deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

merge conflict

Browse Source
This commit is contained in:
Patti Short 2018-08-28 08:36:23 -07:00
commit 889349aee2
63 changed files with 1978 additions and 1353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.openpublishing.redirection.json
View File

@ -1,6 +1,16 @@
{
"redirections": [
{
"source_path": "windows/security/threat-protection/intelligence/av-tests.md",
"redirect_url": "/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/intelligence/transparency-report.md",
"redirect_url": "/windows/security/threat-protection/intelligence/av-tests",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/update/waas-windows-insider-for-business-aad.md",
"redirect_url": "https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-add",
"redirect_document_id": true

2
browsers/edge/includes/allow-config-updates-books-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow configuration updates for the Books Library -->
>*Supported versions: Microsoft Edge on Windows 10, version 1802 or later*<br>
>*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*<br>
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]

4
browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
View File

@ -1,5 +1,5 @@
<!-- ## Allow extended telemetry for the Books tab -->
>*Supported versions: Microsoft Edge on Windows 10, version 1802 or later*<br>
>*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*<br>
>*Default setting: Disabled or not configured (Gather and send only basic diagnostic data)*
[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
@ -32,4 +32,4 @@
- **Value type:** REG_DWORD
<hr>
<hr>

5
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -7,7 +7,7 @@ ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.date: 06/01/2018
ms.date: 08/28/2018
ms.localizationpriority: medium
---
@ -108,8 +108,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
 ## Disable anonymous email and IM
>[!WARNING]
>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account.

5
devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
View File

@ -6,7 +6,7 @@ ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.date: 06/01/2018
ms.date: 08/28/2018
ms.localizationpriority: medium
---
@ -97,8 +97,7 @@ If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 o
## Disable anonymous email and IM
>[!WARNING]
>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account.

2
education/get-started/inclusive-classroom-it-admin.md
View File

@ -29,7 +29,6 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea
| Read aloud with simultaneous highlighting | <ul><li>OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac</li><li>Word 2016, Word Online, Word Mac, Word for iOS</li><li>Outlook 2016, Outlook Web Access</li><li>Office Lens on iOS, Android</li></ul> | <p style="text-align: center;">X</p> <p style="text-align: center;"><p style="text-align: center;">(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)</p> | <p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Outlook PC)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps or Outlook PC)</p> |
| Adjustable text spacing and font size | <ul><li>OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac</li><li>Word 2016, Word Online, Word Mac, Word for iPad</li><li>Outlook Web Access</li><li>Office Lens on iOS, Android</li></ul> | <p style="text-align: center;">X</p> <p style="text-align: center;"><p style="text-align: center;">(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)</p> |<p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> |
| Syllabification | <ul><li>OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac</li><li>Word Online</li><li>Outlook Web Access</li></ul> | | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word for iOS, Word Online, Outlook Web Access)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word iOS)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word iOS)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps or Word iOS)</p> |
| Parts of speech identification | <ul><li>OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac</li><li>Word 2016, Word Online, Word Mac, Word for iOS</li><li>Outlook 2016, Outlook Web Access</li><li>Office Lens on iOS, Android</li></ul> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word Online, Outlook Web Access)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word Online, Outlook Web Access)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> |
| Line focus mode | <ul><li>Word 2016, Word Online, Word Mac, Word for iOS</li><li>Outlook 2016, Outlook Web Access</li><li>Office Lens on iOS, Android</li></ul> | | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word Online, Outlook Web Access)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> |
| Picture Dictionary | <ul><li>Word 2016, Word Online, Word Mac, Word for iOS</li><li>Outlook 2016, Outlook Web Access</li><li>Office Lens on iOS, Android</li></ul> | | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for Word Online, Outlook Web Access)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> | <p style="text-align: center;">X</p> <p style="text-align: center;">(N/A for any OneNote apps)</p> |
@ -48,7 +47,6 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea
| Creating accessible content features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
|---|---|---|---|---|---|---|
| Accessibility Checker | <ul><li>All Office 365 authoring applications on PC, Mac, Web</li></ul> | | <p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> | | |
| Accessible Templates | <ul><li>Word for PCs, Mac</li><li>Excel for PCs, Mac</li><li>PowerPoint for PCs, Mac</li><li>Sway on iOS, Web, Windows 10</li></ul> | | <p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> | | |
| Ability to add alt-text for images | <ul><li>Word for PCs (includes automatic suggestions for image descriptions)</li><li>SharePoint Online (includes automatic suggestions for image descriptions)</li><li>PowerPoint for PCs (includes automatic suggestions for image descriptions)</li><li>OneNote (includes automatic extraction of text in images)</li><li>All Office 365 authoring applications (include ability to add alt-text manually)</li></ul> | <p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> | <p style="text-align: center;">X</p> | | |

34
mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
View File

@ -7,12 +7,12 @@ ms.pagetype: mdop, security
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
ms.date: 07/18/2017
ms.date: 08/23/2018
ms.author: pashort
---
# High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology
# High-level architecture of MBAM 2.5 with Configuration Manager Integration topology
This topic describes the recommended architecture for deploying Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Integration topology. This topology integrates MBAM with System Center Configuration Manager. To deploy MBAM with the Stand-alone topology, see [High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md).
@ -54,7 +54,7 @@ The recommended number of servers and supported number of clients in a productio
 
## Differences between Configuration Manager Integration and Stand-alone topologies
## Differences between Configuration Manager Integration and stand-alone topologies
The main differences between the topologies are:
@ -70,15 +70,15 @@ The following diagram and table describe the recommended high-level architecture
![mbam2\-5](images/mbam2-5-cmserver.png)
### Database Server
### Database server
#### Recovery Database
#### Recovery database
This feature is configured on a computer running Windows Server and supported SQL Server instance.
The **Recovery Database** stores recovery data that is collected from MBAM Client computers.
#### Audit Database
#### Audit database
This feature is configured on a computer running Windows Server and supported SQL Server instance.
@ -90,7 +90,7 @@ This feature is configured on a computer running Windows Server and supported SQ
The **Reports** provide recovery audit data for the client computers in your enterprise. You can view reports from the Configuration Manager console or directly from SQL Server Reporting Services.
### Configuration Manager Primary Site Server
### Configuration Manager primary site server
System Center Configuration Manager Integration feature
@ -102,19 +102,19 @@ System Center Configuration Manager Integration feature
- The **Configuration Manager console** must be installed on the same computer on which you install the MBAM Server software.
### Administration and Monitoring Server
### Administration and monitoring server
#### Administration and Monitoring Website
#### Administration and monitoring website
This feature is configured on a computer running Windows Server.
The **Administration and Monitoring Website** is used to:
The **Administration and monitoring website** is used to:
- Help end users regain access to their computers when they are locked out. (This area of the Website is commonly called the Help Desk.)
- View the Recovery Audit Report, which shows recovery activity for client computers. Other reports are viewed from the Configuration Manager console.
#### Self-Service Portal
#### Self-service portal
This feature is configured on a computer running Windows Server.
@ -126,21 +126,19 @@ This feature is installed on a computer running Windows Server.
The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database.
**Important**  
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
**Important**<br>The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database.
 
