deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-23 02:37:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into tvm-exceptions-for-rbac

Browse Source
This commit is contained in:
Beth Levin 2020-08-10 12:03:47 -07:00
commit 8c5da0531e
97 changed files with 822 additions and 5930 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
.openpublishing.redirection.json
View File

@ -15698,7 +15698,7 @@
{
"source_path": "windows/release-information/resolved-issues-windows-10-1703.yml",
"redirect_url": "https://docs.microsoft.com/windows/release-information/windows-message-center",
"redirect_document_id": true
"redirect_document_id": false
},
{
"source_path": "windows/deployment/planning/windows-10-1703-removed-features.md",
@ -16294,6 +16294,126 @@
"source_path": "windows/privacy/windows-personal-data-services-configuration.md",
"redirect_url": "https://docs.microsoft.com/windows/privacy/windows-10-and-privacy-compliance",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/add-devices.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/add-devices",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/autopilot-device-guidelines.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/autopilot-device-guidelines",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/autopilot-faq.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/autopilot-faq",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/autopilot-mbr.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/autopilot-mbr",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/autopilot-support.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/autopilot-support",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/autopilot-update.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/autopilot-update",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/bitlocker.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/bitlocker",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/deployment-process.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/deployment-process",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/dfci-management.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/dfci-management",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/enrollment-status.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/enrollment-status",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/existing-devices.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/existing-devices",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/known-issues.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/known-issues",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/policy-conflicts.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/policy-conflicts",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/profiles.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/profiles",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/registration-auth.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/registration-auth",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/self-deploying.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/self-deploying",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/troubleshooting.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/troubleshooting",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/user-driven.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/user-driven",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/white-glove.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/white-glove",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot-requirements",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot-reset",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-scenarios.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot-scenarios",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-whats-new.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot-whats-new",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot.md",
"redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot",
"redirect_document_id": true
}
]
}

2
browsers/edge/group-policies/index.yml
View File

@ -6,8 +6,6 @@ title: Microsoft Edge Legacy group policies
metadata:
document_id:
title: Microsoft Edge Legacy group policies
description: Learn how to configure group policies in Microsoft Edge Legacy on Windows 10.

2
browsers/edge/index.yml
View File

@ -6,8 +6,6 @@ title: Microsoft Edge Legacy Group Policy configuration options
metadata:
document_id:
title: Microsoft Edge Group Legacy Policy configuration options
description:

1
browsers/edge/microsoft-edge.yml
View File

@ -3,7 +3,6 @@
documentType: LandingData
title: Microsoft Edge
metadata:
document_id:
title: Microsoft Edge
description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization.
keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories

