href="" id="uri-maxseglen"></a>**URI/MaxSegLen**
<p style="margin-left: 20px">Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0). Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<p style="margin-left: 20px">This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length. This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
<a href="" id="ext-microsoft-mobileid"></a>**Ext/Microsoft/MobileID** <a href="" id="ext-microsoft-mobileid"></a>**Ext/Microsoft/MobileID**
<p style="margin-left: 20px">Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support. Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<p style="margin-left: 20px">The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element. The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
<a href="" id="ext-microsoft-localtime"></a>**Ext/Microsoft/LocalTime**
<p style="margin-left: 20px">Required. Returns the client local time in ISO 8601 format.
<p style="margin-left: 20px">Supported operation is Get.
<a href="" id="ext-microsoft-osplatform"></a>**Ext/Microsoft/OSPlatform**
<p style="margin-left: 20px">Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
<p style="margin-left: 20px">Supported operation is Get.
<a href="" id="ext-microsoft-processortype"></a>**Ext/Microsoft/ProcessorType**
<p style="margin-left: 20px">Required. Returns the processor type of the device as documented in SYSTEM_INFO.
<p style="margin-left: 20px">Supported operation is Get.
<a href="" id="ext-microsoft-radioswv"></a>**Ext/Microsoft/RadioSwV** <a href="" id="ext-microsoft-radioswv"></a>**Ext/Microsoft/RadioSwV**
<p style="margin-left: 20px">Required. Returns the radio stack software version number. Required. Returns the radio stack software version number.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="ext-microsoft-resolution"></a>**Ext/Microsoft/Resolution** <a href="" id="ext-microsoft-resolution"></a>**Ext/Microsoft/Resolution**
<p style="margin-left: 20px">Required. Returns the UI screen resolution of the device (example: &quot;480x800&quot;). Required. Returns the UI screen resolution of the device (example: &quot;480x800&quot;).
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="ext-microsoft-commercializationoperator"></a>**Ext/Microsoft/CommercializationOperator** <a href="" id="ext-microsoft-commercializationoperator"></a>**Ext/Microsoft/CommercializationOperator**
<p style="margin-left: 20px">Required. Returns the name of the mobile operator if it exists; otherwise it returns 404.. Required. Returns the name of the mobile operator if it exists; otherwise it returns 404..
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="ext-microsoft-processorarchitecture"></a>**Ext/Microsoft/ProcessorArchitecture** <a href="" id="ext-microsoft-processorarchitecture"></a>**Ext/Microsoft/ProcessorArchitecture**
<p style="margin-left: 20px">Required. Returns the processor architecture of the device as &quot;arm&quot; or &quot;x86&quot;. Required. Returns the processor architecture of the device as &quot;arm&quot; or &quot;x86&quot;.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="ext-microsoft-processortype"></a>**Ext/Microsoft/ProcessorType**
Required. Returns the processor type of the device as documented in SYSTEM_INFO.
Supported operation is Get.
<a href="" id="ext-microsoft-osplatform"></a>**Ext/Microsoft/OSPlatform**
Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
Supported operation is Get.
<a href="" id="ext-microsoft-localtime"></a>**Ext/Microsoft/LocalTime**
Required. Returns the client local time in ISO 8601 format.
Supported operation is Get.
<a href="" id="ext-microsoft-devicename"></a>**Ext/Microsoft/DeviceName** <a href="" id="ext-microsoft-devicename"></a>**Ext/Microsoft/DeviceName**
<p style="margin-left: 20px">Required. Contains the user-specified device name. Required. Contains the user-specified device name.
<p style="margin-left: 20px">Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs. Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
<p style="margin-left: 20px">Value type is string. Value type is string.
<p style="margin-left: 20px">Supported operations are Get and Replace. Supported operations are Get and Replace.
<a href="" id="ext-microsoft-dnscomputername "></a>**Ext/Microsoft/DNSComputerName**
Added in the next major release of Windows 10. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md).
The following are the available naming macros:
| Macro | Description | Example | Generated Name |
| -------| -------| -------| -------|
| %RAND:<# of digits> | Generates the specified number of random digits. | Test%RAND:6% | Test123456|
| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| Test-Device-%SERIAL% | Test-Device-456|
Value type is string. Supported operations are Get and Replace.
> [!Note]
> On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer&quot;s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
<a href="" id="ext-microsoft-totalstorage"></a>**Ext/Microsoft/TotalStorage** <a href="" id="ext-microsoft-totalstorage"></a>**Ext/Microsoft/TotalStorage**
<p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage). Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
> [!NOTE] > [!NOTE]
> This is only supported in Windows 10 Mobile. > This is only supported in Windows 10 Mobile.
