deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Greg Lindsay
2020-06-16 14:23:22 -07:00
parent 5e9dfae7a2 b28c65899d
commit 8316900e8e
166 changed files with 1204 additions and 1013 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/deployment/TOC.yml
View File

@ -11,8 +11,8 @@
href: update/waas-quick-start.md
- name: Windows update fundamentals
href: update/waas-overview.md
- name: Types of Windows updates
href: update/waas-quick-start.md#definitions
- name: Basics of Windows updates, channels, and tools
href: update/get-started-updates-channels-tools.md
- name: Servicing the Windows 10 operating system
href: update/waas-servicing-strategy-windows-10-updates.md
@ -62,8 +62,8 @@
- name: Prepare
items:
- name: Prepare to deploy Windows 10
href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- name: Prepare to deploy Windows 10 updates
href: update/prepare-deploy-windows.md
- name: Evaluate and update infrastructure
href: update/update-policies.md
- name: Set up Delivery Optimization for Windows 10 updates

2
windows/deployment/deploy.md
View File

@ -1,6 +1,6 @@
---
title: Deploy Windows 10 (Windows 10)
description: Deploying Windows 10 for IT professionals.
description: Learn Windows 10 upgrade options for planning, testing, and managing your production deployment.
ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: laurawi

68
windows/deployment/index.yml
View File

@ -24,14 +24,14 @@ landingContent:
# Card (optional)
- title: Get started
linkLists:
- linkListType: overview
- linkListType: get-started
links:
- text: What's new
- text: What's new in Windows deployment
url: windows-10-deployment-scenarios.md
- text: Windows 10 deployment scenarios
url: windows-10-deployment-scenarios.md
- text: What is Windows as a service
url: update/waas-overview.md
- text: Basics of Windows updates, channels, and tools
url: update/get-started-updates-channels-tools.md
# Card (optional)
- title: Plan and prepare
@ -39,55 +39,55 @@ landingContent:
- linkListType: overview
links:
- text: Create a deployment plan
url: windows-autopilot/demonstrate-deployment-on-vm.md
- text: Prepare to deploy
url: windows-10-poc.md
- text: Set up Delivery Optimization
url: windows-10-poc.md
url: update/create-deployment-plan.md
- text: Prepare to deploy Windows 10 updates
url: update/prepare-deploy-windows.md
- text: Prepare updates using Windows Update for Business
url: update/waas-manage-updates-wufb.md
# Card (optional)
- title: Deploy
linkLists:
- linkListType: overview
- linkListType: deploy
links:
- text: Deploy with Autopilot
- text: Deploy Windows 10 with Autopilot
url: windows-autopilot/windows-autopilot-scenarios.md
- text: Deploy with Endpoint Manager
url: update/create-deployment-plan.md
- text: Deploy Windows updates
url: update/eval-infra-tools.md
- text: Assign devices to servicing channels
url: update/waas-servicing-channels-windows-10-updates.md
- text: Deploy Windows updates with Configuration Manager
url: update/deploy-updates-configmgr.md
# Card
- title: Keep current
- title: Keep Windows current
linkLists:
- linkListType: overview
- linkListType: how-to-guide
links:
- text: ADD HERE
- text: Define your servicing strategy
url: update/define-update-strategy.md
- text: JAMES'S CALENDAR BLOG POST
url: windows-autopilot/windows-autopilot-scenarios.md
- text: ADD HERE
url: windows-autopilot/windows-autopilot-scenarios.md
- text: ADD HERE
url: https://docs.microsoft.com/windows/deployment/windows-10-deployment-posters#deploy-windows-10-with-autopilot
- text: Optimizing Windows 10 Update Adoption
url: https://www.microsoft.com/download/details.aspx?id=101056
# Card
- title: Support remote work
linkLists:
- linkListType: overview
- linkListType: concept
links:
- text: Deploy Windows 10 for a remote world
url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deploying-a-new-version-of-windows-10-in-a-remote-world/ba-p/1419846
- text: Update infrastructure
url: update/update-policies.md
- text: Build a servicing strategy
url: update/waas-deployment-rings-windows-10-updates.md
- text: Empower remote workers with Microsoft 365
url: https://docs.microsoft.com/microsoft-365/solutions/empower-people-to-work-remotely
- text: Top 12 tasks for security teams to support working from home
url: https://docs.microsoft.com/microsoft-365/security/top-security-tasks-for-remote-work
# Card (optional)
- title: Microsoft Learn
linkLists:
- linkListType: overview
- linkListType: learn
links:
- text: Deploy to Windows 10
url: https://docs.microsoft.com/en-us/windows/release-information/
- text: Train users
url: https://docs.microsoft.com/en-us/windows/whats-new/
- text: Automate Windows deployments
url: https://docs.microsoft.com/en-us/windows/security/
- text: Plan to deploy updates for Windows 10 and Microsoft 365 Apps
url: https://docs.microsoft.com/learn/modules/windows-plan
- text: Prepare to deploy updates for Windows 10 and Microsoft 365 Apps
url: https://docs.microsoft.com/learn/modules/windows-prepare/
- text: Deploy updates for Windows 10 and Microsoft 365 Apps
url: https://docs.microsoft.com/learn/modules/windows-deploy