### Management Workstation
### Management workstation
#### MBAM Group Policy Templates
#### MBAM group policy templates
- The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption.
- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
**Note**  
The workstation does not have to be a dedicated computer.
**NOTE**<br>The workstation does not have to be a dedicated computer.
 

2
mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
View File

@ -109,7 +109,7 @@ This feature is configured on a computer running Windows Server.
The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database.
**Important**  
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database.
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database.
 

3
windows/application-management/TOC.md
View File

@ -4,7 +4,8 @@
## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md)
## [Understand apps in Windows 10](apps-in-windows-10.md)
## [Add apps and features in Windows 10](add-apps-and-features.md)
### [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md)
## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md)
### [Learn how to repackage win32 apps in the MSIX format](msix-app-packaging-tool-walkthrough.md)
## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md)
### [Getting Started with App-V](app-v/appv-getting-started.md)
#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md)

169
windows/application-management/apps-in-windows-10.md
View File

@ -8,7 +8,7 @@ ms.pagetype: mobile
ms.author: elizapo
author: lizap
ms.localizationpriority: medium
ms.date: 07/10/2018
ms.date: 08/23/2018
---
# Understand the different apps included in Windows 10
@ -20,7 +20,7 @@ The following types of apps run on Windows 10:
Digging into the Windows apps, there are two categories:
- System apps - Apps that are installed in the c:\Windows\* directory. These apps are integral to the OS.
- Apps - All other apps, installed in c:\Program Files\WindowsApps. There are two classes of apps:
- Provisioned: Installed the first time you sign into Windows. You'll see a tile or Start menu item for these apps, but they aren't installed until the first sign-in.
- Provisioned: Installed in user account the first time you sign in with a new user account.
- Installed: Installed as part of the OS.
The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1607, 1703, and 1709, and indicate whether an app can be uninstalled through the UI.
@ -30,7 +30,7 @@ Some of the apps show up in multiple tables - that's because their status change
> [!TIP]
> Want to see a list of the apps installed on your specific image? You can run the following PowerShell cmdlet:
> ```powershell
> Get-AppxPackage |Select Name,PackageFamilyName
> Get-AppxPackage | select Name,PackageFamilyName
> Get-AppxProvisionedPackage -Online | select DisplayName,PackageName
> ```
@ -38,66 +38,116 @@ Some of the apps show up in multiple tables - that's because their status change
System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1703, 1709, and 1803.
| Name | Full name |1703 | 1709 | 1803 |Uninstall through UI? |
|------------------|-------------------------------------------|:------:|:------:|:------:|-------------------------------------------------------|
| Cortana UI | CortanaListenUIApp | x | | |No |
| | Desktop Learning | x | | |No |
| | DesktopView | x | | |No |
| | EnvironmentsApp | x | | |No |
| Mixed Reality + | HoloCamera | x | | |No |
| Mixed Reality + | HoloItemPlayerApp | x | | |No |
| Mixed Reality + | HoloShell | x | | |No |
| | InputApp | | x | x |No |
| | Microsoft.AAD.Broker.Plugin | x | x | x |No |
| | Microsoft.AccountsControl | x | x | x |No |
| Hello setup UI | Microsoft.BioEnrollment | x | x | x |No |
| | Microsoft.CredDialogHost | x | x | x |No |
| | Microsoft.ECApp | | x | x |No |
| | Microsoft.LockApp | x | x | x |No |
| Microsoft Edge | Microsoft.Microsoft.Edge | x | x | x |No |
| | Microsoft.PPIProjection | x | x | x |No |
| | Microsoft.Windows. Apprep.ChxApp | x | x | x |No |
| | Microsoft.Windows. AssignedAccessLockApp | x | x | x |No |
| | Microsoft.Windows. CloudExperienceHost | x | x | x |No |
| | Microsoft.Windows. ContentDeliveryManager | x | x | x |No |
| Cortana | Microsoft.Windows.Cortana | x | x | x |No |
| | Microsoft.Windows. Holographic.FirstRun | x | x | x |No |
| | Microsoft.Windows. ModalSharePickerHost | x | | |No |
| | Microsoft.Windows. OOBENetworkCaptivePort | x | x | x |No |
| | Microsoft.Windows. OOBENetworkConnectionFlow | x | x | x |No |
| | Microsoft.Windows. ParentalControls | x | x | x |No |
| People Hub | Microsoft.Windows. PeopleExperienceHost | | x | x |No |
| | Microsoft.Windows. PinningConfirmationDialog | | x | x |No |
| | Microsoft.Windows. SecHealthUI | x | x | x |No |
| | Microsoft.Windows. SecondaryTileExperience | x | x | |No |
| | Microsoft.Windows. SecureAssessmentBrowser | x | x | x |No |
| Start | Microsoft.Windows. ShellExperienceHost | x | x | x |No |
| Windows Feedback | Microsoft.WindowsFeedback | * | * | |No |
| | Microsoft.XboxGameCallableUI | x | x | x |No |
| Contact Support* | Windows.ContactSupport | x | * | |Through the Optional Features app |
| Settings | Windows.ImmersiveControlPanel | x | x | |No |
| Connect | Windows.MiracastView | x | | |No |
| Print 3D | Windows.Print3D | | x | |Yes |
| Print UI | Windows.PrintDialog | x | x | x |No |
| Purchase UI | Windows.PurchaseDialog | | | x |No |
| | Microsoft.AsyncTextService | | | x |No |
| | Microsoft.MicrosoftEdgeDevToolsClient | | | x |No |
| | Microsoft.Win32WebViewHost | | | x |No |
| | Microsoft.Windows.CapturePicker | | | x |No |
| | Windows.CBSPreview | | | x |No |
|File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x |No |
|File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x |No |
|App Resolver | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x |No |
|Add Suggested folder Dialog box| F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE|| | x |No |
| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
|------------------|--------------------------------------------|:----:|:----:|:----:|:----------------------------------:|
| Cortana UI | CortanaListenUIApp | x | | |No |
| | Desktop Learning | x | | |No |
| | DesktopView | x | | |No |
| | EnvironmentsApp | x | | |No |
| Mixed Reality + | HoloCamera | x | | |No |
| Mixed Reality + | HoloItemPlayerApp | x | | |No |
| Mixed Reality + | HoloShell | x | | |No |
| | InputApp | | x | x |No |
| | Microsoft.AAD.BrokerPlugin | x | x | x |No |
| | Microsoft.AccountsControl | x | x | x |No |
| Hello setup UI | Microsoft.BioEnrollment | x | x | x |No |
| | Microsoft.CredDialogHost | x | x | x |No |
| | Microsoft.ECApp | | x | x |No |
| | Microsoft.LockApp | x | x | x |No |
| Microsoft Edge | Microsoft.MicrosoftEdge | x | x | x |No |
| | Microsoft.PPIProjection | x | x | x |No |
| | Microsoft.Windows.Apprep.ChxApp | x | x | x |No |
| | Microsoft.Windows.AssignedAccessLockApp | x | x | x |No |
| | Microsoft.Windows.CloudExperienceHost | x | x | x |No |
| | Microsoft.Windows.ContentDeliveryManager | x | x | x |No |
| Cortana | Microsoft.Windows.Cortana | x | x | x |No |
| | Microsoft.Windows.Holographic.FirstRun | x | x | x |No |
| | Microsoft.Windows.ModalSharePickerHost | x | | |No |
| | Microsoft.Windows.OOBENetworkCaptivePort | x | x | x |No |
| | Microsoft.Windows.OOBENetworkConnectionFlow| x | x | x |No |
| | Microsoft.Windows.ParentalControls | x | x | x |No |
| People Hub | Microsoft.Windows.PeopleExperienceHost | | x | x |No |
| | Microsoft.Windows.PinningConfirmationDialog| | x | x |No |
| | Microsoft.Windows.SecHealthUI | x | x | x |No |
| | Microsoft.Windows.SecondaryTileExperience | x | x | |No |
| | Microsoft.Windows.SecureAssessmentBrowser | x | x | x |No |
| Start | Microsoft.Windows.ShellExperienceHost | x | x | x |No |
| Windows Feedback | Microsoft.WindowsFeedback | * | * | |No |
