mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
fixing conflict
This commit is contained in:
Dani Halfin
@ -196,7 +196,7 @@ Microsoft believes in and practices information minimization. We strive to gathe
|
||||
|
||||
### Enterprise management
|
||||
|
||||
Sharing diagnostic data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
|
||||
Sharing diagnostic data with Microsoft is enabled by default on Windows 10, 1903 and later. Sharing this data provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
|
||||
|
||||
Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
|
||||
|
||||
@ -405,7 +405,7 @@ In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data
|
||||
|
||||
### Enable limiting enhanced diagnostic data to the minimum required by Windows Analytics
|
||||
|
||||
1. Set the diagnostic data level to **Enhanced**, using either Group Policy or MDM.
|
||||
1. Set the diagnostic data level to **Enhanced**, using either Group Policy or MDM.
|
||||
|
||||
a. Using Group Policy, set the **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Allow telemetry** setting to **2**.
|
||||
|
||||
@ -415,9 +415,9 @@ In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data
|
||||
|
||||
-AND-
|
||||
|
||||
2. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM.
|
||||
2. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM.
|
||||
|
||||
a. Using Group Policy, set the **Computer Configuration/Administrative Templates/Windows Components/Data collection and Preview builds/Limit Enhanced diagnostic data to the minimum required by Windows Analytics** setting to **Enabled**.
|
||||
a. Using Group Policy, set the **Computer Configuration/Administrative Templates/Windows Components/Data collection and Preview builds/Limit Enhanced diagnostic data to the minimum required by Windows Analytics** setting to **Enabled**.
|
||||
|
||||
-OR-
|
||||
|
||||
|
||||
@ -46,7 +46,7 @@ d) use the software in any way that is against the law or to create or propagate
|
||||
|
||||
e) share, publish, distribute, or lend the software, provide the software as a stand-alone hosted solution for others to use, or transfer the software or this agreement to any third party.
|
||||
|
||||
4. EXPORT RESTRICTIONS. You must comply with all domestic and international export laws and regulations that apply to the software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit http://aka.ms/exporting.
|
||||
4. EXPORT RESTRICTIONS. You must comply with all domestic and international export laws and regulations that apply to the software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit https://aka.ms/exporting.
|
||||
|
||||
5. SUPPORT SERVICES. Microsoft is not obligated under this agreement to provide any support services for the software. Any support provided is “as is”, “with all faults”, and without warranty of any kind.
|
||||
|
||||
@ -62,9 +62,9 @@ b) Canada. If you acquired this software in Canada, you may stop receiving updat
|
||||
|
||||
c) Germany and Austria.
|
||||
|
||||
i. Warranty. The properly licensed software will perform substantially as described in any Microsoft materials that accompany the software. However, Microsoft gives no contractual guarantee in relation to the licensed software.
|
||||
i. Warranty. The properly licensed software will perform substantially as described in any Microsoft materials that accompany the software. However, Microsoft gives no contractual guarantee in relation to the licensed software.
|
||||
|
||||
ii. Limitation of Liability. In case of intentional conduct, gross negligence, claims based on the Product Liability Act, as well as, in case of death or personal or physical injury, Microsoft is liable according to the statutory law.
|
||||
ii. Limitation of Liability. In case of intentional conduct, gross negligence, claims based on the Product Liability Act, as well as, in case of death or personal or physical injury, Microsoft is liable according to the statutory law.
|
||||
|
||||
Subject to the foregoing clause ii., Microsoft will only be liable for slight negligence if Microsoft is in breach of such material contractual obligations, the fulfillment of which facilitate the due performance of this agreement, the breach of which would endanger the purpose of this agreement and the compliance with which a party may constantly trust in (so-called "cardinal obligations"). In other cases of slight negligence, Microsoft will not be liable for slight negligence.