<a href="" id="ext-microsoft-totalram"></a>**Ext/Microsoft/TotalRAM** <a href="" id="ext-microsoft-totalram"></a>**Ext/Microsoft/TotalRAM**
<p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory). Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
Supported operation is Get. Supported operation is Get.
@ -153,45 +168,45 @@ Added in Windows 10, version 1809. SMBIOS Serial Number of the device.
Value type is string. Supported operation is Get. Value type is string. Supported operation is Get.
<a href="" id="ext-wlanmacaddress"></a>**Ext/WLANMACAddress** <a href="" id="ext-wlanmacaddress"></a>**Ext/WLANMACAddress**
<p style="margin-left: 20px">The MAC address of the active WLAN connection, as a 12-digit hexadecimal number. The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
> [!NOTE] > [!NOTE]
> This is not supported in Windows 10 for desktop editions. > This is not supported in Windows 10 for desktop editions.
<a href="" id="volteservicesetting"></a>**Ext/VoLTEServiceSetting** <a href="" id="volteservicesetting"></a>**Ext/VoLTEServiceSetting**
<p style="margin-left: 20px">Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers. Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="wlanipv4address"></a>**Ext/WlanIPv4Address** <a href="" id="wlanipv4address"></a>**Ext/WlanIPv4Address**
<p style="margin-left: 20px">Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers. Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="wlanipv6address"></a>**Ext/WlanIPv6Address** <a href="" id="wlanipv6address"></a>**Ext/WlanIPv6Address**
<p style="margin-left: 20px">Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers. Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="wlandnssuffix"></a>**Ext/WlanDnsSuffix** <a href="" id="wlandnssuffix"></a>**Ext/WlanDnsSuffix**
<p style="margin-left: 20px">Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers. Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="wlansubnetmask"></a>**Ext/WlanSubnetMask** <a href="" id="wlansubnetmask"></a>**Ext/WlanSubnetMask**
<p style="margin-left: 20px">Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers. Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
<a href="" id="devicehardwaredata"></a>**Ext/DeviceHardwareData** <a href="" id="devicehardwaredata"></a>**Ext/DeviceHardwareData**
<p style="margin-left: 20px">Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device. Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
> [!NOTE] > [!NOTE]
> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information. > This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
<p style="margin-left: 20px">Supported operation is Get. Supported operation is Get.
## Related topics ## Related topics

24
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -21,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DevDeta
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is for Windows 10, version 1809. The XML below is the current version for this CSP.
```xml ```xml
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
@ -488,6 +488,28 @@ The XML below is for Windows 10, version 1809.
</DFType> </DFType>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>DNSComputerName</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<Description>This node specifies the DNS name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:&lt;# of digits&gt;% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. If both macros are in the string, the RANDOM macro will take priority over the SERIAL macro (SERIAL will be ignored). The server must explicitly reboot the device for this value to take effect. This value has a maximum allowed length of 63 characters as per DNS standards.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node> <Node>
<NodeName>TotalStorage</NodeName> <NodeName>TotalStorage</NodeName>
<DFProperties> <DFProperties>

BIN
windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 61 KiB

2
windows/client-management/mdm/policy-csp-exploitguard.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope--> <!--/Scope-->
<!--Description--> <!--Description-->
Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/exploit-protection) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Enable Exploit Protection on Devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
The system settings require a reboot; the application settings do not require a reboot. The system settings require a reboot; the application settings do not require a reboot.

4
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows ms.technology: windows
author: manikadhiman author: manikadhiman
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 03/24/2020 ms.date: 04/07/2020
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
@ -149,6 +149,8 @@ where:
The member SID can be a user account or a group in AD, Azure AD, or on the local machine. Membership is configured using the [NetLocalGroupSetMembers](https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API. The member SID can be a user account or a group in AD, Azure AD, or on the local machine. Membership is configured using the [NetLocalGroupSetMembers](https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API.
- In this example, `Group1` and `Group2` are local groups on the device being configured. - In this example, `Group1` and `Group2` are local groups on the device being configured.
> [!Note]
> Currently, the RestrictedGroups/ConfigureGroupMembership policy does not have a MemberOf functionality. However, you can add a local group as a member to another local group by using the member portion, as shown in the above example.