| | Microsoft.XboxGameCallableUI | x | x | x |No |
| Contact Support\* | Windows.ContactSupport | x | * | |via Optional Features app |
| Settings | Windows.ImmersiveControlPanel | x | x | |No |
| Connect | Windows.MiracastView | x | | |No |
| Print 3D | Windows.Print3D | | x | |Yes |
| Print UI | Windows.PrintDialog | x | x | x |No |
| Purchase UI | Windows.PurchaseDialog | | | x |No |
| | Microsoft.AsyncTextService | | | x |No |
| | Microsoft.MicrosoftEdgeDevToolsClient | | | x |No |
| | Microsoft.Win32WebViewHost | | | x |No |
| | Microsoft.Windows.CapturePicker | | | x |No |
| | Windows.CBSPreview | | | x |No |
|File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x |No |
|File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x |No |
|App Resolver | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x |No |
|Add Suggested folder Dialog box| F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE|| | x |No |
>[!NOTE]
>\* The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
## Provisioned Windows apps
Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709, and 1803.
| App Name (Canonical) | Display Name | 1703 | 1709 | 1803 | Uninstall via UI? |
|--------------------------------|------------------------|:-----:|:----:|:----:|:-----------------:|
| 3D Builder | [Microsoft.3DBuilder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | Yes |
| App Installer | [Microsoft.DesktopAppInstaller](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | Via Settings App |
| Feedback Hub | [Microsoft.WindowsFeedbackHub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | Yes |
| Get Help | [Microsoft.GetHelp](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | No |
| Get Office | [Microsoft.MicrosoftOfficeHub](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | Yes |
| Groove Music | [Microsoft.ZuneMusic](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | No |
| Mail and Calendar | [Microsoft.windowscommunicationsapps](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | No |
| Microsoft Messaging | [Microsoft.Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | No |
| Microsoft People | [Microsoft.People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | No |
| Microsoft Photos | [Microsoft.Windows.Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | No |
| Microsoft Solitaire Collection | [Microsoft.MicrosoftSolitaireCollection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | Yes |
| Microsoft Sticky Notes | [Microsoft.MicrosoftStickyNotes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | No |
| Microsoft Tips | [Microsoft.Getstarted](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | Yes |
| Mixed Reality Viewer | [Microsoft.Microsoft3DViewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | No |
| Movies & TV | [Microsoft.ZuneVideo](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | No |
| MSN Weather (BingWeather | [Microsoft.BingWeather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | Yes |
| One Note | [Microsoft.Office.OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | Yes |
| Paid Wi-Fi & Cellular | [Microsoft.OneConnect](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | Yes |
| Paint 3D | [Microsoft.MSPaint](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | No |
| Print 3D | [Microsoft.Print3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | No |
| Skype | [Microsoft.SkypeApp](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | Yes |
| Store Purchase App\* | App not available in store | x | x | x | No |
| Wallet | App not available in store | x | x | x | No |
| Web Media Extensions | [Microsoft.WebMediaExtensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | No |
| Windows Alarms & Clock | [Microsoft.WindowsAlarms](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | No |
| Windows Calculator | [Microsoft.WindowsCalculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | No |
| Windows Camera | [Microsoft.WindowsCamera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | No |
| Windows Maps | [Microsoft.WindowsMaps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | No |
| Windows Store | [Microsoft.WindowsStore](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | No |
| Windows Voice Recorder | [Microsoft.SoundRecorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | No |
| Xbox | [Microsoft.XboxApp](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | No |
| Xbox Game Bar | [Microsoft.XboxGameOverlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | No |
| Xbox Gaming Overlay | [Microsoft.XboxGamingOverlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | No |
| Xbox Identity Provider | [Microsoft.XboxIdentityProvider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | No |
| Xbox Speech to Text Overlay | App not available in store | x | x | x | No |
| Xbox TCUI | [Microsoft.Xbox.TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | No |
>[!NOTE]
>\* The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
> [!NOTE]
> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
## Installed Windows apps
Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
|--------------------|------------------------------------------|:----:|:----:|:----:|----------------------|
| Name | DisplayName | 1703 | 1709 | 1803 |Uninstall through UI? |
|--------------------|------------------------------------------|:----:|:----:|:----:|:----------------------:|
| Remote Desktop | Microsoft.RemoteDesktop | x | x | | Yes |
| PowerBI | Microsoft.Microsoft PowerBIforWindows | x | | | Yes |
| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | x | Yes |
@ -106,7 +156,7 @@ Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, a
| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | x | Yes |
| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | x | Yes |
| Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes |
| News | Microsoft.BingNews | x | x | x | Yes |
| News | Microsoft.BingNews | x | x | x | Yes |
| Flipboard | | | | | Yes |
| | Microsoft.Advertising.Xaml | x | x | x | Yes |
| | Microsoft.NET.Native.Framework.1.2 | x | x | x | Yes |
@ -177,3 +227,4 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709,
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
---

BIN
windows/application-management/images/Createpackage.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

BIN
windows/application-management/images/Installation.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 107 KiB

BIN
windows/application-management/images/Managefirstlaunchtasks.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 120 KiB

BIN
windows/application-management/images/PackageSupport.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 159 KiB

BIN
windows/application-management/images/Packageinfo.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

BIN
windows/application-management/images/Selectinstaller.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 193 KiB

BIN
windows/application-management/images/donemonitoring..PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 173 KiB

BIN
windows/application-management/images/preparecomputer.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 289 KiB

BIN
windows/application-management/images/preparingpackagestep.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 132 KiB

BIN
windows/application-management/images/selectEnvironmentThiscomputer.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 148 KiB

BIN
windows/application-management/images/selectEnvironmentVM.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 163 KiB

BIN
windows/application-management/images/welcomescreen.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 133 KiB

160
windows/application-management/msix-app-packaging-tool-walkthrough.md Normal file
View File