10
windows/deployment/update/update-compliance-configuration-manual.md
View File

@ -43,8 +43,8 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e
| Policy | Value | Function |
|---------------------------|-|------------------------------------------------------------|
|**Provider/*ProviderID*/**[**CommercialID**](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. |
|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |1- Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | Disable Telemetry opt-in Settings | (*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | 1- Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | 1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether end-users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
|**System/**[**AllowDeviceNameInDiagnosticData**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
### Group Policies
@ -54,9 +54,9 @@ All Group Policies that need to be configured for Update Compliance are under **
| Policy | Value | Function |
|---------------------------|-|-----------------------------------------------------------|
|**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. |
|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**Configure telemetry opt-in setting user interface** | Disable telemetry opt-in Settings |(*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this lower than what the policy defines. See the following policy for more information. |
|**Configure telemetry opt-in setting user interface** | 1 - Disable telemetry opt-in Settings |(in Windows 10, version 1803 and later) Determines whether end-users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
## Required endpoints

2
windows/deployment/update/update-compliance-monitor.md
View File

@ -19,7 +19,7 @@ ms.topic: article
> [!IMPORTANT]
> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. Two planned feature removals for Update Compliance Microsoft Defender Antivirus reporting and Perspectives are now scheduled to be removed beginning Monday, May 11, 2020.
> * The retirement of Microsoft Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection).
> * The retirement of Microsoft Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to for threats with [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) and [Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
> * The Perspectives feature of Update Compliance will be retired Monday, May 11, 2020. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
## Introduction

53
windows/deployment/update/windows-update-resources.md
View File

@ -1,9 +1,8 @@
---
title: Windows Update - Additional resources
description: Additional resources for Windows Update
description: Use these resource to troubleshoot and reset Windows Update.
ms.prod: w10
ms.mktglfcycl:
audience: itpro
author: jaimeo
ms.localizationpriority: medium
@ -17,7 +16,7 @@ ms.topic: article
# Windows Update - additional resources
>Applies to: Windows 10
> Applies to: Windows 10
The following resources provide additional information about using Windows Update.
@ -37,43 +36,49 @@ The following resources provide additional information about using Windows Updat
[This script](https://gallery.technet.microsoft.com/scriptcenter/Reset-WindowsUpdateps1-e0c5eb78) will completely reset the Windows Update client settings. It has been tested on Windows 7, 8, 10, and Windows Server 2012 R2. It will configure the services and registry keys related to Windows Update for default settings. It will also clean up files related to Windows Update, in addition to BITS related data.
[This script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc) allow reset the Windows Update Agent resolving issues with Windows Update.
[This script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc) allows you to reset the Windows Update Agent, resolving issues with Windows Update.
## Reset Windows Update components manually
1. Open a Windows command prompt. To open a command prompt, click **Start > Run**. Copy and paste (or type) the following command and then press ENTER:
```
```console
cmd
```
2. Stop the BITS service and the Windows Update service. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
```
```console
net stop bits
net stop wuauserv
```
3. Delete the qmgr\*.dat files. To do this, type the following command at a command prompt, and then press ENTER:
```
```console
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
```
4. If this is your first attempt at resolving your Windows Update issues by using the steps in this article, go to step 5 without carrying out the steps in step 4. The steps in step 4 should only be performed at this point in the troubleshooting if you cannot resolve your Windows Update issues after following all steps but step 4. The steps in step 4 are also performed by the "Aggressive" mode of the Fix it Solution above.
1. Rename the following folders to *.BAK:
- %systemroot%\SoftwareDistribution\DataStore
- %systemroot%\SoftwareDistribution\Download
- %systemroot%\system32\catroot2
To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- Ren %systemroot%\SoftwareDistribution\DataStore *.bak
- Ren %systemroot%\SoftwareDistribution\Download *.bak
- Ren %systemroot%\system32\catroot2 *.bak
2. Reset the BITS service and the Windows Update service to the default security descriptor. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
- sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
5. Type the following command at a command prompt, and then press ENTER:
```console
%systemroot%\SoftwareDistribution\DataStore
%systemroot%\SoftwareDistribution\Download
%systemroot%\system32\catroot2
```
To do this, type the following commands at a command prompt. Press ENTER after you type each command.
```console
Ren %systemroot%\SoftwareDistribution\DataStore *.bak
Ren %systemroot%\SoftwareDistribution\Download *.bak
Ren %systemroot%\system32\catroot2 *.bak
```
2. Reset the BITS service and the Windows Update service to the default security descriptor. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
```console
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
```
5. Type the following command at a command prompt, and then press ENTER:
```console
cd /d %windir%\system32
```
6. Reregister the BITS files and the Windows Update files. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
```
```console
regsvr32.exe atl.dll
regsvr32.exe urlmon.dll
regsvr32.exe mshtml.dll
@ -113,20 +118,20 @@ The following resources provide additional information about using Windows Updat
```
7. Reset Winsock. To do this, type the following command at a command prompt, and then press ENTER:
```
```console
netsh winsock reset
```
8. If you are running Windows XP or Windows Server 2003, you have to set the proxy settings. To do this, type the following command at a command prompt, and then press ENTER:
```
```console
proxycfg.exe -d
```
9. Restart the BITS service and the Windows Update service. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
```
```console
net start bits
net start wuauserv
```
10. If you are running Windows Vista or Windows Server 2008, clear the BITS queue. To do this, type the following command at a command prompt, and then press ENTER:
```
```console
bitsadmin.exe /reset /allusers
```