<!--/Example--> <!--/Example-->
<!--Validation--> <!--Validation-->

1
windows/client-management/mdm/policy-csp-start.md
View File

@ -1025,6 +1025,7 @@ To validate on Desktop, do the following:
[Scope](./policy-configuration-service-provider.md#policy-scope): [Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] > [!div class = "checklist"]
> * User
> * Device > * Device
<hr/> <hr/>

6
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -53,17 +53,17 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID - Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
``` ```
<Data>*S-1-5-32-544&#61440;*S-1-5-11</Data> <Data>*S-1-5-32-544&#xF000;*S-1-5-11</Data>
``` ```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings - Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
``` ```
<Data>*S-1-5-32-544&#61440;Authenticated Users</Data> <Data>*S-1-5-32-544&#xF000;Authenticated Users</Data>
``` ```
- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings - Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
``` ```
<Data>Authenticated Users&#61440;Administrators</Data> <Data>Authenticated Users&#xF000;Administrators</Data>
``` ```
- Empty input indicates that there are no users configured to have that user right - Empty input indicates that there are no users configured to have that user right

4
windows/client-management/mdm/reboot-csp.md
View File

@ -45,12 +45,16 @@ Setting a null (empty) date will delete the existing schedule. In accordance wit
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p> <p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>
<p style="margin-left: 20px">The supported data type is "String".</p>
<a href="" id="schedule-dailyrecurrent"></a>**Schedule/DailyRecurrent** <a href="" id="schedule-dailyrecurrent"></a>**Schedule/DailyRecurrent**
<p style="margin-left: 20px">This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00. </br> <p style="margin-left: 20px">This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00. </br>
Example to configure: 2018-10-25T18:00:00</p> Example to configure: 2018-10-25T18:00:00</p>
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p> <p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>
<p style="margin-left: 20px">The supported data type is "String".</p>
## Related topics ## Related topics

1
windows/client-management/mdm/vpnv2-profile-xsd.md
View File

@ -175,6 +175,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
<xs:sequence> <xs:sequence>
<xs:element name="Address" type="xs:string" minOccurs="1" maxOccurs="1"/> <xs:element name="Address" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="PrefixSize" type="xs:unsignedByte" minOccurs="1" maxOccurs="1"/> <xs:element name="PrefixSize" type="xs:unsignedByte" minOccurs="1" maxOccurs="1"/>
<xs:element name="ExclusionRoute" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>

0
windows/configuration/images/sccm-asset.PNG → windows/configuration/images/configmgr-asset.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 91 KiB

After

Width:  |  Height:  |  Size: 91 KiB

0
windows/configuration/images/sccm-assets.PNG → windows/configuration/images/configmgr-assets.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 131 KiB

After

Width:  |  Height:  |  Size: 131 KiB

0
windows/configuration/images/sccm-client.PNG → windows/configuration/images/configmgr-client.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 97 KiB

0
windows/configuration/images/sccm-collection.PNG → windows/configuration/images/configmgr-collection.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 38 KiB

0
windows/configuration/images/sccm-install-os.PNG → windows/configuration/images/configmgr-install-os.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

0
windows/configuration/images/sccm-post-refresh.PNG → windows/configuration/images/configmgr-post-refresh.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 385 KiB

After

Width:  |  Height:  |  Size: 385 KiB

0
windows/configuration/images/sccm-pxe.PNG → windows/configuration/images/configmgr-pxe.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

0
windows/configuration/images/sccm-site.PNG → windows/configuration/images/configmgr-site.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 41 KiB

0
windows/configuration/images/sccm-software-cntr.PNG → windows/configuration/images/configmgr-software-cntr.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 35 KiB

18
windows/deployment/TOC.md
View File

@ -103,15 +103,16 @@
##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md) ##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
### Deploy Windows 10 with Microsoft Endpoint Configuration Manager ### Deploy Windows 10 with Microsoft Endpoint Configuration Manager
#### [Prepare for Windows 10 deployment with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) #### Prepare for Windows 10 deployment with Configuration Manager
##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
#### Deploy Windows 10 with Configuration Manager
##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md) ##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md) ##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) ##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) ##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md) ##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md)
##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) ##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
#### Deploy Windows 10 with Configuration Manager
##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md) ##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)
##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) ##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
@ -245,13 +246,20 @@
### Monitor Windows Updates ### Monitor Windows Updates
#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) #### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
