From 1b220215d6dbf68e547f73519e4b0a7a4133f9cd Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Jul 2017 09:40:24 -0700 Subject: [PATCH 1/9] updated the next steps --- ...configure-microsoft-store-for-education.md | 7 +++++++ .../get-started/enable-microsoft-teams.md | 6 ++++++ .../set-up-windows-10-education-devices.md | 9 ++++++++- .../set-up-windows-education-devices.md | 4 +--- .../get-started/use-intune-for-education.md | 7 +++++++ education/get-started/use-school-data-sync.md | 5 +++++ .../windows/take-a-test-app-technical.md | 20 +++++++++++++++++++ 7 files changed, 54 insertions(+), 4 deletions(-) diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md index 0e275032a5..7e1dec3ff9 100644 --- a/education/get-started/configure-microsoft-store-for-education.md +++ b/education/get-started/configure-microsoft-store-for-education.md @@ -52,8 +52,15 @@ You can watch the descriptive audio version here: [Microsoft Education: Configur Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next. + + +> [!div class="step-by-step"] +[Enable Microsoft Teams for your school](enable-microsoft-teams.md) +[Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) + ## Related topic [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) \ No newline at end of file diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md index d3cbe08af6..39574448d6 100644 --- a/education/get-started/enable-microsoft-teams.md +++ b/education/get-started/enable-microsoft-teams.md @@ -46,8 +46,14 @@ To get started, IT administrators need to use the Office 365 Admin Center to ena You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the Meet Microsoft Teams page. + + +> [!div class="step-by-step"] +[<< Use School Data Sync to import student data](use-school-data-sync.md) +[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md) ## Related topic diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md index 94a9f4422d..d3f2f989b5 100644 --- a/education/get-started/set-up-windows-10-education-devices.md +++ b/education/get-started/set-up-windows-10-education-devices.md @@ -21,9 +21,16 @@ To set up new Windows 10 devices and enroll them to your education tenant, choos - **Option 1: [Use the Set up School PCs app](https://docs.microsoft.com/en-us/education/windows/use-set-up-school-pcs-app)** - You can use the app to create a setup file that you can use to quickly set up one or more Windows 10 devices. - **Option 2: [Go through Windows OOBE and join the device to Azure AD](set-up-windows-education-devices.md)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device. - + + + +> [!div class="step-by-step"] +[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) +[Finish setup and other tasks >>](finish-setup-and-other-tasks.md) + ## Related topic diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md index d73bf433f8..ad79d03cb5 100644 --- a/education/get-started/set-up-windows-education-devices.md +++ b/education/get-started/set-up-windows-education-devices.md @@ -20,9 +20,7 @@ If you are setting up a Windows 10 device invidividually, and network bandwidth You can watch the video to see how this is done, or follow the step-by-step guide.