231
browsers/internet-explorer/internet-explorer.yml
View File

@ -1,69 +1,174 @@
### YamlMime:YamlDocument
### YamlMime:Landing
documentType: LandingData
title: Internet Explorer 11
title: Internet Explorer 11 documentation
summary: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
metadata:
document_id:
title: Internet Explorer 11
title: Internet Explorer 11 documentation
description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
keywords: Internet Explorer 11. IE11
ms.localizationpriority: medium
ms.topic: landing-page
author: lizap
ms.author: elizapo
manager: dougkim
ms.topic: article
ms.devlang: na
ms.date: 07/06/2020
sections:
- items:
- type: markdown
text: "
Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need.
"
- title: Explore
- items:
- type: markdown
text: "
Find tools, step-by-step guides, updates, and other resources to help you get started. <br>
<table><tr><td><img src='images/explore1.png' width='192' height='192'><br>**Get started**<br>Get information om tools, frequently asked questions, requirements, and guidelines.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11'>IE11 features and tools</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11'>System requirements and language support</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-faq/faq-for-it-pros-ie11'>Frequently asked questions</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/index'>Internet Explorer 11 deployment guide</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility'>Use Enterprise Mode to improve compatibility</a><br><a href='https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer'>Lifecycle FAQ - Internet Explorer</a></td><td><img src='images/explore2.png' width='192' height='192'><br>**Downloads and tools**<br>Find tools and resources to help you address compatibility and get up to date.<br><a href='https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise'>Download IE11 with Windows 10</a><br><a href='https://www.microsoft.com/download/details.aspx?id=49974'>Enterprise Mode Site List Manager (schema, v.2)</a><br><a href='web-app-compat-lab-kit'>Web Application Compatibility Lab Kit</a><br><a href='http://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011'>Cumulative security updates for Internet Explorer 11</a></td><td><img src='images/explore3.png' width='192' height='192'><br>**Find training**<br>Find online training and hands-on labs for common configuration and management tasks.<br><a href='https://mva.microsoft.com/en-US/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681'>Getting started with Windows 10 for IT professionals</a><br><a href='https://mva.microsoft.com/en-US/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965'>Windows 10: Top Features for IT Pros</a><br><a href='http://channel9.msdn.com/events/teched/newzealand/2014/pcit307'>Manage and modernize Internet Explorer with Enterprise Mode</a><br><a href='https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02'>Virtual Lab: Enterprise Mode</a></td></tr>
</table>
"
- title: Plan
- items:
- type: markdown
text: "
Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.<br>
<table><tr><td><img src='images/plan1.png' width='192' height='192'><br>**Get started with compatibility**<br>Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode'>What is Enterprise Mode?</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility'>Tips and tricks to manage Internet Explorer compatibility</a><br><a href='https://www.microsoft.com/download/details.aspx?id=44570'>Download the Enterprise Site Discovery Toolkit</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery'>Collect data using Enterprise Site Discovery</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness'>Manage Windows upgrades with Upgrade Readiness</a><br><a href='https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639'>Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness</a></td><td><img src='images/plan2.png' width='192' height='192'><br>**Using Enterprise Mode**<br>Learn how to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool'>Add sites to the Enterprise Mode site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager'>Edit the Enterprise Mode site list</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode'>Turn on local control and logging for Enterprise Mode</a></td></tr>
</table>
"
- title: Deploy
- items:
- type: markdown
text: "
Find the resources you need to successfully deploy Internet Explorer 11 in your organization. <br>
<table><tr><td><img src='images/deploy1.png' width='192' height='192'><br>**Customize Internet Explorer 11**<br>The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after deployment.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-ieak/ieak-information-and-downloads'>Download IEAK 11</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-ieak/index'>IEAK 11 user's guide<a/><br><a href='https://docs.microsoft.com/internet-explorer/ie11-faq/faq-ieak11'>Frequently asked questions about IEAK 11<a/><br><a href='https://docs.microsoft.com/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11#customization-guidelines'>Customization and distribution guidelines</a></td><td><img src='images/deploy2.png' width='192' height='192'><br>**Install Internet Explorer 11**<br>Explore the different options for installation.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates'>Through Automatic Updates (recommended)</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems'>As part of an operating system deployment</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network'>Over the network</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager'>With System Center 2012 R2 Configuration Manager</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus'>With Windows Server Update Services (WSUS)</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune'>With Microsoft Intune</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools'>With third-party tools</a></td></tr>
</table>
"
- title: Manage
- items:
- type: markdown
text: "
Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more. <br>
<table><tr><td><img src='images/manage1.png' width='192' height='192'><br>**Enforce settings with Group Policy**<br>Learn how to use Group Policy to enforce settings on the computers in your organization.<br><a href='https://docs.microsoft.com/previous-versions/windows/it-pro/windows-7/hh147307(v=ws.10)'>Group Policy for beginners</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11'>New Group Policy settings for IE11</a><br><a href='https://www.microsoft.com/download/details.aspx?id=40905'>Administrative templates for IE11</a></td><td><img src='images/manage2.png' width='192' height='192'><br>**Standardize with Group Policy preferences**<br>Group Policy preferences simplify deployment and standardize configurations, but unlike Group Policy, they can later be changed by users.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11'>Group Policy preferences for IE11</a><br><a href='https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2'>Configure Group Policy preferences</a></td></tr><tr><td><img src='images/manage3.png' width='192' height='192'><br>**Blocked out-of-date ActiveX controls**<br>Find out more about the out-of-date ActiveX control blocking security feature available in Internet Explorer.<br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls'>Blocked out-of-date ActiveX controls</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking'>Out-of-date ActiveX control blocking</a><br><a href='https://support.microsoft.com/en-us/help/2991000/update-to-block-out-of-date-activex-controls-in-internet-explorer'>Update to block out-of-date ActiveX controls in Internet Explorer</a></td><td><img src='images/manage4.png' width='192' height='192'><br>**Scripts for IT professionals**<br>Find scripts to help you save time and automate common tasks.<br><a href='https://gallery.technet.microsoft.com/scriptcenter/batch-loop-check-is-a-61da82bb'>Batch loop: Check is a process running, if yes, wait in loop</a><br><a href='https://gallery.technet.microsoft.com/scriptcenter/script-to-join-active-7b16d9d3'>Script to join user to AD with automatic Local user Profile Migration</a><br><a href='https://gallery.technet.microsoft.com/scriptcenter/find-iecitrixreceiverversio-2d46e5bf'>Find-IE Citrix receiver Version</a><br><a href='https://gallery.technet.microsoft.com/scriptcenter/site/search?query=Microsoft%20Edge%20or%20Internet'>See all scripts</a></td></tr>
</table>
"
- title: Support
- items:
- type: markdown
text: "
Get help from product specialists and community experts, and find solutions to commonly encountered issues. <br>