#### [Get started with Update Compliance](update/update-compliance-get-started.md) #### [Get started with Update Compliance](update/update-compliance-get-started.md)
##### [Update Compliance Configuration Script](update/update-compliance-configuration-script.md)
##### [Manually Configuring Devices for Update Compliance](update/update-compliance-configuration-manual.md)
#### [Use Update Compliance](update/update-compliance-using.md) #### [Use Update Compliance](update/update-compliance-using.md)
##### [Need Attention! report](update/update-compliance-need-attention.md) ##### [Need Attention! report](update/update-compliance-need-attention.md)
##### [Security Update Status report](update/update-compliance-security-update-status.md) ##### [Security Update Status report](update/update-compliance-security-update-status.md)
##### [Feature Update Status report](update/update-compliance-feature-update-status.md) ##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md) ##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
##### [Update Compliance Perspectives](update/update-compliance-perspectives.md) ##### [Data Handling and Privacy in Update Compliance](update/update-compliance-privacy.md)
##### [Update Compliance Schema Reference](update/update-compliance-schema.md)
###### [WaaSUpdateStatus](update/update-compliance-schema-waasupdatestatus.md)
###### [WaaSInsiderStatus](update/update-compliance-schema-waasinsiderstatus.md)
###### [WaaSDeploymentStatus](update/update-compliance-schema-waasdeploymentstatus.md)
###### [WUDOStatus](update/update-compliance-schema-wudostatus.md)
###### [WUDOAggregatedStatus](update/update-compliance-schema-wudoaggregatedstatus.md)
### Best practices ### Best practices
#### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md) #### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
#### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md) #### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md)

7
windows/deployment/deploy-windows-cm/TOC.md
View File

@ -1,13 +1,14 @@
# Deploy Windows 10 with Microsoft Endpoint Configuration Manager # Deploy Windows 10 with Microsoft Endpoint Configuration Manager
## [Prepare for Windows 10 deployment with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) ## Prepare for Windows 10 deployment with Configuration Manager
### [Prepare for Zero Touch Installation with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
## Deploy Windows 10 with Configuration Manager
### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) ### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) ### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) ### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) ### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md) ### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) ### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
## Deploy Windows 10 with Configuration Manager
### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) ### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) ### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)

17
windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
View File

@ -21,7 +21,16 @@ ms.topic: article
- Windows 10 - Windows 10
In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001. In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
This topic assumes that you have completed the following prerequisite procedures:
- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001). For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001).
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS). - DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS).
@ -36,10 +45,8 @@ All servers are running Windows Server 2019. However, an earlier, supported vers
All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates. All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
>[!NOTE] >[!NOTE]
>No WDS console configuration required for PXE to work. Everything is done with the Configuration Manager console. >No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
## Procedures ## Procedures
@ -52,7 +59,7 @@ An existing Configuration Manager infrastructure that is integrated with MDT is
* Install the Windows 10 operating system. * Install the Windows 10 operating system.
* Install the Configuration Manager client and the client hotfix. * Install the Configuration Manager client and the client hotfix.
* Join the machine to the domain. * Join the computer to the domain.
* Install the application added to the task sequence. * Install the application added to the task sequence.
>[!NOTE] >[!NOTE]

0
windows/deployment/images/sccm-asset.PNG → windows/deployment/images/configmgr-asset.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 91 KiB

After

Width:  |  Height:  |  Size: 91 KiB

0
windows/deployment/images/sccm-assets.PNG → windows/deployment/images/configmgr-assets.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 141 KiB

After

Width:  |  Height:  |  Size: 141 KiB

0
windows/deployment/images/sccm-client.PNG → windows/deployment/images/configmgr-client.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 97 KiB

0
windows/deployment/images/sccm-collection.PNG → windows/deployment/images/configmgr-collection.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 38 KiB

0
windows/deployment/images/sccm-install-os.PNG → windows/deployment/images/configmgr-install-os.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

0
windows/deployment/images/sccm-post-refresh.PNG → windows/deployment/images/configmgr-post-refresh.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 385 KiB

After

Width:  |  Height:  |  Size: 385 KiB

0
windows/deployment/images/sccm-pxe.PNG → windows/deployment/images/configmgr-pxe.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

0
windows/deployment/images/sccm-site.PNG → windows/deployment/images/configmgr-site.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 41 KiB

0
windows/deployment/images/sccm-software-cntr.PNG → windows/deployment/images/configmgr-software-cntr.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 35 KiB

2
windows/deployment/mbr-to-gpt.md
View File

@ -233,7 +233,7 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
1. Disk validation is performed. 1. Disk validation is performed.
2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist. 2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist.