- + You can watch the descriptive audio version here: [Microsoft Education: Set up a new Windows 10 education devices using the Windows setup experience (DA)](https://www.youtube.com/watch?v=_UtS1Cz2Pno) ## To set up Windows 10 devices using OOBE diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md index cf61b2a622..b2a9e67e9d 100644 --- a/education/get-started/use-intune-for-education.md +++ b/education/get-started/use-intune-for-education.md @@ -206,8 +206,15 @@ Now that you've bought the apps, use Intune for Education to specify the group t You're now done assigning apps to all users in your tenant. It's time to set up your Windows 10 device(s) and check that your cloud infrastructure is correctly set up and your apps are being pushed to your devices from the cloud. + + +> [!div class="step-by-step"] +[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) +[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md) + ## Related topic diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md index 8d0bd5724a..6c9b89cb9d 100644 --- a/education/get-started/use-school-data-sync.md +++ b/education/get-started/use-school-data-sync.md @@ -170,9 +170,14 @@ To learn more about the CSV files that are required and the info you need to inc That's it for importing sample school data using SDS. + +> [!div class="step-by-step"] +[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md) +[Enable Microsoft Teams for your school >>](enable-microsoft-teams.md) ## Related topic [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) \ No newline at end of file diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md index b7bb11b7ff..803ad7376f 100644 --- a/education/windows/take-a-test-app-technical.md +++ b/education/windows/take-a-test-app-technical.md @@ -74,6 +74,26 @@ When Take a Test is running, the following functionality is available to student - Ctrl+Alt+Del - Alt+F4 (Take a Test will restart if the student is using a dedicated test account) +## Policies + +If the lock screen is disabled, Take aTest will not launch above lock. Be aware that if you set the following Group Policy, this breaks activation of Take a Test above lock. + +**Group Policy path:** Computer Configuration\Administrative Templates\Control Panel\Personalization\ +**Group Policy name:** Do not display the lock screen +**ADML:** %SDXROOT%\shell\policies\ControlPanelDisplay.adml +**ADMX:** %SDXROOT%\shell\policies\ControlPanelDisplay.admx +  +``` + + +``` + ## Learn more From ea1da5e0de798ad61f44681f457b02624d991ce6 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Jul 2017 09:51:41 -0700 Subject: [PATCH 2/9] updated --- education/get-started/set-up-office365-edu-tenant.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md index 838886bd29..57a0a0a4ff 100644 --- a/education/get-started/set-up-office365-edu-tenant.md +++ b/education/get-started/set-up-office365-edu-tenant.md @@ -45,8 +45,9 @@ You can watch the descriptive audio version here: [Microsoft Education: Set up a As part of setting up a basic cloud infrastructure, you don't need to complete the rest of the Office 365 for Education setup so we will skip the rest of setup for now and start importing school data. You can pick up where you left off with Office 365 for Education setup once you've completed the rest of the steps in the walkthrough. See *Complete Office 365 for Education setup* in [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) for info. -> [!div class="nextstepaction"] -> [Use School Data Sync to import student data](use-school-data-sync.md) +> [!div class="step-by-step"] +[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) +[Use School Data Sync to import student data >>](use-school-data-sync.md) ## Related topic From 3c04391b0c157196320c9b0b351c32de7d8519b2 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Jul 2017 09:53:46 -0700 Subject: [PATCH 3/9] added arrows left and right --- .../get-started/configure-microsoft-store-for-education.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md index 7e1dec3ff9..8b6ac1363e 100644 --- a/education/get-started/configure-microsoft-store-for-education.md +++ b/education/get-started/configure-microsoft-store-for-education.md @@ -58,8 +58,8 @@ Your Microsoft Store for Education account is now linked to Intune for Education --> > [!div class="step-by-step"] -[Enable Microsoft Teams for your school](enable-microsoft-teams.md) -[Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) +[<< Enable Microsoft Teams for your school](enable-microsoft-teams.md) +[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md) ## Related topic From 03df3b8895de99d8a204cc818b8d37c7c716f8fd Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Jul 2017 10:01:09 -0700 Subject: [PATCH 4/9] fixed links --- education/get-started/finish-setup-and-other-tasks.