diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 070552040e..e253a3f659 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -283,8 +283,14 @@ MBAM supports the following versions of Configuration Manager. + +

Microsoft System Center Configuration Manager (Current Branch), versions up to 1902

+

+

64-bit

+ + -

Microsoft System Center Configuration Manager (Current Branch), versions up to 1806

+

Microsoft System Center Configuration Manager 1806

64-bit

diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md index 197eeba1a0..aea3b32045 100644 --- a/store-for-business/troubleshoot-microsoft-store-for-business.md +++ b/store-for-business/troubleshoot-microsoft-store-for-business.md @@ -49,6 +49,10 @@ The private store for your organization is a page in Microsoft Store app that co ![Private store for Contoso publishing](images/wsfb-privatestoreapps.png) +## Troubleshooting Microsoft Store for Business integration with System Center Configuration Manager + +If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w). + ## Still having trouble? If you are still having trouble using Microsoft Store or installing an app, Admins can sign in and look for topics on our **Support** page. @@ -56,4 +60,4 @@ If you are still having trouble using Microsoft Store or installing an app, Admi **To view Support page**  1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) -2. Click **Manage**, and then click **Support**. \ No newline at end of file +2.Choose **Manage**> **Support**. diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index cd7c59e6d2..4f8803ead5 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile author: greg-lindsay -ms.date: 04/19/2017 +ms.date: 05/20/2019 --- # Sideload LOB apps in Windows 10 @@ -48,10 +48,16 @@ And here's what you'll need to do: ## How do I sideload an app on desktop You can sideload apps on managed or unmanaged devices. +>[!IMPORTANT] +> To install an app on Windows 10, in addition to following [these procedures](https://docs.microsoft.com/windows/msix/app-installer/installing-windows10-apps-web), users can also double-click any APPX/MSIX package. + + **To turn on sideloading for managed devices** - Deploy an enterprise policy. + + **To turn on sideloading for unmanaged devices** 1. Open **Settings**. diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index adffb8bef0..32ca9ee217 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -183,6 +183,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid

Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available: - Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F +- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD - MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8 - IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13 - SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index b79c6c1219..481636bb71 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -107,20 +107,27 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. -1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. - >[!Note] - >If you do not see the policy, it may be caused because you don’t have the ADMX installed for Windows 10, version 1803. To fix the issue, follow these steps: - > 1. Download [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803) -](https://www.microsoft.com/en-us/download/details.aspx?id=56880). - > 2. Install the package on the Primary Domain Controller. - > 3. Navigate to the folder **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**. - > 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. - > 5. Restart the Primary Domain Controller for the policy to be available. +>[!IMPORTANT] +>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps: +> 1. Download: +> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or +> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/en-us/download/details.aspx?id=57576). +> 2. Install the package on the Primary Domain Controller (PDC). +> 3. Navigate, depending on the version to the folder: +> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or +> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** +> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. +> 5. Restart the Primary Domain Controller for the policy to be available. +> This procedure will work for any future version as well. +1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. 2. Create a Security Group for the PCs. 3. Link the GPO. 4. Filter using Security Groups. -5. Enforce a GPO link +5. Enforce a GPO link. + +>[!NOTE] +> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903). ### Related topics @@ -129,3 +136,8 @@ Requirements: - [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx) - [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx) - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) + +### Useful Links +- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) +- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) + diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index e307f8f433..14369d49d1 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -407,8 +407,8 @@ ADMX Info: Supported values: -- false - disabled -- true - enabled +- 0 - disabled +- 1 - enabled @@ -556,4 +556,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in Windows 10, version 1903. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index cf6c780326..11aeabe025 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -25,7 +25,7 @@ This topic provides an overview of new solutions and online content related to d ## Recent additions to this page -[SetupDiag](#setupdiag) 1.4 is released.
+[SetupDiag](#setupdiag) 1.4.1 is released.
[MDT](#microsoft-deployment-toolkit-mdt) 8456 is released.
New [Windows Autopilot](#windows-autopilot) content is available.
The [Microsoft 365](#microsoft-365) section was added. @@ -72,7 +72,7 @@ Recent Autopilot content includes new instructions for CSPs and OEMs on how to [ [SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. -SetupDiag version 1.4 was released on 12/18/2018. +SetupDiag version 1.4.1 was released on 5/17/2019. ### Upgrade Readiness diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 9b97b16be8..22d60ee1ae 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -7,7 +7,6 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.date: 12/18/2018 ms.localizationpriority: medium ms.topic: article --- @@ -25,7 +24,7 @@ ms.topic: article ## About SetupDiag -Current version of SetupDiag: 1.4.0.0 +Current version of SetupDiag: 1.4.1.0 SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. @@ -64,8 +63,9 @@ The [Release notes](#release-notes) section at the bottom of this topic has info | /Output:\ |