2
windows/deployment/update/windows-update-troubleshooting.md
View File

@ -162,7 +162,7 @@ Check that your device can access these Windows Update endpoints:
- `http://wustat.windows.com`
- `http://ntservicepack.microsoft.com`
Whitelist these endpoints for future use.
Allow these endpoints for future use.
## Updates aren't downloading from the intranet endpoint (WSUS or Configuration Manager)
Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:

227
windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md
View File

@ -1,113 +1,114 @@
---
title: Upgrade Windows Phone 8.1 to Windows 10 Mobile in an MDM environment (Windows 10)
ms.reviewer:
manager: laurawi
ms.author: greglin
description: This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM.
keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdm
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
**Applies to**
- Windows 10 Mobile
## Summary
This article describes how system administrators can upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM).
>[!IMPORTANT]
>If you are not a system administrator, see the [Windows 10 Mobile Upgrade & Updates](https://www.microsoft.com/windows/windows-10-mobile-upgrade) page for details about updating your Windows 8.1 Mobile device to Windows 10 Mobile using the [Upgrade Advisor](https://www.microsoft.com/store/p/upgrade-advisor/9nblggh0f5g4).
## Upgrading with MDM
The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. To determine if the device is eligible for an upgrade with MDM, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in.
If you use a list of allowed applications (app whitelisting) with MDM, verify that system applications are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are [known issues](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whitelist) with app whitelisting that could adversely affect the device after you upgrade.
Some enterprises might want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the [How to blacklist the Upgrade Advisor app](#howto-blacklist) section in this article. Enterprises that have blacklisted the Upgrade Advisor app can use the solution described in this article to select the upgrade timing on a per-device basis.
## More information
To provide enterprises with a solution that's independent of the Upgrade Advisor, a new registry key in the registry configuration service provider (CSP) is available. A special GUID key value is defined. When Microsoft Update (MU) detects the presence of the registry key value on a device, any available upgrade will be made available to the device.
### Prerequisites
- Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
- Device connected to Wi-Fi or cellular network to perform scan for upgrade.
- Device is already enrolled with an MDM session.
- Device is able to receive the management policy.
- MDM is capable of pushing the management policy to devices. Minimum version numbers for some popular MDM providers that support this solution are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.
### Instructions for the MDM server
The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
```
[HKLM\Software\Microsoft\Provisioning\OMADM]
"EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”
```
The complete SyncML command for the solution is as follows. Note: The SyncML may vary, depending on your MDM solution.
```
SyncML xmlns="SYNCML:SYNCML1.1">
<SyncBody>
<Add>
<CmdID>250</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade</LocURI>
</Target>
<Meta>
<Format xmlns=”syncml:metinf”>chr</Format>
</Meta>
<Data>d369c9b6-2379-466d-9162-afc53361e3c2</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
```
The OMA DM server policy description is provided in the following table:
|Item |Setting |
|------|------------|
| OMA-URI |./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
| Data Type |String |
| Value |d369c9b6-2379-466d-9162-afc53361e3c2 |
After the device consumes the policy, it will be able to receive an available upgrade.
To disable the policy, delete the **OMADM** registry key or set the **EnterpriseUpgrade** string value to anything other than the GUID.
### How to determine whether an upgrade is available for a device <a id="howto-upgrade-available"></a>
The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process. However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 Mobile FAQ](https://support.microsoft.com/help/10599/windows-10-mobile-how-to-get) page.
### How to blacklist the Upgrade Advisor app <a id="howto-blacklist"></a>
Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows 10 Mobile Upgrade Adviser (fbe47e4f-7769-4103-910e-dca8c43e0b07) is displayed in the following URL:
http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07