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md index 600648724a..0a9d251ccc 100644 --- a/education/get-started/finish-setup-and-other-tasks.md +++ b/education/get-started/finish-setup-and-other-tasks.md @@ -142,7 +142,7 @@ After your cloud infrastructure is set up and you have a device management strat See Add users to Office 365 to learn more. Once you're done adding new users, go to the Intune for Education console and verify that the same users were added to the Intune for Education groups as well. ## Connect other devices to your cloud infrastructure -Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [6. Set up Windows 10 devices](#6-set-up-windows-10-devices). For other devices, such as those personally-owned by teachers who need to connect to the school network to access work or school resources (BYOD), you can follow the steps in this section to get these devices connected. +Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [Set up Windows 10 education devices](set-up-windows-10-education-devices.md). For other devices, such as those personally-owned by teachers who need to connect to the school network to access work or school resources (BYOD), you can follow the steps in this section to get these devices connected. > [!NOTE] > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device. @@ -169,7 +169,7 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png) -6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [6.3 Verify the device is Azure AD joined](#63-verify-the-device-is-azure-ad-joined). +6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [6.3 Verify the device is Azure AD joined](#verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. From e096771300fc14e6df2a4b12561ae05bc6f581c8 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Jul 2017 10:18:20 -0700 Subject: [PATCH 5/9] added page breaks --- education/windows/take-a-test-app-technical.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md index 803ad7376f..2880b6a735 100644 --- a/education/windows/take-a-test-app-technical.md +++ b/education/windows/take-a-test-app-technical.md @@ -78,10 +78,10 @@ When Take a Test is running, the following functionality is available to student If the lock screen is disabled, Take aTest will not launch above lock. Be aware that if you set the following Group Policy, this breaks activation of Take a Test above lock. -**Group Policy path:** Computer Configuration\Administrative Templates\Control Panel\Personalization\ -**Group Policy name:** Do not display the lock screen -**ADML:** %SDXROOT%\shell\policies\ControlPanelDisplay.adml -**ADMX:** %SDXROOT%\shell\policies\ControlPanelDisplay.admx +**Group Policy path:** Computer Configuration\Administrative Templates\Control Panel\Personalization\
+**Group Policy name:** Do not display the lock screen
+**ADML:** %SDXROOT%\shell\policies\ControlPanelDisplay.adml
+**ADMX:** %SDXROOT%\shell\policies\ControlPanelDisplay.admx
  ``` Date: Fri, 28 Jul 2017 10:20:09 -0700 Subject: [PATCH 6/9] added date for take a test topic --- education/windows/take-a-test-app-technical.md | 1 + 1 file changed, 1 insertion(+) diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md index 2880b6a735..d776148fc5 100644 --- a/education/windows/take-a-test-app-technical.md +++ b/education/windows/take-a-test-app-technical.md @@ -9,6 +9,7 @@ ms.pagetype: edu ms.localizationpriority: high author: CelesteDG ms.author: celested +ms.date: 07/28/2017 --- # Take a Test app technical reference From 5b0233847d52addc2f9e6f6c7cf04371e2100b19 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Jul 2017 10:24:12 -0700 Subject: [PATCH 7/9] updated --- education/get-started/finish-setup-and-other-tasks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md index 0a9d251ccc..df2fc44837 100644 --- a/education/get-started/finish-setup-and-other-tasks.md +++ b/education/get-started/finish-setup-and-other-tasks.md @@ -169,7 +169,7 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can ![Device is connected to organization's MDM](images/win10_connectedtoorgmdm.png) -6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [6.3 Verify the device is Azure AD joined](#verify-the-device-is-azure-ad-joined). +6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [Verify the device is Azure AD joined](#verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. From 05c908643d0c47f9d4c067b0c6a8cb780f7f576d Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Fri, 28 Jul 2017 21:10:12 +0000 Subject: [PATCH 8/9] Merged PR 2431: Adding new Education/Printer policies. --- windows/client-management/mdm/TOC.md | 1 + ...ew-in-windows-mdm-enrollment-management.md | 8 +- .../policy-configuration-service-provider.md | 16 ++- .../mdm/policy-csp-education.md | 133 ++++++++++++++++++ 4 files changed, 156 insertions(+), 2 deletions(-) create mode 100644 windows/client-management/mdm/policy-csp-education.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index f623ae9b78..4dbf9db55b 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -194,6 +194,7 @@ #### [DeviceInstallation](policy-csp-deviceinstallation.md) #### [DeviceLock](policy-csp-devicelock.md) #### [Display](policy-csp-display.md) +#### [Education](policy-csp-education.md) #### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md) #### [ErrorReporting](policy-csp-errorreporting.md) #### [EventLogService](policy-csp-eventlogservice.md) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 80e2da378b..e4c58a2d65 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -10,7 +10,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/26/2017 +ms.date: 07/27/2017 --- # What's new in MDM enrollment and management @@ -979,6 +979,9 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • Defender/EnableNetworkProtection
