deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into wildcards

Browse Source
This commit is contained in:
jcaparas 2019-05-21 09:10:13 -07:00 committed by GitHub
commit 81d5de105a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 80 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mdop/mbam-v25/mbam-25-supported-configurations.md
View File

@ -283,8 +283,14 @@ MBAM supports the following versions of Configuration Manager.
</tr>
</thead>
<tbody>
<tr class="even">
<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), versions up to 1902</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), versions up to 1806</p></td>
<td align="left"><p>Microsoft System Center Configuration Manager 1806</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>

6
store-for-business/troubleshoot-microsoft-store-for-business.md
View File

@ -49,6 +49,10 @@ The private store for your organization is a page in Microsoft Store app that co
![Private store for Contoso publishing](images/wsfb-privatestoreapps.png)
## Troubleshooting Microsoft Store for Business integration with System Center Configuration Manager
If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).
## Still having trouble?
If you are still having trouble using Microsoft Store or installing an app, Admins can sign in and look for topics on our **Support** page.
@ -56,4 +60,4 @@ If you are still having trouble using Microsoft Store or installing an app, Admi
**To view Support page** 
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com)
2. Click **Manage**, and then click **Support**.
2.Choose **Manage**> **Support**.

8
windows/application-management/sideload-apps-in-windows-10.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
author: greg-lindsay
ms.date: 04/19/2017
ms.date: 05/20/2019
---
# Sideload LOB apps in Windows 10
@ -48,10 +48,16 @@ And here's what you'll need to do:
## How do I sideload an app on desktop
You can sideload apps on managed or unmanaged devices.
>[!IMPORTANT]
> To install an app on Windows 10, in addition to following [these procedures](https://docs.microsoft.com/windows/msix/app-installer/installing-windows10-apps-web), users can also double-click any APPX/MSIX package.
**To turn on sideloading for managed devices**
- Deploy an enterprise policy.
**To turn on sideloading for unmanaged devices**
1. Open **Settings**.

1
windows/client-management/mdm/cm-cellularentries-csp.md
View File

@ -183,6 +183,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
<p style="margin-left: 20px"> Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD
- MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8
- IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13
- SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD

32
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -107,20 +107,27 @@ Requirements:
- Enterprise AD must be integrated with Azure AD.
- Ensure that PCs belong to same computer group.
1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
>[!Note]
>If you do not see the policy, it may be caused because you dont have the ADMX installed for Windows 10, version 1803. To fix the issue, follow these steps:
> 1. Download [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)
](https://www.microsoft.com/en-us/download/details.aspx?id=56880).
> 2. Install the package on the Primary Domain Controller.
> 3. Navigate to the folder **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**.
> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**.
> 5. Restart the Primary Domain Controller for the policy to be available.
>[!IMPORTANT]
>If you do not see the policy, it may be because you dont have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps:
> 1. Download:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or
> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/en-us/download/details.aspx?id=57576).
> 2. Install the package on the Primary Domain Controller (PDC).
> 3. Navigate, depending on the version to the folder:
> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or
> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**
> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**.
> 5. Restart the Primary Domain Controller for the policy to be available.
> This procedure will work for any future version as well.
1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
2. Create a Security Group for the PCs.
3. Link the GPO.
4. Filter using Security Groups.
5. Enforce a GPO link
5. Enforce a GPO link.
>[!NOTE]
> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903).
### Related topics
@ -129,3 +136,8 @@ Requirements:
- [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx)
- [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx)
- [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx)
### Useful Links
- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880)
- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576)

4
windows/client-management/mdm/policy-csp-windowslogon.md
View File

@ -407,8 +407,8 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
Supported values:
- false - disabled
- true - enabled
- 0 - disabled
- 1 - enabled
<!--/SupportedValues-->
<!--Example-->

4
windows/deployment/deploy-whats-new.md
View File

@ -25,7 +25,7 @@ This topic provides an overview of new solutions and online content related to d
## Recent additions to this page
[SetupDiag](#setupdiag) 1.4 is released.<br>
[SetupDiag](#setupdiag) 1.4.1 is released.<br>
[MDT](#microsoft-deployment-toolkit-mdt) 8456 is released.<br>
New [Windows Autopilot](#windows-autopilot) content is available.<br>
The [Microsoft 365](#microsoft-365) section was added.
@ -72,7 +72,7 @@ Recent Autopilot content includes new instructions for CSPs and OEMs on how to [
[SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful.
SetupDiag version 1.4 was released on 12/18/2018.
SetupDiag version 1.4.1 was released on 5/17/2019.
### Upgrade Readiness

