From 75809ac5aab94a007e9185a63db2601cfecbc7de Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Feb 2021 17:57:04 +0530 Subject: [PATCH 01/18] typo correction : make to manufacturer as per user report #9103 , so i changed **Make** to **Manufacturer** --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 5c8972471b..17c923be2d 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -339,7 +339,7 @@ On **MDT01**: 1. Preinstall: After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings: 1. Name: Set DriverGroup001 2. Task Sequence Variable: DriverGroup001 - 3. Value: Windows 10 x64\\%Make%\\%Model% + 3. Value: Windows 10 x64\\%Manufacturer%\\%Model% 2. Configure the **Inject Drivers** action with the following settings: 1. Choose a selection profile: Nothing 2. Install all drivers from the selection profile From e7fce2daf65480282bb7adea84fb892ccb35093b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 9 Mar 2021 23:43:16 +0530 Subject: [PATCH 02/18] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 901e211995..aec9e43f39 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -372,7 +372,6 @@ On **MDT01**: 1. Name: Set DriverGroup001 2. Task Sequence Variable: DriverGroup001 3. Value: Windows 10 x64\\%Manufacturer%\\%Model% - 2. Configure the **Inject Drivers** action with the following settings: - Choose a selection profile: Nothing - Install all drivers from the selection profile From 14a27c2044882159fd35327751247ac9c156330c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 9 Mar 2021 23:55:11 +0530 Subject: [PATCH 03/18] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index aec9e43f39..05f4eb980c 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -372,6 +372,7 @@ On **MDT01**: 1. Name: Set DriverGroup001 2. Task Sequence Variable: DriverGroup001 3. Value: Windows 10 x64\\%Manufacturer%\\%Model% + 2. Configure the **Inject Drivers** action with the following settings: - Choose a selection profile: Nothing - Install all drivers from the selection profile From c3662db20df84dde7f7b89434c6161c10d7d1378 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Apr 2021 22:01:26 +0500 Subject: [PATCH 04/18] Update deploy-a-windows-10-image-using-mdt.md --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index ebe98a9061..02c7c46f5e 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -50,7 +50,7 @@ On **DC01**: 2. Create the **MDT_JD** service account by running the following command from an elevated **Windows PowerShell prompt**: ```powershell - New-ADUser -Name MDT_JD -UserPrincipalName MDT_JD -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT join domain account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true + New-ADUser -Name MDT_JD -UserPrincipalName MDT_JD@contoso.com -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT join domain account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true ``` 3. Next, run the Set-OuPermissions script to apply permissions to the **MDT\_JD** service account, enabling it to manage computer accounts in the Contoso / Computers OU. Run the following commands from an elevated Windows PowerShell prompt: @@ -842,4 +842,4 @@ The partitions when deploying an UEFI-based machine. [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-[Configure MDT settings](configure-mdt-settings.md)
\ No newline at end of file +[Configure MDT settings](configure-mdt-settings.md)
From b5117aba312c9bedb7d7ea142f6d6abd6cb252d4 Mon Sep 17 00:00:00 2001 From: Denis Gundarev Date: Thu, 13 May 2021 15:22:03 -0700 Subject: [PATCH 05/18] updated reference to IDD documentation --- windows/deployment/planning/windows-10-deprecated-features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 9bb45ca3af..d3cf97f165 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -33,7 +33,7 @@ The features described below are no longer being actively developed, and might b | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | | Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
 
The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 | -| XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information about implementing a remote indirect display driver, ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | 1903 | +| XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 | | Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 | | Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 | | Windows To Go | Windows To Go is no longer being developed.

The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| 1903 | @@ -67,4 +67,4 @@ The features described below are no longer being actively developed, and might b |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 | |TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 | |IPsec Task Offload| [IPsec Task Offload](/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 | -|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507
Applies to Windows Server 2016 and Windows Server 2019 as well.| \ No newline at end of file +|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507
Applies to Windows Server 2016 and Windows Server 2019 as well.| From 344f5bb97ccd5ddc8e2c13fab30d4bacf8e7a2d2 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 17 May 2021 10:00:09 -0700 Subject: [PATCH 06/18] Update windows/deployment/planning/windows-10-deprecated-features.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/planning/windows-10-deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index d3cf97f165..492f0d70e7 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -33,7 +33,7 @@ The features described below are no longer being actively developed, and might b | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | | Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
 
The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 | -| XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 | +| XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver, check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 | | Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 | | Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 | | Windows To Go | Windows To Go is no longer being developed.