<table><tr><td><img src='images/support1.png' width='192' height='192'><br>**Troubleshoot common issues**<br>Find solutions to common issues and get tips from Microsoft product teams and community experts.<br><a href='https://support.microsoft.com/en-us/help/17441/windows-internet-explorer-change-reset-settings'>Change or reset Internet Explorer settings</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11'>Troubleshoot custom package and IEAK 11 problems</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/troubleshoot-ie11'>Troubleshoot problems with setup, installation, auto configuration, and more</a><br><a href='https://support.microsoft.com/en-us/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet'>Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone</a></td><td><img src='images/support2.png' width='192' height='192'><br>**Find answers and community support**<br>Find FAQs or visit the forums to ask a question or find answers.<br><a href='https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer'>Lifecycle FAQ - Internet Explorer</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-faq/faq-ieak11'>Frequently asked questions about IEAK 11</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-faq'>Microsoft Edge FAQ</a><br><a href='https://social.technet.microsoft.com/forums/ie/en-us/home?forum=ieitprocurrentver'>Internet Explorer 8, 9, 10, 11 forum</a><br><a href='https://social.msdn.microsoft.com/forums/ie/en-us/home?category=iedevelopment'>Internet Explorer development forums</a><br><a href='https://social.technet.microsoft.com/forums/windows/en-us/home?category=w8itpro'>Windows 8.1 forums</a><br><a href='https://social.technet.microsoft.com/forums/en-us/home?forum=win10itprogeneral'>Windows 10: General (includes Microsoft Edge)</a></td><td><img src='images/support3.png' width='192' height='192'><br>**Contact Microsoft for additional help**<br>Explore the support options that are available from Microsoft.<br><a href='https://support.microsoft.com/contactus'>Contact a Microsoft support professional</a><br><a href='https://mspartner.microsoft.com/en/us/Pages/Support/get-support.aspx'>Support options for Microsoft Partners</a><br><a href='https://www.microsoft.com/en-us/microsoftservices/support.aspx'>Microsoft Services Premier Support</a><br><a href='http://smallbusiness.support.microsoft.com/en-us/product/internet-explorer'>Microsoft Small Business Support Center</a><br><a href='https://support.microsoft.com/products/internet-explorer'>General support</a></td></tr>
</table>
"
- title: Stay informed
- items:
- type: markdown
text: "
<table><tr><td><img src='images/informed1.png' width='192' height='192'><br>**Sign up for the Windows IT Pro Insider**<br>Get the latest tools, tips, and expert guidance on deployment, management, security, and more.<br><a href='https://aka.ms/windows-it-pro-insider'>Learn more</a></td><td><img src='images/informed2.png' width='192' height='192'><br>**Microsoft Edge Dev blog**<br>Keep up with the latest browser trends, security tips, and news for IT professionals.<br><a href='https://blogs.windows.com/msedgedev'>Read the blog</a></td><td><img src='images/twitter.png' width='192' height='192'><br>**Microsoft Edge Dev on Twitter**<br>Get the latest news and updates from the Microsoft Web Platform team.<br><a href='https://twitter.com/MSEdgeDev'>Visit Twitter</a></td></tr>
</table>
"
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card
- title: Explore
linkLists:
- linkListType: get-started
links:
- text: IE11 features and tools
url: /internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11
- text: System requirements and language support
url: /internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11
- text: Frequently asked questions
url: /internet-explorer/ie11-faq/faq-for-it-pros-ie11
- text: Internet Explorer 11 deployment guide
url: /internet-explorer/ie11-deploy-guide/
- text: Use Enterprise Mode to improve compatibility
url: /microsoft-edge/deploy/emie-to-improve-compatibility
- text: Lifecycle FAQ - Internet Explorer
url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
- linkListType: download
links:
- text: Download IE11 with Windows 10
url: https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise
- text: Enterprise Mode Site List Manager (schema, v.2)
url: https://www.microsoft.com/download/details.aspx?id=49974
- text: Cumulative security updates for Internet Explorer 11
url: https://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011
- linkListType: learn
links:
- text: Getting started with Windows 10 for IT professionals
url: https://mva.microsoft.com/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681
- text: 'Windows 10: Top Features for IT Pros'
url: https://mva.microsoft.com/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965
- text: Manage and modernize Internet Explorer with Enterprise Mode
url: https://channel9.msdn.com/events/teched/newzealand/2014/pcit307
- text: 'Virtual Lab: Enterprise Mode'
url: https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02
# Card
- title: Plan
linkLists:
- linkListType: get-started
links:
- text: What is Enterprise Mode?
url: /internet-explorer/ie11-deploy-guide/what-is-enterprise-mode
- text: Tips and tricks to manage Internet Explorer compatibility
url: /internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility
- text: Download the Enterprise Site Discovery Toolkit
url: https://www.microsoft.com/download/details.aspx?id=44570
- text: Collect data using Enterprise Site Discovery
url: /internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery
- text: Manage Windows upgrades with Upgrade Readiness
url: /windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness
- text: 'Demo: Plan and manage Windows 10 upgrades and feature updates with'
url: https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639
- linkListType: how-to-guide
links:
- text: Turn on Enterprise Mode and use a site list
url: /internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list
- text: Add sites to the Enterprise Mode site list
url: /internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool
- text: Edit the Enterprise Mode site list
url: /internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager
- text: Turn on local control and logging for Enterprise Mode
url: /internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode
# Card
- title: Deploy
linkLists:
- linkListType: get-started
links:
- text: IEAK 11 user's guide
url: /internet-explorer/ie11-ieak/
- text: Download IEAK 11
url: /internet-explorer/ie11-ieak/ieak-information-and-downloads
- text: Frequently asked questions about IEAK 11
url: /internet-explorer/ie11-faq/faq-ieak11
- text: Customization and distribution guidelines
url: /internet-explorer/ie11-ieak/licensing-version-and-features-ieak11#customization-guidelines
- linkListType: deploy
links:
- text: Install Internet Explorer 11 through automatic updates (recommended)
url: /internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates
- text: Install Internet Explorer 11 as part of an operating system deployment
url: /internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems
- text: Install Internet Explorer 11 over the network
url: /internet-explorer/ie11-deploy-guide/install-ie11-using-the-network
- text: Install Internet Explorer 11 with System Center 2012 R2 Configuration Manager
url: /internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager
- text: Install Internet Explorer 11 with Windows Server Update Services (WSUS)
url: /internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus
- text: Install Internet Explorer 11 with Microsoft Intune
url: /internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune
- text: Install Internet Explorer 11 with third-party tools
url: /internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools
# Card
- title: Manage
linkLists:
- linkListType: tutorial
links:
- text: Group Policy for beginners
url: /previous-versions/windows/it-pro/windows-7/hh147307(v=ws.10)
- text: New Group Policy settings for IE11
url: /internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11
- text: Administrative templates for IE11
url: https://www.microsoft.com/download/details.aspx?id=40905
- text: Group Policy preferences for IE11
url: /internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11
- text: Configure Group Policy preferences
url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
- text: Blocked out-of-date ActiveX controls
url: /internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls
- text: Out-of-date ActiveX control blocking
url: /internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking
- text: Update to block out-of-date ActiveX controls in Internet Explorer
url: https://support.microsoft.com/help/2991000/update-to-block-out-of-date-activex-controls-in-internet-explorer
- text: Script to join user to AD with automatic Local user Profile Migration
url: https://gallery.technet.microsoft.com/scriptcenter/script-to-join-active-7b16d9d3
- text: Scripts for IT professionals
url: https://gallery.technet.microsoft.com/scriptcenter/site/search?query=Microsoft%20Edge%20or%20Internet
# Card
- title: Support
linkLists:
- linkListType: get-started
links:
- text: Change or reset Internet Explorer settings
url: https://support.microsoft.com/help/17441/windows-internet-explorer-change-reset-settings
- text: Troubleshoot problems with setup, installation, auto configuration, and more
url: /internet-explorer/ie11-deploy-guide/troubleshoot-ie11
- text: Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
url: https://support.microsoft.com/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet
- text: Frequently asked questions about IEAK 11
url: /internet-explorer/ie11-faq/faq-ieak11
- text: Internet Explorer 8, 9, 10, 11 forum
url: https://social.technet.microsoft.com/forums/ie/home?forum=ieitprocurrentver
- text: Contact a Microsoft support professional
url: https://support.microsoft.com/contactus
- text: Support options for Microsoft Partners
url: https://mspartner.microsoft.com/Pages/Support/get-support.aspx
- text: Microsoft Services Premier Support
url: https://www.microsoft.com/en-us/microsoftservices/support.aspx
- text: Microsoft Small Business Support Center
url: https://smallbusiness.support.microsoft.com/product/internet-explorer
- text: General support
url: https://support.microsoft.com/products/internet-explorer
# Card
- title: Stay informed
linkLists:
- linkListType: get-started
links:
- text: Sign up for the Windows IT Pro Insider
url: https://aka.ms/windows-it-pro-insider
- text: Microsoft Edge Dev blog
url: https://blogs.windows.com/msedgedev
- text: Microsoft Edge Dev on Twitter
url: https://twitter.com/MSEdgeDev