  • Defender/GuardedFoldersAllowedApplications
  • Defender/GuardedFoldersList
    • +
  • Education/DefaultPrinterName
    • +
  • Education/PreventAddingNewPrinters
    • +
  • Education/PrinterNames
  • Security/ClearTPMIfNotReady
  • Update/ScheduledInstallEveryWeek
  • Update/ScheduledInstallFirstWeek
    • @@ -1300,6 +1303,9 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

    Added the following new policies for Windows 10, version 1709:

      +
    • Education/DefaultPrinterName
      • +
    • Education/PreventAddingNewPrinters
      • +
    • Education/PrinterNames
    • Security/ClearTPMIfNotReady
    • WindowsDefenderSecurityCenter/CompanyName
    • WindowsDefenderSecurityCenter/DisableAppBrowserUI
      • diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a6d634b097..7659b059e9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/26/2017 +ms.date: 07/27/2017 --- # Policy CSP @@ -842,6 +842,20 @@ The following diagram shows the Policy configuration service provider in tree fo +### Education policies + +
      +
      + Education/DefaultPrinterName +
      +
      + Education/PreventAddingNewPrinters +
      +
      + Education/PrinterNames +
      +
      + ### EnterpriseCloudPrint policies
      diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md new file mode 100644 index 0000000000..a1912d6edc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-education.md @@ -0,0 +1,133 @@ +--- +title: Policy CSP - Education +description: Policy CSP - Education +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 07/27/2017 +--- + +# Policy CSP - Education + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + +
      + +## Education policies + + +**Education/DefaultPrinterName** + + + + + + + + + + + + + + + + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
      cross markcheck mark3check mark3check mark3check mark3cross markcross mark
      + + + +Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. + +The policy value is expected to be the name (network host name) of an installed printer. + + + + +**Education/PreventAddingNewPrinters** + + + + + + + + + + + + + + + + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
      cross markcheck mark3check mark3check mark3check mark3cross markcross mark
      + + + +Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings. + +The following list shows the supported values: + +- 0 (default) – Allow user installation. +- 1 – Prevent user installation. + + + + +**Education/PrinterNames** + + + + + + + + + + + + + + + + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
      cross markcheck mark3check mark3check mark3check mark3cross markcross mark
      + + + +Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names). + +The policy value is expected to be a `````` seperated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer. + + + +
      + +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. + + + From ade24520e6b3e434b1165a12549b3ceb243518d3 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Fri, 28 Jul 2017 22:04:37 +0000 Subject: [PATCH 9/9] Merged PR 2458: updating note for clarity server response does not support Chunked Transfer-Encoding --- .../mdm/federated-authentication-device-enrollment.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index a1520e20ad..ea69e071b5 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -129,7 +129,7 @@ The discovery response is in the XML format and includes the following fields: - Authentication policy (AuthPolicy) – Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory. - In Windows, Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance. -> **Note**  The HTTP server response must not be chunked; it must be sent as one message. +> **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.   @@ -297,7 +297,7 @@ After the user is authenticated, the web service retrieves the certificate templ MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. For Windows device, we will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms. -> **Note**  The HTTP server response must not be chunked; it must be sent as one message. +> **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.   @@ -482,7 +482,7 @@ The following example shows the enrollment web service request for federated aut After validating the request, the web service looks up the assigned certificate template for the client, update it if needed, sends the PKCS\#10 requests to the CA, processes the response from the CA, constructs an OMA Client Provisioning XML format, and returns it in the RequestSecurityTokenResponse (RSTR). -> **Note**  The HTTP server response must not be chunked; it must be sent as one message. +> **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.