| | /LogsPath:\ | | | /ZipLogs:\ | | -| /Verbose | | | /Format:\ |
  • This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.
| +| /Scenario:\[Recovery\] | This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.| +| /Verbose |
  • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
| | /NoTel |
  • This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.
| Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. @@ -97,6 +97,19 @@ The following example specifies that SetupDiag is to run in offline mode, and to SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 ``` +The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. + +``` +SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery +``` + +The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format. + +``` +SetupDiag.exe /Scenario:Recovery /Format:xml +``` + + ## Log files [Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location: @@ -141,7 +154,7 @@ The output also provides an error code 0xC1900208 - 0x4000C which corresponds to ``` C:\SetupDiag>SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:C:\Temp\BobMacNeill -SetupDiag v1.4.0.0 +SetupDiag v1.4.1.0 Copyright (c) Microsoft Corporation. All rights reserved. Searching for setup logs, this can take a minute or more depending on the number and size of the logs...please wait. @@ -397,6 +410,9 @@ Each rule name and its associated unique rule identifier are listed with a descr ## Release notes +05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. + - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). + 12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! - The FindDownlevelFailure rule is up to 10x faster. diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index 86165f1bf1..16e282f16f 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -149,7 +149,7 @@ Any user who accesses the system through a sign-in process has the Authenticated

Default Location in Active Directory

-

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

+

cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 388993c2d8..387b2f434b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -43,7 +43,7 @@ When the PIN is created, it establishes a trusted relationship with the identity The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM. -User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised. +User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked. diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index aaab0a442a..8989f06877 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -20,7 +20,7 @@ ms.topic: article # Investigate entities on machines using live response **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md index 79720ee3a3..19ef61c49c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/03/2018 --- # View and organize the Microsoft Defender ATP Machines list diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md index a9c9599d8d..2ff51aee05 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md @@ -39,9 +39,11 @@ You can control the following attributes about the folder that you'd like to be **Folders**
You can specify a folder and its subfolders to be skipped. + >[!NOTE] >At this time, use of wild cards as a way to exclude files under a directory is not yet supported. + **Extensions**
You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore. diff --git a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md index 6a2ea321b9..12b2670489 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md +++ b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md @@ -4,6 +4,7 @@ description: Use the exposed data and actions using a set of progammatic APIs th keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file search.product: eADQiWindows 10XVcnh ms.prod: w10 +search.appverid: met150 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index aa642d1c55..619b30d34a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -1,7 +1,7 @@ --- title: What's new in Microsoft Defender ATP description: Lists the new features and functionality in Microsoft Defender ATP -keywords: what's new in windows defender atp +keywords: what's new in microsoft defender atp, ga, generally available, capabilities, available, new search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md index 29534e1b63..cc1bc787e1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md @@ -5,6 +5,7 @@ keywords: updates, security baselines, schedule updates search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 +search.appverid: met150 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md index 49020bb614..5bdebb3c04 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md @@ -3,32 +3,31 @@ title: Installing Microsoft Defender ATP for Mac with different MDM product description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution. keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra search.product: eADQiWindows 10XVcnh -search.appverid: #met150 +search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.author: mavel author: maximvelichko -ms.localizationpriority: #medium +ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: #conceptual +ms.topic: conceptual --- # Deployment with a different MDM system **Applies to:** - -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!IMPORTANT] >This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. ## Approach