4
devices/hololens/docfx.json
View File

@ -48,9 +48,7 @@
}
},
"fileMetadata": {},
"template": [
null
],
"template": [],
"dest": "devices/hololens",
"markdownEngineName": "markdig"
},

2
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -1108,7 +1108,7 @@ Additional lists:
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>

2
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
View File

@ -17,7 +17,7 @@ manager: dansimp
This is a step-by-step guide to configuring ADMX-backed policies in MDM.
Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX-backed policies)](https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
Summary of steps to enable a policy:
- Find the policy from the list ADMX-backed policies.

2
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 07/29/2019
ms.date:
ms.reviewer:
manager: dansimp
---

BIN
windows/client-management/mdm/images/autoenrollment-policy.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 147 KiB

After

Width:  |  Height:  |  Size: 220 KiB

5
windows/client-management/mdm/index.md
View File

@ -33,7 +33,7 @@ With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM secur
The MDM security baseline includes policies that cover the following areas:
- Microsoft inbox security technology (not deprecated) such as Bitlocker, Windows Defender Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
@ -42,12 +42,13 @@ The MDM security baseline includes policies that cover the following areas:
For more details about the MDM policies defined in the MDM security baseline and what Microsofts recommended baseline policy values are, see:
- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows).
<span id="mmat" />

4
windows/deployment/TOC.yml
View File

@ -74,8 +74,6 @@
href: update/waas-branchcache.md
- name: Prepare your deployment tools
items:
- name: Register devices for deployment with Windows Autopilot
href: windows-autopilot/add-devices.md
- name: Prepare for deployment with MDT
href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- name: Prepare for deployment with Configuration Manager
@ -94,7 +92,7 @@
- name: Deploy Windows 10
items:
- name: Deploy Windows 10 with Autopilot
href: windows-autopilot/windows-autopilot-scenarios.md
href: windows-autopilot/index.yml
- name: Deploy Windows 10 with Configuration Manager
items:
- name: Deploy to a new device