The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| 1903 | From 315eb8726f7b7a8d5348921730f7f0d1f7dc6ac2 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 19 May 2021 16:33:06 +0500 Subject: [PATCH 07/18] Addition of note As this tool PCPTool is a visual studio solution so users need to build it before running the tool. Updated this informaiton. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9425 --- .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index 6424a91e8b..fc64b1cfee 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -94,6 +94,9 @@ To find the PCR information, go to the end of the file. ## Use PCPTool to decode Measured Boot logs +> [!NOTE] +> PCPTool is a visual studio solution and need to build the executeable before using this tool. + PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file. To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions. @@ -111,4 +114,4 @@ where the variables represent the following values: The content of the XML file resembles the following. -![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg) \ No newline at end of file +![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg) From 4d86080190cda85fa0532af5f4eb69e95ad2c561 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 19 May 2021 21:47:56 +0500 Subject: [PATCH 08/18] Update windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../bitlocker/ts-bitlocker-decode-measured-boot-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md index fc64b1cfee..bab9c21e3e 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md @@ -95,7 +95,7 @@ To find the PCR information, go to the end of the file. ## Use PCPTool to decode Measured Boot logs > [!NOTE] -> PCPTool is a visual studio solution and need to build the executeable before using this tool. +> PCPTool is a Visual Studio solution, but you need to build the executable before you can start using this tool. PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file. From 73521cb17a1c634ad23402cca663010cd41d0464 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Thu, 20 May 2021 12:27:42 -0600 Subject: [PATCH 09/18] Fixed formatting --- .../mdm/diagnosticlog-csp.md | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index ef43f3c484..b9bc259616 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -136,45 +136,45 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`. - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter. - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: - - %windir%\\system32\\certutil.exe - - %windir%\\system32\\dxdiag.exe - - %windir%\\system32\\gpresult.exe - - %windir%\\system32\\msinfo32.exe - - %windir%\\system32\\netsh.exe - - %windir%\\system32\\nltest.exe - - %windir%\\system32\\ping.exe - - %windir%\\system32\\powercfg.exe - - %windir%\\system32\\w32tm.exe - - %windir%\\system32\\wpr.exe - - %windir%\\system32\\dsregcmd.exe - - %windir%\\system32\\dispdiag.exe - - %windir%\\system32\\ipconfig.exe - - %windir%\\system32\\logman.exe - - %windir%\\system32\\tracelog.exe - - %programfiles%\\windows defender\\mpcmdrun.exe - - %windir%\\system32\\MdmDiagnosticsTool.exe - - %windir%\\system32\\pnputil.exe + - %windir%\\system32\\certutil.exe + - %windir%\\system32\\dxdiag.exe + - %windir%\\system32\\gpresult.exe + - %windir%\\system32\\msinfo32.exe + - %windir%\\system32\\netsh.exe + - %windir%\\system32\\nltest.exe + - %windir%\\system32\\ping.exe + - %windir%\\system32\\powercfg.exe + - %windir%\\system32\\w32tm.exe + - %windir%\\system32\\wpr.exe + - %windir%\\system32\\dsregcmd.exe + - %windir%\\system32\\dispdiag.exe + - %windir%\\system32\\ipconfig.exe + - %windir%\\system32\\logman.exe + - %windir%\\system32\\tracelog.exe + - %programfiles%\\windows defender\\mpcmdrun.exe + - %windir%\\system32\\MdmDiagnosticsTool.exe + - %windir%\\system32\\pnputil.exe - **FoldersFiles** - Captures log files from a given path (without recursion). - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log". - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed: - - %PROGRAMFILES% - - %PROGRAMDATA% - - %PUBLIC% - - %WINDIR% - - %TEMP% - - %TMP% + - %PROGRAMFILES% + - %PROGRAMDATA% + - %PUBLIC% + - %WINDIR% + - %TEMP% + - %TMP% - Additionally, only files with the following extensions are captured: - - .log - - .txt - - .dmp - - .cab - - .zip - - .xml - - .html - - .evtx - - .etl + - .log + - .txt + - .dmp + - .cab + - .zip + - .xml + - .html + - .evtx + - .etl **DiagnosticArchive/ArchiveResults** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. From 1fa08ae6d3d4de95aaa8cd168659243b7e1284b2 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Thu, 20 May 2021 12:41:17 -0600 Subject: [PATCH 10/18] fix formatting --- windows/client-management/mdm/diagnosticlog-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index b9bc259616..b8ffe15b74 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -136,8 +136,8 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`. - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter. - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: - - %windir%\\system32\\certutil.exe - - %windir%\\system32\\dxdiag.exe + - %windir%\\system32\\certutil.exe + - %windir%\\system32\\dxdiag.exe - %windir%\\system32\\gpresult.exe - %windir%\\system32\\msinfo32.exe - %windir%\\system32\\netsh.exe From 9fe1e0eed3b40647b9e5fa3f9bb68222a000ff51 Mon Sep 17 00:00:00 2001 From: Tom Layson <83308464+TomLayson@users.noreply.github.com> Date: Fri, 21 May 2021 09:26:50 -0700 Subject: [PATCH 11/18] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md Minor text change --- ...perating-system-components-to-microsoft-services.