For more information about how to do this, see [Try it out: restrict Windows Phone 8.1 apps](https://technet.microsoft.com/windows/dn771706.aspx).
## Related topics
---
title: Upgrade Windows Phone 8.1 to Windows 10 Mobile in an MDM environment (Windows 10)
ms.reviewer:
manager: laurawi
ms.author: greglin
description: This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM.
keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdm
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
**Applies to**
- Windows 10 Mobile
## Summary
This article describes how system administrators can upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM).
>[!IMPORTANT]
>If you are not a system administrator, see the [Windows 10 Mobile Upgrade & Updates](https://www.microsoft.com/windows/windows-10-mobile-upgrade) page for details about updating your Windows 8.1 Mobile device to Windows 10 Mobile using the [Upgrade Advisor](https://www.microsoft.com/store/p/upgrade-advisor/9nblggh0f5g4).
## Upgrading with MDM
The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. To determine if the device is eligible for an upgrade with MDM, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in.
If you use a list of allowed applications (app allow listing) with MDM, verify that system applications are allow-listed before you upgrade to Windows 10 Mobile. Also, be aware that there are [known issues](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whitelist) with app allow-lists that could adversely affect the device after you upgrade.
Some enterprises might want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can block the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to restrict the Upgrade Advisor app, see the [How to restrict the Upgrade Advisor app](#howto-restrict) section in this article. Enterprises that have restricted the Upgrade Advisor app can use the solution described in this article to select the upgrade timing on a per-device basis.
## More information
To provide enterprises with a solution that's independent of the Upgrade Advisor, a new registry key in the registry configuration service provider (CSP) is available. A special GUID key value is defined. When Microsoft Update (MU) detects the presence of the registry key value on a device, any available upgrade will be made available to the device.
### Prerequisites
- Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
- Device connected to Wi-Fi or cellular network to perform scan for upgrade.
- Device is already enrolled with an MDM session.
- Device is able to receive the management policy.
- MDM is capable of pushing the management policy to devices. Minimum version numbers for some popular MDM providers that support this solution are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.
### Instructions for the MDM server
The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
```
[HKLM\Software\Microsoft\Provisioning\OMADM]
"EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”
```
The complete SyncML command for the solution is as follows. Note: The SyncML may vary, depending on your MDM solution.
```
SyncML xmlns="SYNCML:SYNCML1.1">
<SyncBody>
<Add>
<CmdID>250</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade</LocURI>
</Target>
<Meta>
<Format xmlns=”syncml:metinf”>chr</Format>
</Meta>
<Data>d369c9b6-2379-466d-9162-afc53361e3c2</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
```
The OMA DM server policy description is provided in the following table:
|Item |Setting |
|------|------------|
| OMA-URI |./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
| Data Type |String |
| Value |d369c9b6-2379-466d-9162-afc53361e3c2 |
After the device consumes the policy, it will be able to receive an available upgrade.
To disable the policy, delete the **OMADM** registry key or set the **EnterpriseUpgrade** string value to anything other than the GUID.
### How to determine whether an upgrade is available for a device <a id="howto-upgrade-available"></a>
The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process. However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 Mobile FAQ](https://support.microsoft.com/help/10599/windows-10-mobile-how-to-get) page.
### How to restrict the Upgrade Advisor app <a id="howto-restrict"></a>
Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows 10 Mobile Upgrade Adviser (fbe47e4f-7769-4103-910e-dca8c43e0b07) is displayed in the following URL:
http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07
For more information about how to do this, see [Try it out: restrict Windows Phone 8.1 apps](https://technet.microsoft.com/windows/dn771706.aspx).
## Related topics
[Windows 10 Mobile and mobile device management](/windows/client-management/windows-10-mobile-and-mdm)