8
windows/deployment/index.yml
View File

@ -1,7 +1,7 @@
### YamlMime:Landing
title: Windows 10 deployment resources and documentation # < 60 chars
summary: Learn about deploying and and keeping Windows 10 up to date. # < 160 chars
summary: Learn about deploying and keeping Windows 10 up to date. # < 160 chars
metadata:
title: Windows 10 deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 06/09/2020 #Required; mm/dd/yyyy format.
ms.date: 08/05/2020 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@ -53,7 +53,7 @@ landingContent:
- linkListType: deploy
links:
- text: Deploy Windows 10 with Autopilot
url: windows-autopilot/windows-autopilot-scenarios.md
url: https://docs.microsoft.com/mem/autopilot
- text: Assign devices to servicing channels
url: update/waas-servicing-channels-windows-10-updates.md
- text: Deploy Windows updates with Configuration Manager
@ -71,7 +71,7 @@ landingContent:
- text: Basics of Windows updates, channels, and tools
url: update/get-started-updates-channels-tools.md
- text: Overview of Windows Autopilot
url: windows-autopilot/windows-autopilot.md
url: https://docs.microsoft.com/mem/autopilot/windows-autopilot
# Card
- title: Support remote work

2
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -118,6 +118,8 @@ Now all devices are paused from updating for 35 days. When the pause is removed,
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the **Select the target Feature Update version** setting instead of using the **Specify when Preview Builds and Feature Updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
When you set the target version policy, if you specify a feature update version that is older than your current version or set a value that isn't valid, the device will not receive any feature updates until the policy is updated. When you specify target version policy, feature update deferrals will not be in effect.
### Manage how users experience updates
#### I want to manage when devices download, install, and restart after updates

19
windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
View File

@ -10,7 +10,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.date: 10/16/2017
ms.topic: article
@ -46,12 +47,12 @@ To enable KMS functionality, a KMS key is installed on a KMS host; then, the hos
**Configure KMS in Windows 10**
1. Open an elevated command prompt.
2. Enter one of the following commands.
- To install a KMS key, type **slmgr.vbs /ipk &lt;KmsKey&gt;**.
- To activate online, type **slmgr.vbs /ato**.
- To activate by using the telephone, type **slui.exe 4**.
3. After activating the KMS key, restart the Software Protection Service.
To activate by using the telephone, use the slmgr.vbs script.
1. Run **slmgr.vbs /dti** and confirm the installation ID.
2. Call [Microsoft Licensing Activation Centers worldwide telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers) and follow the voice prompts to enter the installation ID that you obtained in step 1 on your telephone.
3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation.
4. Run **slmgr.vbs /atp \<confirmation ID\>**.
For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
@ -114,9 +115,9 @@ Now that the KMS host is configured, it will begin to listen for activation requ
## Verifying the configuration of Key Management Service
You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
**Note**  
If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
> [!NOTE]
> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
To verify that KMS volume activation works, complete the following steps:

33
windows/deployment/windows-autopilot/TOC.md
View File

@ -1,33 +1,2 @@
# [Windows Autopilot deployment](index.md)
# [What's new](windows-autopilot-whats-new.md)
# Understanding Windows Autopilot
## [Overview](windows-autopilot.md)
## [Requirements](windows-autopilot-requirements.md)
## [Scenarios and capabilities](windows-autopilot-scenarios.md)
# [Windows Autopilot deployment](index.yml)
## [Get started](demonstrate-deployment-on-vm.md)
# Deployment scenarios
## [Deployment processes](deployment-process.md)
## [User-driven mode](user-driven.md)
## [Self-deploying mode](self-deploying.md)
## [Windows Autopilot Reset](windows-autopilot-reset.md)
## [White glove](white-glove.md)
## [Support for existing devices](existing-devices.md)
# Administering Windows Autopilot
## [Registering devices](add-devices.md)
## [Configuring device profiles](profiles.md)
## [Enrollment Status Page](enrollment-status.md)
## [BitLocker encryption](bitlocker.md)
## [DFCI management](dfci-management.md)
## [Windows Autopilot update](autopilot-update.md)
## [Troubleshooting](troubleshooting.md)
## [Policy conflicts](policy-conflicts.md)
## [Known issues](known-issues.md)
# Support
## [FAQ](autopilot-faq.md)
## [Contacts](autopilot-support.md)
## [Registration authorization](registration-auth.md)
## [Device guidelines](autopilot-device-guidelines.md)
## [Motherboard replacement](autopilot-mbr.md)