3. UEFI boot files are installed to the ESP. 3. UEFI boot files are installed to the ESP.
4. GPT metatdata and layout information is applied. 4. GPT metadata and layout information is applied.
5. The boot configuration data (BCD) store is updated. 5. The boot configuration data (BCD) store is updated.
6. Drive letter assignments are restored. 6. Drive letter assignments are restored.

6
windows/deployment/planning/windows-10-deprecated-features.md
View File

@ -21,7 +21,8 @@ The features described below are no longer being actively developed, and might b
**The following list is subject to change and might not include every affected feature or functionality.** **The following list is subject to change and might not include every affected feature or functionality.**
>If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). > [!NOTE]
> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
|Feature | Details and mitigation | Announced in version | |Feature | Details and mitigation | Announced in version |
| ----------- | --------------------- | ---- | | ----------- | --------------------- | ---- |
@ -47,7 +48,6 @@ The features described below are no longer being actively developed, and might b
|Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**<br>&nbsp;<br>The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 | |Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**<br>&nbsp;<br>The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 |
|IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 | |IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 |
|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 | |IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 | |RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | |Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 | |Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 |
@ -63,4 +63,4 @@ The features described below are no longer being actively developed, and might b
|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 | |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 | |TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
|IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 | |IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 |
|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quite switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.| |wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.|

7
windows/deployment/planning/windows-10-removed-features.md
View File

@ -18,7 +18,7 @@ ms.topic: article
Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.** Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.**
For information about features that might be removed in a future release, see [Windows 10 features were no longer developing](windows-10-deprecated-features.md) For information about features that might be removed in a future release, see [Windows 10 features were no longer developing](windows-10-deprecated-features.md).
> [!NOTE] > [!NOTE]
> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. > Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
@ -50,12 +50,13 @@ The following features and functionalities have been removed from the installed
|Reading List | Functionality to be integrated into Microsoft Edge. | 1709 | |Reading List | Functionality to be integrated into Microsoft Edge. | 1709 |
|Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | |Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 | |Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 |
|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193).| 1709 | |TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 |
|Tile Data Layer |To be replaced by the Tile Store.| 1709 | |Tile Data Layer |To be replaced by the Tile Store.| 1709 |
|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 | |Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 |
|By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 | |By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 |
|Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 | |Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 |
|Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 | |Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 | |NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 | |Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 | |WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |

BIN
windows/deployment/update/images/UC-vid-crop.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/deployment/update/images/UC_00_marketplace_search.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 171 KiB

BIN
windows/deployment/update/images/UC_01_marketplace_create.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 280 KiB

BIN
windows/deployment/update/images/UC_02_workspace_create.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 123 KiB

BIN
windows/deployment/update/images/UC_03_workspace_select.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 92 KiB

BIN
windows/deployment/update/images/UC_04_resourcegrp_deployment_successful.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 130 KiB

BIN
windows/deployment/update/images/UC_commercialID.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/deployment/update/images/UC_commercialID_GP.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 83 KiB

BIN
windows/deployment/update/images/UC_telemetrylevel.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 86 KiB

BIN
windows/deployment/update/images/UC_workspace_WDAV_status.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-01-wdav.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/update/images/uc-01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/update/images/uc-02.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 642 KiB

BIN
windows/deployment/update/images/uc-02a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.3 KiB

BIN
windows/deployment/update/images/uc-03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 796 KiB

BIN
windows/deployment/update/images/uc-03a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/deployment/update/images/uc-04.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 150 KiB

BIN
windows/deployment/update/images/uc-04a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 50 KiB

BIN
windows/deployment/update/images/uc-05.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 135 KiB

BIN
windows/deployment/update/images/uc-05a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 30 KiB

BIN
windows/deployment/update/images/uc-06.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 110 KiB

BIN
windows/deployment/update/images/uc-06a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/deployment/update/images/uc-07.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 120 KiB

BIN
windows/deployment/update/images/uc-07a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/deployment/update/images/uc-08.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 345 KiB

BIN
windows/deployment/update/images/uc-08a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/deployment/update/images/uc-09.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 68 KiB

BIN
windows/deployment/update/images/uc-09a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
windows/deployment/update/images/uc-10.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 157 KiB

BIN
windows/deployment/update/images/uc-10a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
windows/deployment/update/images/uc-11.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
windows/deployment/update/images/uc-12.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
windows/deployment/update/images/uc-13.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-14.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 76 KiB

BIN
windows/deployment/update/images/uc-15.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

Some files were not shown because too many files have changed in this diff Show More