@ -0,0 +1,160 @@
---
title: Learn how to repackage your existing win32 applications to the MSIX format. This walkthrough provides in-depth detail on how the MSIX app packaging tool can be used.
description: Learn how to use the MSIX packaging tool with this in-depth walkthrough.
keywords: ["MSIX", "application", "app", "win32", "packaging tool"]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: medium
ms.author: mikeblodge
ms.topic: article
ms.date: 08/027/2018
---
# MSIX Packaging tool walkthrough
Learn how to repackage your legacy win32 application installers to MSIX, without the need for making code changes to your apps. The MSIX Packaging Tool allows you to modernize your app to take adavantage of Microsoft Store or Microsoft Store for Business to deploy apps on Windows 10 in S mode.
## Terminology
|Term |Definition |
|---------|---------|
|MPT | MSIX Packaging Tool. An enterprise grade tool that allows to package apps in the enterprise easily as MSIX without app code changes. |
|PSF | Package Support Framework. An open source framework to allow the packaging tool and the IT Admin to apply targeted fixes to the app in order to bypass some of the modern environment constrains. Some fixes will be added automatically by the tool and some will be added manually. |
|Modification Package | MSIX package to stores app preferences/settings and add-ins, decoupled from the main package. |
|Installer | Application installer can be an MSI, EXE, App-V , ClickOnce. |
|Project template file | Template file that saves the settings and parameters used for a certain package conversion. Information captured in the template includes general Tooling packaging options, settings in the options menus like exclusion lists, package deployment settings, application install location, package manifest information like Package Family Name, publisher, version and package properties like capabilities and advanced enterprise features. |
## Creating an Application package
![Create a package](images/welcomescreen.png)
When the tool is first launched, you will be prompted to provide consent to sending telemtry data. It's important to note that the diagnostic data you share only comes from the app and is never used to identify or contact you. This just helps us fix things faster for you.
![creating an application package](images/Selectinstaller.png)
Creating an Application package is the most commonly used option. This is where you will create an MSIX package from an installer, or by manual installation of application payload.
- If an installer is being used, browse to and select the desired application installer and click **Next**.
- This field accepts a valid existing file path.
- The field can be empty if you are manually packaging.
- If there is no installer (manual packaging) click **Next**.
*Optionally*
- Check the box under "Use Existing MSIX Package", browse, and select an existing MSIX package you'd like to update.
- Check the box under "Use installer Preferences" and enter the desired argument in the provided field. This field accepts any string.
### Packaging method
![selecting the package environment](images/selectenvironmentthiscomputer.png)
- Select the packaging environment by selecting one of the radio buttons:
- "Create package on an existing virtual machine" if you plan to do the package creation on a VM. Click **Next**. (You will be presented with user and password fields to provide credentials for the VM if there are any).
- "Create package on this computer" if you plan to package the application on the current machine where the tool is installed. Click **Next**.
### Create package on this computer
![Create a package on this computer](images/packageinfo.png)
You've selected to package your application on the current machine where the tool is installed. Nice job! Provide the information pertaining to the app. The tool will try to auto-fill these fields based on the information available from the installer. You will always have a choice to update the entries as needed. If the field as an asterisk*, it's required, but you already knew that. Inline help is provided if the entry is not valid.
- Package name:
- Required and corresponds to package identity Name in the manifest to describe the contents of the package.
- Must match the Name subject information of the certificate used to sign a package.
- Is not shown to the end user.
- Is case-sensitive and cannot have a space.
- Can accept string between 3 and 50 characters in length that consists of alpha-numeric, period, and dash characters.
- Cannot end with a period and be one of these: "CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", and "LPT9."
- Package display name:
- Required and corresponds to package <DisplayName> in the manifest to display a friendly package name to the user, in start menu and settings pages.
- Field accepts A string between 1 and 256 characters in length and is localizable.
- Publisher name
- Required and corresponds to package <Publisher Name> that describes the publisher information.
- The Publisher attribute must match the publisher subject information of the certificate used to sign a package.
- This field accepts a string between 1 and 8192 characters in length that fits the regular expression of a distinguished name : "(CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")(, ((CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")))*".
- Publisher display name
- Reuqired and corresponds to package <PublisherDisplayName> in the manifest to display a friendly publisher name to the user, in App installer and settings pages.
- Field accepts A string between 1 and 256 characters in length and is localizable.
- Version
- Required and corresponds to package <Identity Version> in the manifest to describe the The version number of the package.
- This field accepts a version string in quad notation, "Major.Minor.Build.Revision".
- Install location
- This is the location that the installer is going to copy the application payload to (usually Programs Files folder).
- This field is optional but recommended.
- Browse to and select a folder path.
- Make sure this filed matches Installers Install location while you go through the application install operation.
### Prepare computer
![prepare your computer](images/preparecomputer.png)
- You are provided with options to prepare the computer for packaging.
- MSIX Packaging Tool Driver is required and the tool will automatically try to enable it if it is not enabled.
> [!NOTE]
> MSIX Packaging tool driver monitors the system to capture the changes that an installer is making on the system which allows MSIX Packaging Tool to create a package based on those changes.
- The tool will first check with DISM to see if the driver is installed.
- [Optional] Check the box for “Windows Search is Active” and select “disable selected” if you choose to disable the search service.
- This is not required, only recommended.
- Once disabled, the tool will update the status field to “disabled”
- [Optional] Check the box for “Windows Update is Active” and select “disable selected” if you choose to disable the Update service.
- This is not required, only recommended.
- Once disabled, the tool will update the status field to “disabled”
- “Pending reboot” checkbox is disabled by default. You'll need to manually restart the machine and then launch the tool again if you are prompted that pending operations need a reboot.
- This not required, only recommended.
When you're done preparing the machine, click **Next**.
### Installation
![Installation phase for capturing the install operations](images/installation.png)
- This is installation phase where the tool is monitoring and capturing the application install operations.
- If you've provided an installer, the tool will launch the installer and you'll need to go through the installer wizard to install the application.
- Make sure the installation path matches what was defined earlier in the package information page.
- You'll need to create a shortcut in desktop for the newly installed application.
- Once you're done with the application installation wizard, make sure you finish or close on the installation wizard.
- If you need to run multiple installers you can do that manually at this point.
- If the app needs other pre-reqs, you need to install them now.
- If the application needs .Net 3.5/20, add the optional feature to Windows.
- If installer was not provided, manually copy the application binaries to the install location that you've defined earlier in package information.
- When you've completed installing the application, click **Next**.
### Manage first launch tasks
![Managing first launch tasks](images/managefirstlaunchtasks.png)
- This page shows application executables that the tool captured.
- We recommended launching the application at least once to capture any first launch tasks.
- If there are multiple applications, check the box that corresponds to the main entry point.
- If you don't see the application .exe here, manually browse to and run it.
- Click **Next**
![pop up asking for confirmation you are done monitoring](images/donemonitoring..png)
You'll be prompted with a pop up asking for confirmation that you're finished with application installation and managing first launch tasks.
- If you're done, click **Yes, move on**.
- If you're not done, click **No, I'm not done**. You'll be taken back to the last page to where you can launch applications, install or copy other files, and dlls/executables.
### Package support report
![Package support, runtime fixes that might be appliciable to the app](images/packagesupport.png)
- Here you'll have a chance to add PSF runtime fixes that might be applicable to the application. *(not supported in preview)*
- The tool will make some suggestions and apply fixes that it thinks are applicable.
- You'll have the opportunity to add, remove or edit PSF runtime fixes
- You can see a list of PSFs provided by the community from Github.
- You'll also see a packaging report on this page. The report will call out noteworthy items for example:
- If certain restricted capabilities like allowElevation is added
- If certain files were excluded from the package.
- Etc
Once done, click **Next**.
## Create package
![Creating the new package](images/createpackage.png)
- Provide a location to save the MSIX package.
- By default, packages are saved in local app data folder.
- You can define the default save location in Settings menu.
- If you'd like to continue to edit the content and properties of the package before saving the MSIX package, you can select “Package editor” and be taken to package editor.
- If you prefer to sign the package with a pre-made certificate for testing, browse to and select the certificate.
- Click **Create** to create the MSIX package.
You'll be presented with the pop up when the package is created. This pop up will include the name, publisher, and save location of the newly created package. You can close this pop up and get redirected to the welcome page. You can also select package editor to see and modify the package content and properties.