184
windows/deployment/windows-autopilot/add-devices.md
View File

@ -1,184 +0,0 @@
---
title: Adding devices
ms.reviewer:
manager: laurawi
description: How to add devices to Windows Autopilot
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Adding devices to Windows Autopilot
**Applies to**
- Windows 10
Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
## OEM registration
When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers and resellers" section of the [Windows Autopilot information page](https://aka.ms/windowsautopilot).
Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization).
> [!Note]
> While the hardware hashes are generated as part of the OEM device manufacturing process, these should not be provided directly to customers or CSP partners. Instead, the OEM should register devices on the customer's behalf. In cases where devices are being registered by CSP partners, OEMs may provide PKID information to those partners to support the device registration process.
## Reseller, distributor, or partner registration
Customers may purchase devices from resellers, distributors, or other partners. As long as these resellers, distributors, and partners are part of the [Cloud Solution Partners (CSP) program](https://partner.microsoft.com/cloud-solution-provider), they too can register devices on behalf of the customer.
As with OEMs, CSP partners must be granted permission to register devices on behalf of an organization. This follows the process described on the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#csp-authorization). The CSP partner initiates a request to establish a relationship with the organization, with approval granted by a global administrator from the organization. Once approved, CSP partners add devices using [Partner Center](https://partner.microsoft.com/pcv/dashboard/overview), either directly through the web site or via available APIs that can automate the same tasks.
Windows Autopilot does not require delegated administrator permissions when establishing the relationship between the CSP partner and the organization. As part of the approval process performed by the global administrator, the global administrator can choose to uncheck the "Include delegated administration permissions" checkbox.
> [!Note]
> While resellers, distributors, or partners could boot each new Windows device to obtain the hardware hash (for purposes of providing them to customers or direct registration by the partner), this is not recommended. Instead, these partners should register devices using the PKID information obtained from the device packaging (barcode) or obtained electronically from the OEM or upstream partner (e.g. distributor).
## Automatic registration of existing devices
If an existing device is already running a supported version of Windows 10 semi-annual channel and enrolled in an MDM service such an Intune, that MDM service can ask the device for the hardware ID (also known as a hardware hash). Once it has that, it can automatically register the device with Windows Autopilot.
For instructions on how to do this with Microsoft Intune, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile) documentation describing the "Convert all targeted devices to Autopilot" setting.
Also note that when using the [Windows Autopilot for existing devices](https://docs.microsoft.com/windows/deployment/windows-autopilot/existing-devices) scenario, it is not necessary to pre-register the devices with Windows Autopilot. Instead, a configuration file (AutopilotConfigurationFile.json) containing all the Windows Autopilot profile settings is used; the device can be registered with Windows Autopilot after the fact using the same "Convert all targeted devices to Autopilot" setting.
## Manual registration
To perform manual registration of a device, you must first capture its hardware ID (also known as a hardware hash). Once this process has completed, the resulting hardware ID can be uploaded to the Windows Autopilot service. Because this process requires booting the device into Windows 10 in order to obtain the hardware ID, this is intended primarily for testing and evaluation scenarios.
> [!Note]
> Customers can only register devices with a hardware hash. Other methods (PKID, tuple) are available through OEMs or CSP partners as described in the previous sections.
## Device identification
To define a device to the Windows Autopilot deployment service, a unique hardware ID for the device needs to be captured and uploaded to the service. While this step is ideally done by the hardware vendor (OEM, reseller, or distributor), automatically associating the device with an organization, it is also possible to do this through a harvesting process that collects the device from within a running Windows 10 installation.
The hardware ID, also commonly referred to as a hardware hash, contains several details about the device, including its manufacturer, model, device serial number, hard drive serial number, and many other attributes that can be used to uniquely identify that device.
Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded.
### Collecting the hardware ID from existing devices using Microsoft Endpoint Configuration Manager
Microsoft Endpoint Configuration Manager automatically collects the hardware hashes for existing Windows 10 devices. For more information, see [Gather information from Configuration Manager for Windows Autopilot](https://docs.microsoft.com/configmgr/comanage/how-to-prepare-win10#windows-autopilot). You can extract the hash information from Configuration Manager into a CSV file.
> [!Note]
> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
### Collecting the hardware ID from existing devices using PowerShell
The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running a supported version of Windows 10 semi-annual channel. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo).
To use this script, you can download it from the PowerShell Gallery and run it on each computer, or you can install it directly from the PowerShell Gallery. To install it directly and capture the hardware hash from the local computer, use the following commands from an elevated Windows PowerShell prompt:
```powershell
md c:\\HWID
Set-Location c:\\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
```
The commands can also be run remotely, as long as WMI permissions are in place and WMI is accessible through the Windows Firewall on that remote computer. See the [Get-WindowsAutoPilotInfo](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) scripts help (using “Get-Help Get-WindowsAutoPilotInfo.ps1”) for more information about running the script.
>[!IMPORTANT]
>Do not connect devices to the Internet prior to capturing the hardware ID and creating an Autopilot device profile. This includes collecting the hardware ID, uploading the .CSV into MSfB or Intune, assigning the profile, and confirming the profile assignment. Connecting the device to the Internet before this process is complete will result in the device downloading a blank profile that is stored on the device until it is explicity removed. In Windows 10 version 1809, you can clear the cached profile by restarting OOBE. In previous versions, the only way to clear the stored profile is to re-install the OS, reimage the PC, or run **sysprep /generalize /oobe**. <br>
>After Intune reports the profile ready to go, only then should the device be connected to the Internet.
>[!NOTE]
>If OOBE is restarted too many times it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE displays each of these on a separate page. The following value key tracks the count of OOBE retries: <br>
>**HKCU\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UserOOBE** <br>
>To ensure OOBE has not been restarted too many times, you can change this value to 1.
## Registering devices
<img src="./images/image2.png" width="511" height="249" />
Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism.
- [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot). This is the preferred mechanism for all customers.
- [Partner Center](https://msdn.microsoft.com/partner-center/autopilot). This is used by CSP partners to register devices on behalf of customers.
- [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa). This is typically used by small and medium businesses (SMBs) who manage their devices using Microsoft 365 Business.
- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles). You might already be using MSfB to manage your apps and settings.
A summary of each platform's capabilities is provided below.<br>
<br>
<table>
<tr>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Platform/Portal</font></td>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Register devices?</font></td>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Create/Assign profile</font></td>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Acceptable DeviceID</font></td>
</tr>
<tr>
<td>OEM Direct API</td>
<td>YES - 1000 at a time max</td>
<td>NO</td>
<td>Tuple or PKID</td>
</tr>
<tr>
<td><a href="https://docs.microsoft.com/partner-center/autopilot">Partner Center</a></td>
<td>YES - 1000 at a time max</td>
<td>YES<b><sup>34</sup></b></td>
<td>Tuple or PKID or 4K HH</td>
</tr>
<tr>
<td><a href="https://docs.microsoft.com/intune/enrollment-autopilot">Intune</a></td>
<td>YES - 500 at a time max<b><sup>1</sup></b></td>
<td>YES<b><sup>12</sup></b></td>
<td>4K HH</td>
</tr>
<tr>
<td><a href="https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles">Microsoft Store for Business</a></td>
<td>YES - 1000 at a time max</td>
<td>YES<b><sup>4</sup></b></td>
<td>4K HH</td>
</tr>
<tr>
<td><a href="https://docs.microsoft.com/microsoft-365/business/create-and-edit-autopilot-profiles">Microsoft 365 Business</a></td>
<td>YES - 1000 at a time max</td>
<td>YES<b><sup>3</sup></b></td>
<td>4K HH</td>
</tr>
</table>
><b><sup>1</sup></b>Microsoft recommended platform to use<br>
><b><sup>2</sup></b>Intune license required<br>
><b><sup>3</sup></b>Feature capabilities are limited<br>
><b><sup>4</sup></b>Device profile assignment will be retired from MSfB and Partner Center in the coming months<br>
Also see the following topics for more information about device IDs:
- [Device identification](#device-identification)
- [Windows Autopilot device guidelines](https://docs.microsoft.com/windows/deployment/windows-autopilot/autopilot-device-guidelines)
- [Add devices to a customer account](https://docs.microsoft.com/partner-center/autopilot)
## Summary
When deploying new devices using Windows Autopilot, the following steps are required:
1. [Register devices](#registering-devices). Ideally, this step is performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
2. [Configure device profiles](profiles.md), specifying how the device should be deployed and what user experience should be presented.
3. Boot the device. When the device is connected to a network with internet access, it will contact the Windows Autopilot deployment service to see if the device is registered, and if it is, it will download profile settings such as the [Enrollment Status page](enrollment-status.md), which are used to customize the end user experience.
## Other configuration settings
- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started.

47
windows/deployment/windows-autopilot/autopilot-device-guidelines.md
View File

@ -1,47 +0,0 @@
---
title: Windows Autopilot device guidelines
ms.reviewer:
manager: laurawi
description: Learn all about hardware, firmware, and software best practices for Windows Autopilot deployment.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot device guidelines
**Applies to**
- Windows 10
## Hardware and firmware best practice guidelines for Windows Autopilot
All devices used with Windows Autopilot should meet the [minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) for Windows 10.
The following additional best practices ensure that devices can easily be provisioned by organizations as part of the Windows Autopilot deployment process:
- Ensure that the TPM 2.0 is enabled and in a good state (not in Reduced Functionality Mode) by default on devices intended for Windows Autopilot self-deploying mode.
- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) or PKID + SmbiosSystemSerialNumber into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h).
- The OEM uploads 4K Hardware Hashes obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner.
- As a best practice, Microsoft requires that OEM shipping drivers are published to Windows Update within 30 days of the CBR being submitted, and system firmware and driver updates are published to Windows Update within 14 days
- The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel.
## Software best practice guidelines for Windows Autopilot
- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers.
- You can preinstall your licensed version of Office, such as [Microsoft 365 Apps for enterprise](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
- Unless explicitly requested by the customer, no other preinstalled software should be included.
- Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed.
## Related topics
[Windows Autopilot customer consent](registration-auth.md)<br>
[Motherboard replacement scenario guidance](autopilot-mbr.md)<br>

