From ab42302e07f9d16e0cce6d20081c2a830de8cc50 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Apr 2017 13:13:43 -0700 Subject: [PATCH 1/4] removed en-us --- ...cker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md index 067ac522b1..f0d6942f8b 100644 --- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md +++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md @@ -55,7 +55,7 @@ This topic explains how to enable BitLocker on an end user's computer by using M - Robust error handling - You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=54439). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server. + You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=54439). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server. **WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script. From eee3044ebbfe664da5867495403ca82acbf9940e Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 13 Apr 2017 14:06:13 -0700 Subject: [PATCH 2/4] Removed guidance causing dual scan in SCCM --- ...as-manage-updates-configuration-manager.md | 77 ------------------- 1 file changed, 77 deletions(-) diff --git a/windows/update/waas-manage-updates-configuration-manager.md b/windows/update/waas-manage-updates-configuration-manager.md index 9bdb0238e0..755c3c34a5 100644 --- a/windows/update/waas-manage-updates-configuration-manager.md +++ b/windows/update/waas-manage-updates-configuration-manager.md @@ -48,83 +48,6 @@ For the Windows 10 servicing dashboard to display information, you must adhere t When you have met all these requirements and deployed a servicing plan to a collection, you’ll receive information on the Windows 10 servicing dashboard. -## Enable CBB clients in Windows 10, version 1511 - -When you use System Center Configuration Manager to manage Windows 10 servicing, you must first set the **Defer Updates or Upgrades** policy on the clients that should be on the Current Branch for Business (CBB) servicing branch so that you can use CBB servicing plans from Configuration Manager. You can do this either manually or through Group Policy. If you don’t set this policy, Configuration Manager discovers all clients, as it would in Current Branch (CB) mode. - -**To use Group Policy to configure a client for the CBB servicing branch** - ->[!NOTE] ->In this example, a specific organizational unit (OU) called **Windows 10 – Current Branch for Business Machines** contains the Windows 10 devices that should be configured for CBB. You can also use a security group to filter the computers to which the policy should be applied. - -1. On a PC running the Remote Server Administration Tools or on a domain controller, open Group Policy Management Console (GPMC). - -2. Expand Forest\Domains\\*Your_Domain*. - -4. Right-click the **Windows 10 – Current Branch for Business Machines** OU, and then click **Create a GPO in this domain, and Link it here**. - - ![Example of UI](images/waas-sccm-fig2.png) - -5. In the **New GPO** dialog box, type **Enable Current Branch for Business** for the name of the new GPO. - - >[!NOTE] - >In this example, you’re linking the GPO to a specific OU. This is not a requirement. You can link the Windows Update for Business GPOs to any OU or the top-level domain, whichever is appropriate for your Active Directory Domain Services (AD DS) structure. - -6. Right-click the **Enable Current Branch for Business** GPO, and then click **Edit**. - -7. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update. - -8. Right-click the **Defer Upgrades and Updates** setting, and then click **Edit**. - - ![Example of UI](images/waas-sccm-fig3.png) - -9. Enable the policy, and then click **OK**. - - >[!NOTE] - >The additional options in this setting are only for Windows Update for Business, so be sure not to configure them when using System Center Configuration Manager for Windows 10 servicing. - -10. Close the Group Policy Management Editor. - -This policy will now be deployed to every device in the **Windows 10 – Current Branch for Business Machines** OU. - - -## Enable CBB clients in Windows 10, version 1607 - -When you use Configuration Manager to manage Windows 10 servicing, you must first set the **Select when Feature Updates** are received policy on the clients that should be on the CBB servicing branch so that you can use CBB servicing plans from Configuration Manager. You can do this either manually or through Group Policy. If you don’t set this policy, Configuration Manager discovers all clients, as it would in CB mode. - ->[!NOTE] ->System Center Configuration Manager version 1606 is required to manage devices running Windows 10, version 1607. - -**To use Group Policy to configure a client for the CBB servicing branch** - ->[!NOTE] ->In this example, a specific organizational unit (OU) called **Windows 10 – Current Branch for Business Machines** contains the Windows 10 devices that should be configured for CBB. You can also use a security group to filter the computers to which the policy should be applied. - -1. On a PC running the Remote Server Administration Tools or on a domain controller, open GPMC. - -2. Expand Forest\Domains\\*Your_Domain*. - -3. Right-click the **Windows 10 – Current Branch for Business Machines** OU, and then click **Create a GPO in this domain, and Link it here**. - - ![Example of UI](images/waas-sccm-fig2.png) - -5. In the **New GPO** dialog box, type **Enable Current Branch for Business** for the name of the new GPO. - - >[!NOTE] - >In this example, you’re linking the GPO to a specific OU. This is not a requirement. You can link the Windows Update for Business GPOs to any OU or the top-level domain, whichever is appropriate for your Active Directory Domain Services (AD DS) structure. - -6. Right-click the **Enable Current Branch for Business** GPO, and then click **Edit**. - -7. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update\Defer Windows Updates. - -8. Right-click the **Select when Feature Updates are received** setting, and then click **Edit**. - -9. Enable the policy, select the **CBB** branch readiness level, and then click **OK**. - -10. Close the Group Policy Management Editor. - -This policy will now be deployed to every device in the **Windows 10 – Current Branch for Business Machines** OU. - ## Create collections for deployment rings Regardless of the method by which you deploy Windows 10 feature updates to your environment, you must start the Windows 10 servicing process by creating collections of computers that represent your deployment rings. In this example, you create two collections: **Windows 10 – All Current Branch for Business** and **Ring 4 Broad business users**. You’ll use the **Windows 10 – All Current Branch for Business** collection for reporting and deployments that should go to all CBB clients. You’ll use the **Ring 4 Broad business users** collection as a deployment ring for the first CBB users. From 6b7031b75fe3a35cadfd98ac4c7092b103adf8c2 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 13 Apr 2017 14:58:13 -0700 Subject: [PATCH 3/4] updating requirements for WHfB --- windows/keep-secure/hello-manage-in-organization.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/hello-manage-in-organization.md b/windows/keep-secure/hello-manage-in-organization.md index 44cef02636..165f6259f6 100644 --- a/windows/keep-secure/hello-manage-in-organization.md +++ b/windows/keep-secure/hello-manage-in-organization.md @@ -307,7 +307,7 @@ You’ll need this software to set Windows Hello for Business policies in your e Windows Hello for Business mode Azure AD -Active Directory (AD) on-premises (available with production release of Windows Server 2016) +Active Directory (AD) on-premises (only supported with Windows 10, version 1703 clients) Azure AD/AD hybrid (available with production release of Windows Server 2016) @@ -318,7 +318,6 @@ You’ll need this software to set Windows Hello for Business policies in your e
  • Active Directory Federation Service (AD FS) (Windows Server 2016)
  • A few Windows Server 2016 domain controllers on-site
    • -
  • Microsoft System Center 2012 R2 Configuration Manager SP2
  • Azure AD subscription
    • @@ -339,7 +338,6 @@ You’ll need this software to set Windows Hello for Business policies in your e
  • ADFS (Windows Server 2016)
  • Active Directory Domain Services (AD DS) Windows Server 2016 schema
  • PKI infrastructure
    • -
  • Configuration Manager SP2, Intune, or non-Microsoft MDM solution
  • Azure AD subscription
    • @@ -355,7 +353,8 @@ Configuration Manager and MDM provide the ability to manage Windows Hello for Bu Azure AD provides the ability to register devices with your enterprise and to provision Windows Hello for Business for organization accounts. - +>[!IMPORTANT] +>Active Directory on-premises deployment **is not currently available** and will become available with a future update of ADFS on Windows Server 2016. The requirements listed in the above table will apply when this deployment type becomes available. ## How to use Windows Hello for Business with Azure Active Directory From ed5446747dc38a2dc62273d5a0a74cbd2ea3c294 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Thu, 13 Apr 2017 17:08:00 -0700 Subject: [PATCH 4/4] Surface LTSB edits Update author; driver text --- .../surface-device-compatibility-with-windows-10-ltsb.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsb.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsb.md index 189e013e77..f1f5afdf72 100644 --- a/devices/surface/surface-device-compatibility-with-windows-10-ltsb.md +++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsb.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library -author: jdeckerMS +author: DavbeaMSFT --- # Surface device compatibility with Windows 10 Long-Term Servicing Branch (LTSB) @@ -44,7 +44,7 @@ The LTSB servicing option is designed for device types and scenarios where the k Before you choose to use Windows 10 Enterprise LTSB edition on Surface devices, consider the following limitations: -* Drivers and firmware for Surface devices are tested against the most recent version of Windows 10 CB and the last two versions of CBB. Drivers and firmware are not explicitly tested against releases of Windows 10 Enterprise LTSB. +* Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSB. * If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSB, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSB, or to Windows 10 Pro or Enterprise with the CB or CBB servicing option.