18
windows/application-management/msix-app-packaging-tool.md
View File

@ -67,6 +67,20 @@ Examples:
- MsixPackagingTool.exe create-package --template c:\users\documents\ConversionTemplate.xml
- MSIXPackagingTool.exe create-package --template c:\users\documents\ConversionTemplate.xml --virtualMachinePassword pswd112893
## Creating an application package using virtual machines
You can select to perform the packaging steps on a virtual machine. To do this:
- Click on Application package and select “Create package on an existing virtual machine” in the select environment page.
- The tool will then query for existing Virtual machines and allows you to select one form a drop down menu.
- Once a VM is selected the tool will ask for user and password. The username field accepts domain\user entries as well.
When using local virtual machines as conversion environment, the tool leverages an authenticated remote PowerShell connection to configure the virtual machine. A lightweight WCF server then provides bidirectional communication between the host and target environment.
Requirements:
- Virtual Machine need to have PSRemoting enabled. (Enable-PSRemoting command should be run on the VM)
- Virtual Machine needs to be configured for Windows Insider Program similar to the host machine. Minimum Windows 10 build 17701
## Conversion template file
@ -168,7 +182,7 @@ Examples:
```
## Conversion template parameter reference
Here is the complete list of parameters that you can use in the Conversion template file.
Here is the complete list of parameters that you can use in the Conversion template file. When a virtual machine is conversion environment, all file paths(installer, savelocation, etc) should be declared relative to the host, where the tool is running)
|ConversionSettings entries |Description |
@ -189,7 +203,7 @@ Here is the complete list of parameters that you can use in the Conversion templ
|SaveLocation |[optional] An element to specify the save location of the tool. If not specified, the package will be saved under the Desktop folder. |
|SaveLocation::Path |The path to the folder where the resulting MSIX package is saved. |
|Installer::Path |The path to the application installer. |
|Installer::Arguments |The arguments to pass to the installer. You must pass the arguments to force your installer to run unattended/silently. |
|Installer::Arguments |The arguments to pass to the installer. You must pass the arguments to force your installer to run unattended/silently. If the installer is an msi or appv, pass an empty argument ie Installer=””. |
|Installer::InstallLocation |[optional] The full path to your application's root folder for the installed files if it were installed (e.g. "C:\Program Files (x86)\MyAppInstalllocation"). |
|VirtualMachine |[optional] An element to specify that the conversion will be run on a local Virtual Machine. |
|VrtualMachine::Name |The name of the Virtual Machine to be used for the conversion environment. |

4
windows/client-management/mandatory-user-profile.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.date: 10/16/2017
ms.date: 08/28/2018
---
# Create mandatory user profiles
@ -39,7 +39,7 @@ The name of the folder in which you store the mandatory profile must use the cor
| Windows 8 | Windows Server 2012 | v3 |
| Windows 8.1 | Windows Server 2012 R2 | v4 |
| Windows 10, versions 1507 and 1511 | N/A | v5 |
| Windows 10, version 1607 (Anniversary Update) and version 1703 (Creators Update) | Windows Server 2016 | v6 |
| Windows 10, versions 1607, 1703, 1709, and 1803 | Windows Server 2016 | v6 |
For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).

2
windows/client-management/mdm/bitlocker-csp.md
View File

@ -14,7 +14,7 @@ ms.date: 07/16/2018
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703.
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, next major version, it is also supported in Windows 10 Pro.
> [!Note]
> Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes.

4
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 08/17/2018
ms.date: 08/27/2018
---
# Configuration service provider reference
@ -276,7 +276,7 @@ Footnotes:
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>

18
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 08/17/2018
ms.date: 08/24/2018
---
# Policy CSP
@ -3114,6 +3114,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-allowbuildpreview" id="system-allowbuildpreview">System/AllowBuildPreview</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowdevicenameindiagnosticdata" id="system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowembeddedmode" id="system-allowembeddedmode">System/AllowEmbeddedMode</a>
</dd>
@ -3138,12 +3141,21 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-configuremicrosoft365uploadendpoint" id="system-configuremicrosoft365uploadendpoint">System/ConfigureMicrosoft365UploadEndpoint</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-configuretelemetryoptinchangenotification" id="system-configuretelemetryoptinchangenotification">System/ConfigureTelemetryOptInChangeNotification</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-configuretelemetryoptinsettingsux" id="system-configuretelemetryoptinsettingsux">System/ConfigureTelemetryOptInSettingsUx</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disabledevicedelete" id="system-disabledevicedelete">System/DisableDeviceDelete</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disablediagnosticdataviewer" id="system-disablediagnosticdataviewer">System/DisableDiagnosticDataViewer</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disableenterpriseauthproxy" id="system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
@ -4839,12 +4851,16 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
- [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
- [System/AllowDeviceNameInDiagnosticData](./policy-csp-system.md#system-allowdevicenameindiagnosticdata)
- [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
- [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
- [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/ConfigureMicrosoft365UploadEndpoint](./policy-csp-system.md#system-configuremicrosoft365uploadendpoint)
- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
- [System/DisableDeviceDelete](./policy-csp-system.md#system-disabledevicedelete)
- [System/DisableDiagnosticDataViewer](./policy-csp-system.md#system-disablediagnosticdataviewer)
- [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
- [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)

10
windows/client-management/mdm/policy-csp-settings.md
View File

@ -793,7 +793,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons.
Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons.
The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
@ -807,17 +807,17 @@ The format of the PageVisibilityList value is as follows:
- There are two variants: one that shows only the given pages and one which hides the given pages.
- The first variant starts with the string "showonly:" and the second with the string "hide:".
- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:wi-fi" would be just "wi-fi".
- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
The default value for this setting is an empty string, which is interpreted as show everything.
Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:network-wifi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
showonly:wi-fi;bluetooth
showonly:network-wifi;bluetooth
Example 2, specifies that the wifi page should not be shown:
hide:wifi
hide:network-wifi
<!--/Description-->
<!--ADMXMapped-->

2641
windows/client-management/mdm/policy-csp-system.md
View File

File diff suppressed because it is too large Load Diff

55
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -12,6 +12,61 @@ ms.date: 03/12/2018
# Policy CSP - UserRights
<hr/>
User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. Here is a list for reference, [Well-Known SID Structures](https://msdn.microsoft.com/en-us/library/cc980032.aspx). Even though strings are supported for well-known accounts and groups, it is better to use SIDs because strings are localized for different languages. Some user rights allow things, like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
Here is an example syncml for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
```syntax
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories</LocURI>
</Target>
<Data>Authenticated Users&#xF000;Administrators</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
Here are examples of data fields. The encoded 0xF000 is the standard delimiter/separator
- Grant an user right to Administrators group via SID:
```
<Data>*S-1-5-32-544</Data>
```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
```
<Data>*S-1-5-32-544&#xF000;*S-1-5-11</Data>
```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
```
<Data>*S-1-5-32-544&#xF000;Authenticated Users</Data>
```
- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
```
<Data>Authenticated Users&#xF000;Administrators</Data>
```
- Empty input indicates that there are no users configured to have that user right
```
<Data></Data>
```
<hr/>
<!--Policies-->