135
windows/deployment/usmt/usmt-determine-what-to-migrate.md
View File

@ -1,67 +1,68 @@
---
title: Determine What to Migrate (Windows 10)
description: Determine What to Migrate
ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Determine What to Migrate
By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration.
However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize.
To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. This means selecting a baseline for all computers, including standard hardware drivers; core operating system features; core productivity applications, especially if they are under volume licensing; and core utilities. This environment should also include a standard set of security features, as outlined in the organizations corporate policy. Using a standard operating environment can vastly simplify the migration and reduce overall deployment challenges.
## In This Section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><a href="usmt-identify-users.md" data-raw-source="[Identify Users](usmt-identify-users.md)">Identify Users</a></p></td>
<td align="left"><p>Use command-line options to specify which users to migrate and how they should be migrated.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-identify-application-settings.md" data-raw-source="[Identify Applications Settings](usmt-identify-application-settings.md)">Identify Applications Settings</a></p></td>
<td align="left"><p>Determine which applications you want to migrate and prepare a list of application settings to be migrated.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-identify-operating-system-settings.md" data-raw-source="[Identify Operating System Settings](usmt-identify-operating-system-settings.md)">Identify Operating System Settings</a></p></td>
<td align="left"><p>Use migration to create a new standard environment on each of the destination computers.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-identify-file-types-files-and-folders.md" data-raw-source="[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)">Identify File Types, Files, and Folders</a></p></td>
<td align="left"><p>Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.</p></td>
</tr>
</tbody>
</table>
## Related topics
[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
---
title: Determine What to Migrate (Windows 10)
description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0.
ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Determine What to Migrate
By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration.
However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize.
To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. This means selecting a baseline for all computers, including standard hardware drivers; core operating system features; core productivity applications, especially if they are under volume licensing; and core utilities. This environment should also include a standard set of security features, as outlined in the organizations corporate policy. Using a standard operating environment can vastly simplify the migration and reduce overall deployment challenges.
## In This Section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><a href="usmt-identify-users.md" data-raw-source="[Identify Users](usmt-identify-users.md)">Identify Users</a></p></td>
<td align="left"><p>Use command-line options to specify which users to migrate and how they should be migrated.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-identify-application-settings.md" data-raw-source="[Identify Applications Settings](usmt-identify-application-settings.md)">Identify Applications Settings</a></p></td>
<td align="left"><p>Determine which applications you want to migrate and prepare a list of application settings to be migrated.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-identify-operating-system-settings.md" data-raw-source="[Identify Operating System Settings](usmt-identify-operating-system-settings.md)">Identify Operating System Settings</a></p></td>
<td align="left"><p>Use migration to create a new standard environment on each of the destination computers.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-identify-file-types-files-and-folders.md" data-raw-source="[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)">Identify File Types, Files, and Folders</a></p></td>
<td align="left"><p>Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.</p></td>
</tr>
</tbody>
</table>
## Related topics
[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)

2
windows/deployment/volume-activation/vamt-known-issues.md
View File

@ -1,6 +1,6 @@
---
title: VAMT known issues (Windows 10)
description: Volume Activation Management Tool (VAMT) known issues
description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1.
ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f
ms.reviewer:
manager: laurawi

2
windows/deployment/windows-10-enterprise-e3-overview.md
View File

@ -105,7 +105,7 @@ Windows 10 Enterprise edition has a number of features that are unavailable in
</tr>
<tr class="odd">
<td align="left"><p>AppLocker management</p></td>
<td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
<td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview" data-raw-source="[AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview)">AppLocker</a>.</p></td>
</tr>
<tr class="even">

4
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -2,7 +2,7 @@
title: Windows Autopilot requirements
ms.reviewer:
manager: laurawi
description: Inform yourself about software, networking, licensing, and configuration requirements for Windows Autopilot deployment.
description: See the requirements you need to run Windows Autopilot in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
@ -49,7 +49,7 @@ Windows Autopilot depends on a variety of internet-based services. Access to the
- Ensure DNS name resolution for internet DNS names
- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details:
In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to allow access to the required services. For additional details about each of these services and their specific requirements, review the following details:
<table><th>Service<th>Information
<tr><td><b>Windows Autopilot Deployment Service<b><td>After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com. <br>