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 148b234b8b..66dc780bf0 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -9,12 +9,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high audience: ITPro -author: linque1 -ms.author: robsize -manager: robsize +author: tomlayson +ms.author: tomlayson +manager: riche ms.collection: M365-security-compliance ms.topic: article -ms.date: 12/1/2020 +ms.date: 5/21/2021 --- # Manage connections from Windows 10 operating system components to Microsoft services @@ -1266,7 +1266,7 @@ In the **Feedback & Diagnostics** area, you can choose how often you're asked fo To change how frequently **Windows should ask for my feedback**: > [!NOTE] -> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device. +> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device. - To change from **Automatically (Recommended)**, use the drop-down list in the UI. From a24427dceb743c8aa44a012e4aaf522d8d2f4049 Mon Sep 17 00:00:00 2001 From: Tom Layson <83308464+TomLayson@users.noreply.github.com> Date: Fri, 21 May 2021 11:03:49 -0700 Subject: [PATCH 12/18] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 66dc780bf0..f1696b311c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1266,7 +1266,7 @@ In the **Feedback & Diagnostics** area, you can choose how often you're asked fo To change how frequently **Windows should ask for my feedback**: > [!NOTE] -> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device. +> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device. - To change from **Automatically (Recommended)**, use the drop-down list in the UI. From 96c2855d515c8ed90c706eea8cc752d08156188f Mon Sep 17 00:00:00 2001 From: Tom Layson <83308464+TomLayson@users.noreply.github.com> Date: Fri, 21 May 2021 11:06:10 -0700 Subject: [PATCH 13/18] Added new Edge policy section --- ...system-components-to-microsoft-services.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 66dc780bf0..e0efa7ef4e 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -592,6 +592,48 @@ Alternatively, you can configure the following Registry keys as described: For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](/microsoft-edge/deploy/available-policies). +### 13.2 Microsoft Edge Enterprise + +For a complete list of the Microsoft Edge policies, see [Microsoft Edge and privacy: FAQ](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies). + +> [!Important] +> - The following settings are applicable to Microsoft Edge version 77 or later. +> - For details on supported Operating Systems see Microsoft Edge supported Operating Systems +> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge see Configure Microsoft Edge policy settings on Windows +> - Devices must be domain joined for some of the policies to take effect. + +| Policy | Group Policy Path | Registry Path | +|----------------------------------|--------------------|---------------------------------------------| +| **SearchSuggestEnabled** | Computer Configuration/Administrative Templates/Windows Component/Microsoft Edge - Enable search suggestions | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: SearchSuggestEnabled Set to 0** | +| **AutofillAddressEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for addresses | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: AutofillAddressEnabled Set to 0** | +| **AutofillCreditCardEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for credit cards | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: AutofillCreditCardEnabled Set to 0** | +| **ConfigureDoNotTrack** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Configure Do Not Track | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Enabled**| **REG_DWORD name: ConfigureDoNotTrack Set to 1** | +| **PasswordManagerEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Password manager and protection-Enable saving passwords to the password manager | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: PasswordManagerEnabled Set to 0** | +| **DefaultSearchProviderEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Default search provider-Enable the default search provider | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: DefaultSearchProviderEnabled Set to 0** | +| **HideFirstRunExperience** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Hide the First-run experience and splash screen | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Enabled**| **REG_DWORD name: HideFirstRunExperience Set to 1** | +| **SmartScreenEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/SmartScreen settings-Configure Microsoft Defender SmartScreen | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: SmartScreenEnabled Set to 0** | +| **NewTabPageLocation** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Configure the new tab page URL | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Enabled-Value “about:blank”**| **REG_SZ name: NewTabPageLocation Set to about:blank** | +| **RestoreOnStartup** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Action to take on startup | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge | +| | **Set to Disabled**| **REG_DWORD name: RestoreOnStartup Set to 5** | +| **RestoreOnStartupURLs** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Sites to open when the browser starts | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs | +| | **Set to Disabled**| **REG_SZ name: 1 Set to about:blank** | +| **UpdateDefault** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Applications-Update policy override default | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate | +| | **Set to Enabled - 'Updates disabled'**| **REG_DWORD name: UpdateDefault Set to 0** | +| **AutoUpdateCheckPeriodMinutes** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate | +| | **Set to Enabled - Set Value for Minutes between update checks to 0**| **REG_DWORD name: AutoUpdateCheckPeriodMinutes Set to 0** | +| **Experimentation and Configuration Service** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate | +| | **Set to RestrictedMode**| **REG_DWORD name: ExperimentationAndConfigurationServiceControl Set to 0** | +||| + ### 14. Network Connection Status Indicator Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more. From 3b5c9c54df8fa260903c6f57f52ef3381316ea7c Mon Sep 17 00:00:00 2001 From: Sinead O'Sullivan Date: Tue, 25 May 2021 10:14:14 +0100 Subject: [PATCH 14/18] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 822869ba60..530d46fc7b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -594,7 +594,7 @@ For a complete list of the Microsoft Edge policies, see [Available policies for ### 13.2 Microsoft Edge Enterprise -For a complete list of the Microsoft Edge policies, see [Microsoft Edge and privacy: FAQ](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies). +For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). > [!Important] > - The following settings are applicable to Microsoft Edge version 77 or later. From dc5cfe6608337b409aa0175f461ab0db15e4e01d Mon Sep 17 00:00:00 2001 From: Sinead O'Sullivan Date: Tue, 25 May 2021 10:14:34 +0100 Subject: [PATCH 15/18] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 530d46fc7b..76ca00f7c5 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -597,7 +597,7 @@ For a complete list of the Microsoft Edge policies, see [Available policies for For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies). > [!Important] -> - The following settings are applicable to Microsoft Edge version 77 or later. +> - The following settings are applicable to Microsoft Edge version 77 or later. > - For details on supported Operating Systems see Microsoft Edge supported Operating Systems > - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge see Configure Microsoft Edge policy settings on Windows > - Devices must be domain joined for some of the policies to take effect. From 1c85fc9836474ee1e41fc3c244f24ccaa306cd39 Mon Sep 17 00:00:00 2001 From: Sinead O'Sullivan Date: Tue, 25 May 2021 10:14:55 +0100 Subject: [PATCH 16/18] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 76ca00f7c5..686300049e 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -599,7 +599,7 @@ For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile > [!Important] > - The following settings are applicable to Microsoft Edge version 77 or later. > - For details on supported Operating Systems see Microsoft Edge supported Operating Systems -> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge see Configure Microsoft Edge policy settings on Windows +> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge). > - Devices must be domain joined for some of the policies to take effect. | Policy | Group Policy Path | Registry Path | From f1ffa4ff38e3c6c7eed16d700e53b7d2b7e60e53 Mon Sep 17 00:00:00 2001 From: Sinead O'Sullivan Date: Tue, 25 May 2021 10:15:07 +0100 Subject: [PATCH 17/18] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 686300049e..c546a733d7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -600,7 +600,7 @@ For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile > - The following settings are applicable to Microsoft Edge version 77 or later. > - For details on supported Operating Systems see Microsoft Edge supported Operating Systems > - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge). -> - Devices must be domain joined for some of the policies to take effect. +> - Devices must be domain joined for some of the policies to take effect. | Policy | Group Policy Path | Registry Path | |----------------------------------|--------------------|---------------------------------------------| From da8cc9c6504f7fcb51844b98a6cbb05ed5bca1fc Mon Sep 17 00:00:00 2001 From: Sinead O'Sullivan Date: Tue, 25 May 2021 10:15:18 +0100 Subject: [PATCH 18/18] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index c546a733d7..434a191b14 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -598,7 +598,7 @@ For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile > [!Important] > - The following settings are applicable to Microsoft Edge version 77 or later. -> - For details on supported Operating Systems see Microsoft Edge supported Operating Systems +> - For details on supported Operating Systems, see [Microsoft Edge supported Operating Systems](/deployedge/microsoft-edge-supported-operating-systems). > - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge). > - Devices must be domain joined for some of the policies to take effect.