2
windows/configuration/TOC.md
View File

@ -28,7 +28,7 @@
## [Configure cellular settings for tablets and PCs](provisioning-apn.md)
## [Configure Start, taskbar, and lock screen](start-taskbar-lockscreen.md)
### [Configure Windows Spotlight on the lock screen](windows-spotlight.md)
### [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](manage-tips-and-suggestions.md)
### [Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions](manage-tips-and-suggestions.md)
### [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
#### [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
#### [Customize and export Start layout](customize-and-export-start-layout.md)

2
windows/configuration/guidelines-for-assigned-access-app.md
View File

@ -75,7 +75,7 @@ Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh stat
>
> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
>2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
>3. Insert the null character string in between each URL (e.g www.bing.com&#xF000;www.contoso.com).
>3. Insert the null character string in between each URL (e.g www.bing.com`&#xF000;`www.contoso.com).
>4. Save the XML file.
>5. Open the project again in Windows Configuration Designer.
>6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.

10
windows/configuration/manage-tips-and-suggestions.md
View File

@ -1,5 +1,5 @@
---
title: Manage Windows 10 and Microsoft Store tips, tricks, and suggestions (Windows 10)
title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10)
description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
keywords: ["device management"]
ms.prod: w10
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 09/20/2017
---
# Manage Windows 10 and Microsoft Store tips, tricks, and suggestions
# Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
**Applies to**
@ -21,7 +21,7 @@ ms.date: 09/20/2017
- Windows 10
Since its inception, Windows 10 has included a number of user experience features that provide useful tips, tricks, and suggestions as you use Windows, as well as app suggestions from the Microsoft Store. These features are designed to help people get the most out of their Windows 10 experience by, for example, sharing new features, providing more details on the features they use, or sharing content available in the Microsoft Store. Examples of such user experiences include:
Since its inception, Windows 10 has included a number of user experience features that provide useful tips, "fun facts", and suggestions as you use Windows, as well as app suggestions from the Microsoft Store. These features are designed to help people get the most out of their Windows 10 experience by, for example, sharing new features, providing more details on the features they use, or sharing content available in the Microsoft Store. Examples of such user experiences include:
* **Windows Spotlight on the lock screen**. Daily updated images on the lock screen that can include additional facts and tips in “hotspots” that are revealed on hover.
@ -34,11 +34,11 @@ Since its inception, Windows 10 has included a number of user experience feature
* **Microsoft account notifications**. For users who have a connected Microsoft account, toast notifications about their account like parental control notifications or subscription expiration.
>[!TIP]
> On all Windows desktop editions, users can directly enable and disable Windows 10 tips, tricks, and suggestions and Microsoft Store suggestions. For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, tricks, or suggestions as they use Windows.
> On all Windows desktop editions, users can directly enable and disable Windows 10 tips, "fun facts", and suggestions and Microsoft Store suggestions. For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, "fun facts", or suggestions as they use Windows.
Windows 10, version 1607 (also known as the Anniversary Update), provides organizations the ability to centrally manage the type of content provided by these features through Group Policy or mobile device management (MDM). The following table describes how administrators can manage suggestions and tips in Windows 10 commercial and education editions.
## Options available to manage Windows 10 tips and tricks and Microsoft Store suggestions
## Options available to manage Windows 10 tips and "fun facts" and Microsoft Store suggestions
| Windows 10 edition | Disable |Show Microsoft apps only | Show Microsoft and popular third-party apps |
| --- | --- | --- | --- |

