From 9f0dcab4c64748cd400c7471cc880e38afa313c8 Mon Sep 17 00:00:00 2001 From: Harshitha Chidananda Murthy Date: Fri, 28 Sep 2018 09:56:53 -0700 Subject: [PATCH 1/9] Added version history for UEFI configurator --- .../surface-enterprise-management-mode.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 42df3fd641..2932bee71c 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -189,8 +189,23 @@ For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must >[!NOTE] >For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick. +## Version History + +### Version 2.14.136.0 +* Add support to Surface Go + +### Version 2.9.136.0 +* Add support to Surface Book 2 +* Add support to Surface Pro LTE +* Accessibility improvements + +### Version 1.0.74.0 +* Add support to Surface Laptop +* Add support to Surface Pro +* Bug fixes and general improvement + ## Related topics [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) -[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) \ No newline at end of file +[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) From e0fc794be844449c1f127563c8d84b6a56d000ac Mon Sep 17 00:00:00 2001 From: Harshitha Chidananda Murthy Date: Fri, 28 Sep 2018 10:34:33 -0700 Subject: [PATCH 2/9] Updated a workaround script for BITS issue --- ...-by-step-surface-deployment-accelerator.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index cbc27f2355..e239bcea68 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -126,7 +126,26 @@ The following steps show you how to create a deployment share for Windows 10 th ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window") *Figure 5. The Installation Progress window* +>[!NOTE] +>The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this: + ``` +In the following two PowerShell scripts: +%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1 +%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1 + +Edit the $BITSTransfer variable in the input parameters to $False as shown below: + +Param( + [Parameter( + Position=0, + Mandatory=$False, + HelpMessage="Download via BITS bool true/false" + )] + [string]$BITSTransfer = $False + ) + ``` + 8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices. ### Optional: Create a deployment share without an Internet connection From a577da6982fb040b5490af4419b6e7d46676fb68 Mon Sep 17 00:00:00 2001 From: Harshitha Chidananda Murthy Date: Fri, 28 Sep 2018 15:39:37 -0700 Subject: [PATCH 3/9] Surface Go tools support update --- devices/surface/microsoft-surface-data-eraser.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index 9b9736af68..4140ad1ff6 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -147,10 +147,16 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following: +### Version 3.2.68.0 +This version of Microsoft Surface Data Eraser adds support for the following: + +- Surface Go + + ### Version 3.2.58.0 This version of Microsoft Surface Data Eraser adds support for the following: -- • Additional storage devices (drives) for Surface Pro and Surface Laptop devices +- Additional storage devices (drives) for Surface Pro and Surface Laptop devices ### Version 3.2.46.0 From 7c427d9e33a89f1f8ee0f0679f812ac69b9e362a Mon Sep 17 00:00:00 2001 From: akwok383 Date: Fri, 28 Sep 2018 18:52:23 -0700 Subject: [PATCH 4/9] Update hololens-insider.md --- devices/hololens/hololens-insider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md index a22acbdaf9..77e90ddb18 100644 --- a/devices/hololens/hololens-insider.md +++ b/devices/hololens/hololens-insider.md @@ -82,9 +82,9 @@ In order to switch to the Chinese or Japanese version of HoloLens, you’ll need 6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. 7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) 8. Select **Install software** and follow the instructions to finish installing. -9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. +9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. +10. After you complete setup, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. -When you’re done with setup, go to **Settings -> Update & Security -> Windows Insider Program** and check that you’re configured to receive the latest preview builds. The Chinese/Japanese version of HoloLens will be kept up-to-date with the latest preview builds via the Windows Insider Program the same way the English version is. ## Note for language support From 3e1f21cb5a4608ba31e2ca7adbe115c58db6318a Mon Sep 17 00:00:00 2001 From: Harshitha Chidananda Murthy Date: Sat, 29 Sep 2018 15:32:31 -0700 Subject: [PATCH 5/9] Updated surface go support and DLC link for SDE --- devices/surface/microsoft-surface-data-eraser.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index 9b9736af68..778ebe9318 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -26,6 +26,7 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d Compatible Surface devices include: +* Surface Go * Surface Book 2 * Surface Pro with LTE Advanced (Model 1807) * Surface Pro (Model 1796) @@ -60,7 +61,7 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include: To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool: -1. Run the DataEraserSetup.msi installation file that you downloaded from the Microsoft Download Center. +1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703). 2. Select the check box to accept the terms of the license agreement, and then click **Install**. From d5a53db74279b1e4fb5be67368113ea2d43367fb Mon Sep 17 00:00:00 2001 From: Clyde D'Souza Date: Sun, 30 Sep 2018 18:43:26 +1300 Subject: [PATCH 6/9] Fixed typo in topic title Automated investigation and investigation -> Automated investigation and remediation Fixes #1698 --- .../security/threat-protection/windows-defender-atp/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/overview.md b/windows/security/threat-protection/windows-defender-atp/overview.md index 1277a549bf..b40bd3d25d 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview.md +++ b/windows/security/threat-protection/windows-defender-atp/overview.md @@ -24,7 +24,7 @@ Topic | Description [Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization. [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers. [Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats. -[Automated investigation and investigation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. +[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place. [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) | Use a powerful search and query language to create custom queries and detection rules. [Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows. From 7fe684527a3da1711af876a31d68e4f819f5cc1f Mon Sep 17 00:00:00 2001 From: Ed Gallagher Date: Sun, 30 Sep 2018 21:19:43 -0500 Subject: [PATCH 7/9] Update kiosk-shelllauncher.md Added information into the note about limitations of using this method. Suggested by user jrshoare --- windows/configuration/kiosk-shelllauncher.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 30bb50f7de..fef3c07020 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -25,6 +25,12 @@ ms.date: 07/30/2018 Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. >[!NOTE] +>Using the Shell Launcher controls what application the user has as the shell experience after login. It does not prevent the user from accessing other desktop applications and system components. +>Methods of controling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to: +>[Group policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools +>[AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies +>[Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies) +> >You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard). >[!WARNING] From 39d43dfb7a7f71e7f4432566ae354665fbbf0689 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 1 Oct 2018 07:16:43 -0700 Subject: [PATCH 8/9] tweak changes made by 1714 --- windows/configuration/kiosk-shelllauncher.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index fef3c07020..e8e0ea4793 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -8,7 +8,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.localizationpriority: medium -ms.date: 07/30/2018 +ms.date: 10/01/2018 --- # Use Shell Launcher to create a Windows 10 kiosk @@ -25,17 +25,19 @@ ms.date: 07/30/2018 Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. >[!NOTE] ->Using the Shell Launcher controls what application the user has as the shell experience after login. It does not prevent the user from accessing other desktop applications and system components. ->Methods of controling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to: ->[Group policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools ->[AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies ->[Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies) +>Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. +> +>Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to: +>- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools +>- [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies +>- [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies > >You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard). >[!WARNING] ->- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image. ->- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell. +>Windows 10 doesn’t support setting a custom shell prior to the out-of-box-experience (OOBE). If you do, you won’t be able to deploy the resulting image. +> +>Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell. ### Requirements From 979ad97f81bb963994b20b25b7194f326066bac7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 1 Oct 2018 10:18:21 -0700 Subject: [PATCH 9/9] fix troubleshooting --- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index e7c34f1bb9..87d878f234 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -253,7 +253,7 @@ If the verification fails and your environment is using a proxy to connect to th For example, in Group Policy there should be no entries such as the following values: - `````` - - `````` + - `````` - After clearing the policy, run the onboarding steps again. - You can also check the following registry key values to verify that the policy is disabled: