@ -31,7 +31,7 @@ Because of the schema changes, you can't combine the old version (v.1) with the
- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema.
You can continue to use the v.1 version of the schema on Windows10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, if you save the v.1 version of the schema in the new Enterprise Mode Site List Manager for Windows10, it will automatically update the file to use the v.2 version of the schema.
You can continue to use the v.1 version of the schema on Windows10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema.
### Enterprise Mode v.2 schema example
The following is an example of the v.2 version of the Enterprise Mode schema.
@ -28,10 +28,10 @@ You can use IE11 and the Enterprise Mode Site List Manager to add individual web
## Enterprise Mode Site List Manager versions
There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
|Operating system |Schema version |Enterprise Site List Manager version |
|Schema version |Operating system |Enterprise Site List Manager version |
|Windows10 |Enterprise Mode schema, version 2 (v.2)<p>-OR-<p>Enterprise Mode schema, version 1 (v.1) |Windows10 supports both versions of the enterprise mode schema. However, the Enterprise Mode Site List Manager (schema v.2) only supports the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), it will save the XML into the v.2 version of the schema.<p>For more info about the different schema versions, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)|
|Windows7<p>-OR-<p>Windows8.1 |Enterprise Mode schema v.1 |Uses the Enterprise Mode Site List Manager (schema v.1).<p>For more info about the different schema versions, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
|Enterprise Mode schema, version 2 (v.2) |Windows 10<br>-OR-<br>Windows 8.1<br>-OR-<br>Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), the XML is saved into the v.2 version of the schema.<br><br>For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).|
|Enterprise Mode schema, version 1 (v.1) |Windows 10<br>-OR-<br>Windows 8.1<br>-OR-<br>Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema. <br><br> For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
## Using the Enterprise Mode Site List Manager
The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager.
@ -37,7 +37,7 @@ Based on the size of your legacy web app dependency, determined by the data coll
For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
## What is Enterprise Mode?
Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
@ -163,4 +163,4 @@ Because the tool is open-source, the source code is readily available for examin
@ -104,7 +104,7 @@ There are many deployment options from which to choose. Some of those options re
Windows Hello for Business is two-factor authentication based the observed authentication factors of: something you have, something you know, and something part of you. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
### Can I use PIN and biometrics to unlock my device?
No. Windows Hello for Business provides two-factor authentication. However, we are investigating the ability to unlock the desktop with additional factors.
Starting in Windows 10, version 1709, you can use multifactor unlock to require the user to provide an additional factor to unlock the device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. Read more about [multifactor unlock](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-features#multifactor-unlock) in [Windows Hello for Business Features](#hello-features.md)
### What is the difference between Windows Hello and Windows Hello for Business
Windows Hello represents the biometric framework provided in Windows 10. Windows Hello enables users to use biometrics to sign into their devices by securely storing their username and password and releasing it for authentication when the user successfully identifies themselves using biometrics. Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate.
@ -45,7 +45,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can:
- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services like [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune).
- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot] (https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune).
- Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages).
The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. The Basic level also helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
@ -26,7 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
>[!Note]
>Updated July 2017 to document new and modified events. We’ve added new fields to several Appraiser events to prepare for upgrades to the next release of Windows and we’ve added a brand-new event, Census.Speech, to collect basic details about speech settings and configuration.
>Updated November 2017 to document new and modified events. We’ve added some new events and also added new fields to existing events to prepare for upgrades to the next release of Windows.
## Common data extensions
@ -592,6 +593,7 @@ The following fields are available:
- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
- **SdbDriverBlockOverridden** Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate?
@ -1475,6 +1477,7 @@ The following fields are available:
- **IsDERequirementMet** Represents if the device can do device encryption.
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **ContainerType** The type of container, such as process or virtual machine hosted.
- **EnrollmentType** Represents the type of enrollment, such as MDM or Intune, for a particular device.
### Census.Firmware
@ -1538,7 +1541,11 @@ The following fields are available:
- **OEMModelBaseBoardVersion** Differentiates between developer and retail devices.
- **ActiveMicCount** The number of active microphones attached to the device.
- **OEMModelSystemVersion** The system model version set on the device by the OEM.
- **D3DMaxFeatureLevel** The supported Direct3D version.
- **Gyroscope** Indicates whether the device has a gyroscope.
- **Magnetometer** Indicates whether the device has a magnetometer.
- **NFCProximity** Indicates whether the device supports NFC.
- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
### Census.Memory
@ -1611,7 +1618,8 @@ The following fields are available:
- **OSSubscriptionStatus** Represents the existing status for enterprise subscription feature for PRO machines.
- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
- **DeviceTimeZone** The time zone that is set on the device. Example: Pacific Standard Time
- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy.
- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy.
- **AssignedAccessStatus** The kiosk configuration mode.
### Census.Processor
@ -1628,6 +1636,7 @@ The following fields are available:
- **ProcessorModel** Retrieves the name of the processor model.
- **SocketCount** Number of physical CPU sockets of the machine.
- **ProcessorIdentifier** The processor identifier of a manufacturer.
- **ProcessorUpdateRevision** The microcode version.
### Census.Speech
@ -1713,6 +1722,8 @@ The following fields are available:
- **IOMMUPresent** Represents if an input/output memory management unit (IOMMU) is present.
- **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
- **HyperVisor** Retrieves whether the current OS is running on top of a Hypervisor.
- **CloudService** Indicates which cloud service, if any, that this virtual machine is running within.
- **isVDI** Is the device using Virtual Desktop Infrastructure?
### Census.WU
@ -1738,6 +1749,12 @@ The following fields are available:
- **OSRollbackCount** The number of times feature updates have rolled back on the device.
- **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently.
- **AppraiserGatedStatus** Indicates whether a device has been gated for upgrading.
- **OSAssessmentFeatureOutOfDate** How many days has it been since a the last feature update was released but the device did not install it?
- **OSAssessmentForFeatureUpdate** Is the device is on the latest feature update?
- **OSAssessmentForQualityUpdate** Is the device on the latest quality update?
- **OSAssessmentForSecurityUpdate** Is the device on the latest security update?
- **OSAssessmentQualityOutOfDate** How many days has it been since a the last quality update was released but the device did not install it?
- **OSAssessmentReleaseInfoTime** The freshness of release information used to perform an assessment.
### Census.Xbox
@ -1751,6 +1768,17 @@ The following fields are available:
- **XboxLiveSandboxId** Retrieves the developer sandbox id if the device is internal to MS.
- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console.
### Census.Security
This event provides information on about security settings used to help keep Windows up-to-date and secure.
- **AvailableSecurityProperties** Enumerates and reports state on the relevant security properties for Device Guard.
- **CGRunning** Is Credential Guard running?
- **DGState** A summary of the Device Guard state.
- **HVCIRunning** Is HVCI running?
- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
- **SecureBootCapable** Is this device capable of running Secure Boot?
- **VBSState** Is virtualization-based security enabled, disabled, or running?
## Diagnostic data events
@ -2001,7 +2029,24 @@ The following fields are available:
- **aeinv** The version of the App inventory component.
- **devinv** The file version of the Device inventory component.
This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions
The following fields are available:
- **Design** Count of files with design issues found
- **Design_x64** Count of files with 64 bit design issues found
- **DuplicateVBA** Count of files with duplicate VBA code
- **HasVBA** Count of files with VBA code
- **Inaccessible** Count of files that were inaccessible for scanning
- **Issues** Count of files with issues detected
- **Issues_x64** Count of files with 64-bit issues detected
- **IssuesNone** Count of files with no issues detected
- **IssuesNone_x64** Count of files with no 64-bit issues detected
- **Locked** Count of files that were locked, preventing scanning
- **NoVBA** Count of files with no VBA inside
- **Protected** Count of files that were password protected, preventing scanning
- **RemLimited** Count of files that require limited remediation changes
- **RemLimited_x64** Count of files that require limited remediation changes for 64-bit issues
- **RemSignificant** Count of files that require significant remediation changes
- **RemSignificant_x64** Count of files that require significant remediation changes for 64-bit issues
- **Score** Overall compatibility score calculated for scanned content
- **Score_x64** Overall 64-bit compatibility score calculated for scanned content
- **Total** Total number of files scanned
- **Validation** Count of files that require additional manual validation
- **Validation_x64** Count of files that require additional manual validation for 64-bit issues
This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule
The following fields are available:
- **Count** Count of total Microsoft Office VBA rule violations
This event provides data on the installed Office-related Internet Explorer features.
- **OIeFeatureAddon** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeMachineLockdown** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeMimeHandling** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeMimeSniffing** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeNoAxInstall** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeNoDownload** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeObjectCaching** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIePasswordDisable** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeSafeBind** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeSecurityBand** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeUncSaveCheck** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeValidateUrl** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeWebOcPopup** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeWinRestrict** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
- **OIeZoneElevate** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
New or changed topic | Description
--- | ---
|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)| Added events that were added in November. |
[Create a provisioning package with multivariant settings](provisioning-packages/provisioning-multivariant.md) | Add support for desktop to [Conditions](provisioning-packages/provisioning-multivariant.md#conditions) table.
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Alma Jenks