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -108,7 +108,7 @@ $sharedPC.KioskModeAUMID = ""
$sharedPC.KioskModeUserTileDisplayText = ""
$sharedPC.InactiveThreshold = 0
Set-CimInstance -CimInstance $sharedPC
Get-CimInstance -Namespace $namespaceName -ClassName $MDM_SharedPCClass
Get-CimInstance -Namespace $namespaceName -ClassName MDM_SharedPC
```
### Create a provisioning package for shared use

1
windows/deployment/TOC.md
View File

@ -238,6 +238,7 @@
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
## [Windows Analytics](update/windows-analytics-overview.md)
### [Windows Analytics in the Azure Portal](update/windows-analytics-azure-portal.md)
### [Windows Analytics and privacy](update/windows-analytics-privacy.md)
### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)

4
windows/deployment/planning/act-technical-reference.md
View File

@ -39,7 +39,7 @@ Use Upgrade Analytics to get:
The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. For more information about Upgrade Analytics, see [Manage Windows upgrades with Upgrade Analytics](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics)
At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatiblility Administrator, which helps you to resolve potential compatibility issues.
At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatibility Administrator, which helps you to resolve potential compatibility issues.
## In this section
@ -47,4 +47,4 @@ At the same time, we've kept the Standard User Analyzer tool, which helps you te
|------|------------|
|[Standard User Analyzer (SUA) User's Guide](sua-users-guide.md) |The Standard User Analyzer (SUA) helps you test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. |
|[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) |The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. |
|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. |
|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. |

5
windows/deployment/update/device-health-get-started.md
View File

@ -5,7 +5,7 @@ keywords: Device Health, oms, operations management suite, prerequisites, requir
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.date: 06/12/2018
ms.date: 08/21/2018
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
@ -14,6 +14,9 @@ ms.localizationpriority: medium
# Get started with Device Health
>[!IMPORTANT]
>**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
This topic explains the steps necessary to configure your environment for Windows Analytics: Device Health.
Steps are provided in sections that follow the recommended setup process:

BIN
windows/deployment/update/images/azure-portal-LA-wkspcsumm.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

BIN
windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 103 KiB

BIN
windows/deployment/update/images/azure-portal-LAfav.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
windows/deployment/update/images/azure-portal-LAfav1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/update/images/azure-portal-LAmain-sterile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
windows/deployment/update/images/azure-portal-LAmain-wkspc-subname-sterile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
windows/deployment/update/images/azure-portal-LAmain.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
windows/deployment/update/images/azure-portal-LAsearch.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
windows/deployment/update/images/azure-portal-UR-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
windows/deployment/update/images/azure-portal-create-resource-boxes.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/deployment/update/images/azure-portal-create-resource.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
windows/deployment/update/images/azure-portal1.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
windows/deployment/update/images/azure-portal1_allserv.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
windows/deployment/update/images/temp-azure-portal-soltn-setting.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 101 KiB

5
windows/deployment/update/update-compliance-get-started.md
View File

@ -8,12 +8,15 @@ ms.sitesec: library
ms.pagetype: deploy
author: Jaimeo
ms.author: jaimeo
ms.date: 03/15/2018
ms.date: 08/21/2018
ms.localizationpriority: medium
---
# Get started with Update Compliance
>[!IMPORTANT]
>**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance.
Steps are provided in sections that follow the recommended setup process:

5
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -8,12 +8,15 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 07/20/2018
ms.date: 08/21/2018
ms.localizationpriority: medium
---
# Frequently asked questions and troubleshooting Windows Analytics
>[!IMPORTANT]
>**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This FAQ, along with the [Windows Analytics Technical Community](https://techcommunity.microsoft.com/t5/Windows-Analytics/ct-p/WindowsAnalytics), are recommended resources to consult before contacting Microsoft support.
## Troubleshooting common problems

63
windows/deployment/update/windows-analytics-azure-portal.md Normal file
View File

@ -0,0 +1,63 @@
---
title: Windows Analytics in the Azure Portal
description: Use the Azure Portal to add and configure Windows Analytics solutions
keywords: Device Health, oms, Azure, portal, operations management suite, add, manage, configure, Upgrade Readiness, Update Compliance
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.date: 08/21/2018
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.localizationpriority: medium
---
# Windows Analytics in the Azure portal
Windows Analytics uses Azure Log Analytics (formerly known as Operations Management Suite or OMS), a collection of cloud-based servicing for monitoring and automating your on-premises and cloud environments.
**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences, which this topic will explain. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
## Navigation and permissions in the Azure portal
Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics*. Once it appears, you can select the star to add it to your favorites for easy access in the future.
[![Azure portal all services page with Log Analytics found and selected as favorite](images/azure-portal-LAfav1.png)](images/azure-portal-LAfav1.png)
### Permissions
>[!IMPORTANT]
>Unlike the OMS portal, the Azure portal requires access to both an Azure Log Analytics subscription and a linked Azure subscription.
To check the Log Analytics workspaces you can access, select **Log Analytics**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to:
[![Log Analytics workspace page showing accessible workspaces and linked Azure subscriptions](images/azure-portal-LAmain-wkspc-subname-sterile.png)](images/azure-portal-LAmain-wkspc-subname-sterile.png)
If you do not see your workspace in this view, you do not have access to the underlying Azure subscription. To view and assign permissions for a workspace, select its name and then, in the flyout that opens, select **Access control (IAM)**. You can view and assign permissions for a subscription similarly by selecting the subscription name and selecting **Access control (IAM)**.
Both the workspace and Azure subscription require at least "read" permissions. To make changes (for example, to set app importantance in Upgrade Readiness), both the subscription and workspace require "contributor" permissions. You can view your current role and make changes in other roles by using the **Access control (IAM)** tab in Azure.
When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page.
[![Log Analytics workspace page showing workspace summary](images/azure-portal-LA-wkspcsumm_sterile.png)](images/azure-portal-LA-wkspcsumm_sterile.png)
## Adding Windows Analytics solutions
In the Azure portal, the simplest way to add Windows Analytics solutions (Upgrade Readiness, Update Compliance, and Device Health) is to select **+ Create a resource** and then type the solution name in the search box. In this example, the search is for "Device Health":
[![Add WA solutions with "create a resource"](images/azure-portal-create-resource-boxes.png)](images/azure-portal-create-resource-boxes.png)
Select the solution from the list that is returned by the search, and then select **Create** to add the solution.
## Navigating to Windows Analytics solutions settings
To adjust settings for a Windows Analytics solution, first navigate to the **Solutions** tab for your workspace, and then select the solution to configure. In this example, Upgrade Readiness is being adjusted by selecting **CompatibilityAssessment**:
[![Select WA solution to adjust settings](images/temp-azure-portal-soltn-setting.png)](images/temp-azure-portal-soltn-setting.png)
From there, select the settings page to adjust specific settings:
[![Settings page for Upgrade Readiness in Azure portsl](images/azure-portal-UR-settings.png)](images/azure-portal-UR-settings.png)
>[!NOTE]
>To adjust these settings, both the subscription and workspace require "contributor" permissions. You can view your current role and make changes in other roles by using the **Access control (IAM)** tab in Azure.

5
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -8,12 +8,15 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 06/12/2018
ms.date: 08/21/2018
ms.localizationpriority: medium
---
# Get started with Upgrade Readiness
>[!IMPORTANT]
>**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](../update/windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
This topic explains how to obtain and configure Upgrade Readiness for your organization.
You can use Upgrade Readiness to plan and manage your upgrade project end-to-end. Upgrade Readiness works by establishing communications between computers in your organization and Microsoft. Upgrade Readiness collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.

2
windows/security/information-protection/tpm/trusted-platform-module-overview.md
View File

@ -70,7 +70,7 @@ Some things that you can check on the device are:
> [!NOTE]
> Windows 10 and Windows Server 2016 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1).
## Supported versions
## Supported versions for device health attestation
| TPM version | Windows 10 | Windows Server 2016 |
|-------------|-------------|---------------------|

8
windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
View File

@ -1,15 +1,15 @@
---
title: Windows Defender Application Control Configurable Code Integrity and Virtualization-based security (Windows 10)
description: Microsoft Windows 10 has a feature set that consists of both hardware and software system integrity hardening capabilites that revolutionize the Windows operating systems security.
title: Device Guard is the combination of Windows Defender Application Control and Virtualization-based security (Windows 10)
description: Device Guard consists of both hardware and software system integrity hardening capabilites that can be deployed separately or in combination.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
author: mdsakibMSFT
