deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4919 from MicrosoftDocs/master

Browse Source 
Publish 3/17/2021 10:30 AM PT
This commit is contained in:
Tina Burden 2021-03-17 10:35:44 -07:00 committed by GitHub
commit 81cea15500
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 57 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
store-for-business/roles-and-permissions-microsoft-store-for-business.md
View File

@ -13,11 +13,16 @@ author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/10/2021
ms.date: 03/16/2021
---
# Roles and permissions in Microsoft Store for Business and Education
**Applies to**
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@ -33,60 +38,63 @@ This table lists the global user accounts and the permissions they have in Micro
| ------------------------------ | --------------------- | --------------------- |
| Sign up for Microsoft Store for Business and Education | X |
| Modify company profile settings | X | |
| Purchase apps | X | X |
| Purchase apps | X | X |
| Distribute apps | X | X |
| Purchase subscription-based software | X | X |
**Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
- **Global Administrator** and **Billing Administrator** - IT Pros with these accounts have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
**Billing Administrator** - IT Pros with this account have the same permissions as Microsoft Store Purchaser role.
## Microsoft Store roles and permissions
## Billing account roles and permissions
There are a set of roles, managed at your billing account level, that help IT admins and employees manage access to and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store for Business.
Microsoft Store for Business has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store.
This table lists the roles and their permissions.
| Role | Buy from<br /><br /> Microsoft Store | Assign<br /><br /> roles | Edit<br /><br /> account | Sign<br /><br /> agreements | View<br /><br /> account |
| ------------------------| ------ | -------- | ------ | -------| -------- |
| Billing account owner | X | X | X | X | X |
| Billing account contributor | | | X | X | X |
| Billing account reader | | | | | X |
| Signatory | | | | X | X |
| | Admin | Purchaser | Device Guard signer |
| ------------------------------ | ------ | -------- | ------------------- |
| Assign roles | X | | |
| Manage Microsoft Store for Business and Education settings | X | | |
| Acquire apps | X | X | |
| Distribute apps | X | X | |
| Sign policies and catalogs | X | | |
| Sign Device Guard changes | X | | X |
<!---
These permissions allow people to:
- **Edit account**:
- Account information (view only)
- LOB publishers
- Management tools
- Offline licensing
- Permissions
- Private store
- **Acquire apps** - Acquire apps from Microsoft Store and add them to your inventory.
- **Distribute apps** - Distribute apps that are in your inventory.
- **Manage Microsoft Store settings**:
- Account information (view only)
- Device Guard signing
- LOB publishers
- Management tools
- Offline licensing
- Permissions
- Private store
- **Acquire apps** - Acquire apps from Microsoft Store and add them to your inventory.
- **Distribute apps** - Distribute apps that are in your inventory.
- Admins can assign apps to people, add apps to the private store, or use a management tool.
- Purchasers can assign apps to people.
-->
## Purchasing roles and permissions
There are also a set of roles for purchasing and managing items bought.
This table lists the roles and their permissions.
| Role | Buy from<br /><br /> Microsoft Store | Manage all items | Manage items<br /><br /> I buy |
| ------------| ------ | -------- | ------ |
| Purchaser | X | X | |
| Basic purchaser | X | | X |
## Assign roles
**To assign roles to people**
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
1. Sign in to Microsoft Store for Business or Microsoft Store for Education.
>[!Note]
>You need to be a Global Administrator, or have the Billing account owner role to access **Permissions**. 
2. Select **Manage**, and then select **Permissions**.
3. On **Roles**, or **Purchasing roles**, select **Assign roles**.
4. Enter a name, choose the role you want to assign, and select **Save**.
If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts](manage-users-and-groups-microsoft-store-for-business.md).
>You need to be a Global Administrator, or have the Microsoft Store Admin role to access the **Permissions** page.
To assign roles, you need to be a Global Administrator or a Store Administrator.
2. Click **Settings**, and then choose **Permissions**.
OR
Click **Manage**, and then click **Permissions** on the left-hand menu.
<!--- ![Image showing Permissions page in Microsoft Store for Business.](images/wsfb-settings-permissions.png) -->
3. Click **Add people**, type a name, choose the role you want to assign, and click **Save**.
<!--- ![Image showing Assign roles to people box in Microsoft Store for Business.](images/wsfb-permissions-assignrole.png) -->
4. If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md).

10
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -112,8 +112,8 @@ Example: Export the Debug logs
</SyncML>
```
## Collect logs from Windows 10 Mobile devices
<!--## Collect logs from Windows 10 Mobile devices-->
<!--
Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
**To collect logs manually**
@ -182,11 +182,11 @@ The following table contains a list of common providers and their corresponding
| e5fc4a0f-7198-492f-9b0f-88fdcbfded48 | Microsoft-Windows Networking VPN |
| e5c16d49-2464-4382-bb20-97a4b5465db9 | Microsoft-Windows-WiFiNetworkManager |
 
 -->
## Collect logs remotely from Windows 10 Holographic or Windows 10 Mobile devices
## Collect logs remotely from Windows 10 Holographic
For holographic or mobile devices already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider:

4
windows/security/threat-protection/intelligence/safety-scanner-download.md
View File

@ -39,12 +39,12 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from
## System requirements
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/lifecycle).
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/lifecycle).
## How to run a scan
1. Download this tool and open it.
2. Select the type of scan you want run and start the scan.
2. Select the type of scan that you want to run and start the scan.
3. Review the scan results displayed on screen. For detailed detection results, view the log at **%SYSTEMROOT%\debug\msert.log**.
To remove this tool, delete the executable file (msert.exe by default).

2
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -200,7 +200,7 @@ The following capabilities are included in this integration:
- Automated onboarding - Defender for Endpoint sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
> [!NOTE]
> Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
> The integration between Azure Defender for Servers and Microsoft Defender for Endpoint has been expanded to support [Windows Server 2019 and Windows Virtual Desktop (WVD)](https://docs.microsoft.com/azure/security-center/release-notes#microsoft-defender-for-endpoint-integration-with-azure-defender-now-supports-windows-server-2019-and-windows-10-virtual-desktop-wvd-in-preview).
- Windows servers monitored by Azure Security Center will also be available in Defender for Endpoint - Azure Security Center seamlessly connects to the Defender for Endpoint tenant, providing a single view across clients and servers. In addition, Defender for Endpoint alerts will be available in the Azure Security Center console.
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.