24
windows/deployment/upgrade/setupdiag.md
View File

@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.date: 12/18/2018
ms.localizationpriority: medium
ms.topic: article
---
@ -25,7 +24,7 @@ ms.topic: article
## About SetupDiag
<I>Current version of SetupDiag: 1.4.0.0</I>
<I>Current version of SetupDiag: 1.4.1.0</I>
SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful.
@ -64,8 +63,9 @@ The [Release notes](#release-notes) section at the bottom of this topic has info
| /Output:\<path to results file\> | <ul><li>This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine. Only text format output is supported. UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, you must enclose the entire path in double quotes (see the example section below). <li>Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same directory where SetupDiag.exe is run.</ul> |
| /LogsPath:\<Path to logs\> | <ul><li>This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories.</ul> |
| /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
| /Verbose | <ul><li>This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.</ul> |
| /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.</ul> |
| /Scenario:\[Recovery\] | This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.|
| /Verbose | <ul><li>This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.</ul> |
| /NoTel | <ul><li>This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.</ul> |
Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag.
@ -97,6 +97,19 @@ The following example specifies that SetupDiag is to run in offline mode, and to
SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
```
The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter.
```
SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
```
The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format.
```
SetupDiag.exe /Scenario:Recovery /Format:xml
```
## Log files
[Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location:
@ -141,7 +154,7 @@ The output also provides an error code 0xC1900208 - 0x4000C which corresponds to
```
C:\SetupDiag>SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:C:\Temp\BobMacNeill
SetupDiag v1.4.0.0
SetupDiag v1.4.1.0
Copyright (c) Microsoft Corporation. All rights reserved.
Searching for setup logs, this can take a minute or more depending on the number and size of the logs...please wait.
@ -397,6 +410,9 @@ Each rule name and its associated unique rule identifier are listed with a descr
## Release notes
05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
- This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset).
12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
- The FindDownlevelFailure rule is up to 10x faster.

2
windows/security/identity-protection/access-control/special-identities.md
View File

@ -149,7 +149,7 @@ Any user who accesses the system through a sign-in process has the Authenticated
</tr>
<tr class="odd">
<td><p>Default Location in Active Directory</p></td>
<td><p>cn=WellKnown Security Principals, cn=Configuration, dc=&lt;forestRootDomain&gt;</p></td>
<td><p>cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=&lt;forestRootDomain&gt;</p></td>
</tr>
<tr class="even">
<td><p>Default User Rights</p></td>

2
windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
View File

@ -43,7 +43,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.
User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetrical key pairs, users credentials cant be stolen in cases where the identity provider or websites the user accesses have been compromised.
User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials cant be stolen in cases where the identity provider or websites the user accesses have been compromised.
The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.

2
windows/security/threat-protection/microsoft-defender-atp/live-response.md
View File

@ -20,7 +20,7 @@ ms.topic: article
# Investigate entities on machines using live response
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]

1
windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 09/03/2018
---
# View and organize the Microsoft Defender ATP Machines list

2
windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
View File

@ -39,9 +39,11 @@ You can control the following attributes about the folder that you'd like to be
**Folders**<br>
You can specify a folder and its subfolders to be skipped.
>[!NOTE]
>At this time, use of wild cards as a way to exclude files under a directory is not yet supported.
**Extensions**<br>
You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore.

1
windows/security/threat-protection/microsoft-defender-atp/use-apis.md
View File

@ -4,6 +4,7 @@ description: Use the exposed data and actions using a set of progammatic APIs th
keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
search.appverid: met150
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security

2
windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
View File

@ -1,7 +1,7 @@
---
title: What's new in Microsoft Defender ATP
description: Lists the new features and functionality in Microsoft Defender ATP
keywords: what's new in windows defender atp
keywords: what's new in microsoft defender atp, ga, generally available, capabilities, available, new
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10

1
windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
View File

@ -5,6 +5,7 @@ keywords: updates, security baselines, schedule updates
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
search.appverid: met150
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security

11
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
View File

@ -3,32 +3,31 @@ title: Installing Microsoft Defender ATP for Mac with different MDM product
description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution.
keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: #met150
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: mavel
author: maximvelichko
ms.localizationpriority: #medium
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: #conceptual
ms.topic: conceptual
---
# Deployment with a different MDM system
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
## Prerequisites and system requirements
Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
## Approach