ms.date: 04/19/2018
ms.date: 08/23/2018
---
# Windows Defender Application Control Configurable Code Integrity and Virtualization-based security (aka Windows Defender Device Guard)
# Device Guard: Windows Defender Application Control Configurable Code Integrity and Virtualization-based security
**Applies to**
- Windows 10

2
windows/security/threat-protection/intelligence/TOC.md
View File

@ -34,7 +34,7 @@
## [Safety Scanner download](safety-scanner-download.md)
## [Industry antivirus tests](transparency-report.md)
## [Industry antivirus tests](top-scoring-industry-antivirus-tests.md)
## [Industry collaboration programs](cybersecurity-industry-partners.md)

54
windows/security/threat-protection/intelligence/transparency-report.md → windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
View File

@ -1,7 +1,7 @@
---
title: Industry antivirus tests
title: Top scoring in industry antivirus tests
description: Industry antivirus tests landing page
keywords: security, malware
keywords: security, malware, av-comparatives, av-test, av, antivirus
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
@ -13,59 +13,55 @@ ms.date: 08/17/2018
# Top scoring in industry antivirus tests
[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-blog-mmpc) **consistently achieves high scores** from independent tests, displaying how it is a top choice in the antivirus market.
[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-docs-avreports) **consistently achieves high scores** from independent tests, displaying how it is a top choice in the antivirus market.
We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections.
In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/). In many cases, customers might not even know they were protected. That's because Windows Defender ATP's [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering/), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/), behavioral analysis, and other advanced technologies.
In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). In many cases, customers might not even know they were protected. That's because Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies.
> [!TIP]
> Learn why [most enterprises use Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
> Learn why [Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise?ocid=cx-docs-avreports).
<br></br><br></br>
![Logo](./images/av-test-logo.png)
![AV-TEST logo](./images/av-test-logo.png)
## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test
**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)**
**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports)**
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the protection category which has two scores: real world testing and the AV-TEST reference set (known as "prevalent malware").
**Real-World testing** as defined by AV-TEST refers to protection against zero-day malware attacks, inclusive of web and email threats.
**Real-World testing** as defined by AV-TEST attempts to test protection against zero-day malware attacks, inclusive of web and email threats.
**Prevalent malware** as defined by AV-TEST refers to detection of widespread and prevalent malware discovered in the last four weeks.
Note: Microsoft sees a wider and broader set of threats beyond just whats tested in the AV-TEST evaluation.
**Prevalent malware** as defined by AV-TEST attempts to test detection of widespread and prevalent malware discovered in the last four weeks.
The below scores are the results of AV-TEST's evaluations on **Windows Defender Antivirus**.
|Month (2018)|Real-World test score| Prevalent malware test score | AV-TEST report| Microsoft analysis|
|---|---|---|---|---|
|January| 100.00%| 99.92%| [Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-blog-mmpc)|
|February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-blog-mmpc)|
March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)|
April|100.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)|
May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) <sup>**Latest**</sup>|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)|
June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) <sup>**Latest**</sup>|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)|
|January| 100.00%| 99.92%| [Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)|
|February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)|
March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)|
April|100.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)|
May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) |[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) <sup>**Latest**</sup>|
June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) <sup>**Latest**</sup>|
|||
|---|---|
|![Graph describing Real-World detection rate](./images/RealWorld-67-percent.png)|![Prevalent Malware](./images/PrevalentMalware-67-percent.png)|
|![Graph describing Real-World detection rate](./images/RealWorld-67-percent.png)|![Graph describing Prevalent Malware](./images/PrevalentMalware-67-percent.png)|
<br></br>
![Logo](./images/av-comparatives-logo-3.png)
![AV-Comparatives Logo](./images/av-comparatives-logo-3.png)
## AV-Comparatives: Perfect protection rating of 100% in the latest test
AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions.
The **Real-World Protection Test (Enterprise)** as defined by AV-Comparatives evaluates the “real-world” protection capabilities with default settings. The goal is to find out whether the security software protects the computer by either hindering the malware from changing any systems or remediating all changes if any were made.
The **Real-World Protection Test (Enterprise)** as defined by AV-Comparatives attempts to evaluate the “real-world” protection capabilities with default settings. The goal is to find out whether the security software protects the computer by either hindering the malware from changing any systems or remediating all changes if any were made.
The **Malware Protection Test Enterprise** as defined by AV-Comparatives assesses a security programs ability to protect a system against infection by malicious files before, during or after execution. It is only tested every *six months*.
The **Malware Protection Test Enterprise** as defined by AV-Comparatives attempts to assesses a security programs ability to protect a system against infection by malicious files before, during or after execution. It is only tested every six months.
Note: Microsoft sees a wider and broader set of threats beyond just whats tested in the AV-Comparatives evaluation.
The below scores are the results of AV-Comparatives tests on **Windows Defender Antivirus**. The scores are specifically for the ability to block malware.
The below scores are the results of AV-Comparatives tests on **Windows Defender Antivirus**. The scores represent the percentage of blocked malware.
|Month (2018)| Real-World test score| Malware test score (every 6 months)|
|---|---|---|
@ -76,18 +72,18 @@ The below scores are the results of AV-Comparatives tests on **Windows Defender
|June| 99.50%| N/A|
|July| 100.00%| N/A|
* [Real-World Protection Test (Enterprise) July 2018](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/)
* [Real-World Protection Test (Enterprise) February - June 2018](https://www.av-comparatives.org/tests/real-world-protection-test-february-june-2018/)
* [Malware Protection Test Enterprise March 2018](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/)
* [Real-World Protection Test (Enterprise) July 2018](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/) <sup>**Latest**</sup>
## To what extent are tests representative of protection in the real world?
It is important to remember that the capabilities within [Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-blog-mmpc) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/) that are not factored into AV tests. Using these tests, customer can view one aspect of their security suite but can't assess the complete protection of all the security features.
It is important to remember that Microsoft sees a wider and broader set of threats beyond just whats tested in the AV evaluations highlighted above. The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into AV tests. Using these tests, customer can view one aspect of their security suite but can't assess the complete protection of all the security features.
There are other technologies in nearly every endpoint security suite that address some of the latest and most sophisticated threats, but are not represented in AV tests. For example, the capabilities such as attack surface reduction and endpoint detection & response help prevent malware from getting onto devices in the first place.
There are other technologies in nearly every endpoint security suite not represented in AV tests that address some of the latest and most sophisticated threats. For example, the capabilities such as attack surface reduction and endpoint detection & response help prevent malware from getting onto devices in the first place.
Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection).
Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports).
![ATP](./images/wdatp-pillars2.png)

2
windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
View File

@ -108,7 +108,7 @@ Wecutil ss “testSubscription” /cf:Events
### How frequently are WEF events delivered?
Event delivery options are part of the WEF subscription configuration parameters There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Ciewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector.
Event delivery options are part of the WEF subscription configuration parameters There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Viewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector.
This table outlines the built-in delivery options:

4
windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
View File

@ -29,6 +29,7 @@ ms.date: 04/30/2018
- System Center Configuration Manager
- PowerShell cmdlets
- Windows Management Instruction (WMI)
- Mobile Device Management (MDM)
<a id="protection-updates"></a>
<!-- this has been used as anchor in VDI content -->
@ -147,6 +148,9 @@ SignatureDefinitionUpdateFileSharesSouce
See the following for more information:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
**Use Mobile Device Management (MDM) to manage the update location:**
See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-signatureupdatefallbackorder) for details on configuring MDM.

7
windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
View File

@ -6,8 +6,9 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
ms.date: 09/21/2017
author: andreabichsel
msauthor: v-anbic
ms.date: 08/27/2018
---
# Working with AppLocker rules
@ -60,6 +61,8 @@ The AppLocker console is organized into rule collections, which are executable f
When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used.
The DLL rule collection is not enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections).
EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it is a valid PE file.
 
## Rule conditions