|
||||
|
||||
|
||||
@ -86,11 +86,6 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
|
||||
|
||||
1. **MDM Policy:** [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Choose whether SmartScreen is turned on or off. **Set to 0 (zero)**
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
> | Setting | MDM Policy | Description |
|
||||
> | --- | --- | --- |
|
||||
> | 1. Automatic Root Certificates Update | There is intentionally no MDM available for Automatic Root Certificate Update. | This MDM does not exist since it would prevent the operation and management of MDM management of devices.|
|
||||
|
||||
@ -1142,7 +1142,7 @@ To turn off **Let apps access my call history**:
|
||||
|
||||
### <a href="" id="bkmk-priv-email"></a>18.11 Email
|
||||
|
||||
In the **Email** area, you can choose which apps have can access and send email.
|
||||
In the **Email** area, you can choose which apps have access and can send email.
|
||||
|
||||
To turn off **Let apps access and send email**:
|
||||
|
||||
|
||||
@ -35,10 +35,10 @@ Where applicable, each endpoint covered in this topic includes a link to specifi
|
||||
|
||||
We used the following methodology to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
|
||||
|
||||
|
||||
@ -35,10 +35,10 @@ Where applicable, each endpoint covered in this topic includes a link to specifi
|
||||
|
||||
We used the following methodology to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
|
||||
|
||||
|
||||
@ -35,10 +35,10 @@ Where applicable, each endpoint covered in this topic includes a link to specifi
|
||||
|
||||
We used the following methodology to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
|
||||
|
||||
|
||||
@ -34,10 +34,10 @@ Where applicable, each endpoint covered in this topic includes a link to the spe
|
||||
|
||||
The following methodology was used to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
|
||||
7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
|
||||
@ -55,7 +55,7 @@ The following methodology was used to derive these network endpoints:
|
||||
||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US
|
||||
||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
|
||||
||The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|candycrushsoda.king.com|
|
||||
||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
|
||||
||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
|
||||
||The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|wallet.microsoft.com|
|
||||
||The following endpoint is used by the Groove Music app for update HTTP handler status. If you turn off traffic for this endpoint, apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app.|HTTPS|mediaredirect.microsoft.com|
|
||||
||The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint disable the Microsoft Store.|HTTPS|int.whiteboard.microsoft.com|
|
||||
@ -108,7 +108,7 @@ The following methodology was used to derive these network endpoints:
|
||||
|||HTTP |share.microsoft.com|
|
||||
|Network Connection Status Indicator (NCSI)|
|
||||
||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
|
||||
Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTP|*.c-msedge.net|
|
||||
Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTP|*.c-msedge.net|
|
||||
|||HTTPS|*.e-msedge.net|
|
||||
|||HTTPS|*.s-msedge.net|
|
||||
|||HTTPS|nexusrules.officeapps.live.com|
|
||||
|
||||
@ -27,10 +27,10 @@ In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-e
|
||||
|
||||
We used the following methodology to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
|
||||
|
||||
|
||||
@ -27,10 +27,10 @@ In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-e
|
||||
|
||||
We used the following methodology to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
|
||||
|
||||
|
||||
@ -27,10 +27,10 @@ In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1
|
||||
|
||||
We used the following methodology to derive these network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here.
|
||||
|
||||
|
||||
@ -26,10 +26,10 @@ In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1
|
||||
|
||||
The following methodology was used to derive the network endpoints:
|
||||
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
|
||||
2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
|
||||
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
|
||||
4. Compile reports on traffic going to public IP addresses.
|
||||
5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
|
||||
6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
|
||||
7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
|
||||
@ -228,7 +228,7 @@ The following methodology was used to derive the network endpoints:
|
||||
|browser.pipe.aria.microsoft.com|HTTP|Used by OfficeHub to get the metadata of Office apps
|
||||
|cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile
|
||||
|cds.p9u4n2q3.hwcdn.net|HTTP|Used by the Highwinds Content Delivery Network to perform Windows updates
|
||||
|client-office365-tas.msedge.net/*|HTTPS|Office 365 porta and Office Online
|
||||
|client-office365-tas.msedge.net/*|HTTPS|Office 365 portal and Office in a browser
|
||||
|ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent
|
||||
|displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store
|
||||
|dmd.metaservices.microsoft.com*|HTTP|Device Authentication
|
||||
|
||||
Reference in New Issue
Block a user