165
windows/deployment/windows-autopilot/autopilot-faq.md
View File

@ -1,165 +0,0 @@
---
title: Windows Autopilot FAQ
ms.reviewer: This topic provides OEMs, partners, administrators, and end users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot.
manager: laurawi
description: Support information for Windows Autopilot
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot FAQ
**Applies to: Windows 10**
This article provides OEMs, partners, administrators, and end users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot.
A [glossary](#glossary) of abbreviations used in this article is provided at the end.
## Microsoft Partner Center
| Question | Answer |
| --- | --- |
| In the Partner Center, does the Tenant ID need to be provided with every device file upload? Is it needed to allow the business customer to access their devices in Microsoft Store for Business (MSfB)? | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be reused with future device uploads. |
| How does the customer or tenant know that their devices are ready to be claimed in MSfB? | After the device file upload is completed in the Partner Center, the tenant can see the devices available for Windows Autopilot setup in MSfB. The OEM needs to advise the tenant to access MSfB. Autonotification from MSfB to the tenant is being developed. |
| How does a customer authorize an OEM or Channel Partner to register Autopilot devices on the customers behalf? | Before an OEM or Channel Partner can register a device for Autopilot on behalf of a customer, the customer must first give them consent. The consent process begins with the OEM or Channel Partner sending a link to the customer that directs the customer to a consent page in MSfB. For more information, see [Registration](registration-auth.md). |
| Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a Cloud Solution Provider (CSP) using the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. |
| Does Windows Autopilot support removing the option to enable a local administrator account? | Windows Autopilot doesnt support removing the local admin account. However, it does support restricting the user performing Azure Active Directory (Azure AD) domain join in OOBE to a standard account (versus an administrator account by default).|
| How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account that has access to devices for testing the file. This can be done today in the Partner Center. <br><br>For more information, see [Create user accounts and set permissions](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions). |
| Must I become a CSP to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. |
| Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority and access: <br><br>1. <b>Direct CSP</b>: Gets direct authorization from the customer to register devices. <br><br>2. <b>Indirect CSP Provider</b>: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. <br><br>3. <b>Indirect CSP Reseller</b>: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which means that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. |
## Manufacturing
| Question | Answer |
| --- | --- |
| What changes need to be made in the factory OS image for customer configuration settings? |No changes are required on the factory floor to enable Windows Autopilot deployment. |
| What version of the OA3 tool meets Windows Autopilot deployment requirements? | Windows Autopilot can work with any version of the OA3 tool. We recommend using a supported version of Windows 10 semi-annual channel to generate the 4K hardware hash. |
| At the time of placing an order, do customers need to be state whether they want it with or without Windows Autopilot options? | Yes, if they want Windows Autopilot, they will want a supported version of Windows 10 semi-annual channel. Also, they will want to receive the CSV file or have the file upload (that is, registration) completed on their behalf. |
| Does the OEM need to manage or collect any custom imaging files from customers and perform any image uploads to Microsoft? | No change, OEMs just send the CBRs as usual to Microsoft. No images are sent to Microsoft to enable Windows Autopilot. Windows Autopilot only customizes OOBE and allows policy configurations (disables admin account, for example). |
| Are there any customer impacts to upgrading from Windows 8 to Windows 10? | The devices must be running a supported version of Windows 10 semi-annual channel to enroll in Windows Autopilot deployment. Otherwise, there are no impacts. |
| Will there be any change to the existing CBR with 4K hardware hash? | No. |
| What new information needs to be sent from the OEM to Microsoft? | Nothing, unless the OEM opts to register the device on the customers behalf, in which case they would upload the device ID using a CSV file into Microsoft Partner Center, or use the OEM Direct API. |
| Is there a contract or amendment for an OEM to participate in Windows Autopilot Deployment? | No. |
## CSV schema
| Question | Answer |
| --- | --- |
| Can a comma be used in the CSV file? | No. |
| What error messages can a user expect to see in the Partner Center or MSfB when uploading a file? | See the In Microsoft Store for Business section of this guide. |
| Is there a limit to the number of devices that can be listed in the CSV file? | Yes, the CSV file can only contain 1,000 devices to apply to a single profile. If more than 1,000 devices need to be applied to a profile, the devices need to be uploaded through multiple CSV files. |
| Does Microsoft have any recommendations on how an OEM should provide the CSV file to their customers? | We recommend encrypting the CSV file when sending to the business customer to self-register their Windows Autopilot devices (either through MPC, MSfB, or Intune). |
## Hardware hash
| Question | Answer |
| --- | --- |
| Must every hardware hash submitted by the OEM contain the SMBIOS UUID (universally unique identifier), MAC (media access control) address, and unique disk serial number (if using Windows 10 OEM Activation 3.0 tool)? | Yes. Since Windows Autopilot is based on the ability to uniquely identify devices applying for cloud configuration, it is critical to submit hardware hashes that meet the outlined requirement. |
| What is the reason for needing the SMBIOS UUID, MAC Address, and Disk Serial Number in the hardware hash details? | For creating the hardware hash, these are the fields that are needed to identify a device, as parts of the device are added or removed. Since we dont have a unique identifier for Windows devices, this is the best logic to identify a device. |
| What is difference between OA3 hardware hash, 4K hardware hash, and Windows Autopilot hardware hash? | None. Theyre different names for the same thing. The OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using an older, unsupported Windows version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. |
| What is the thought around parts replacement and repair for the NIC (network interface controller) and Disk? Will the hardware hash become invalid? | Yes. If you replace parts, you need to gather the new hardware hash, though it depends on what is replaced, and the characteristics of the parts. For example, if you replace the TPM or motherboard, its a new device and you must have new hardware hash. If you replace one network card, its probably not a new device, and the device will function with the old hardware hash. However, as a best practice, you should assume the old hardware hash is invalid and get a new hardware hash after any hardware changes. This is recommended anytime you replace parts. |
## Motherboard replacement
| Question | Answer |
| --- | --- |
| How does Autopilot handle motherboard replacement scenarios? | Motherboard replacement is out for scope for Autopilot. Any device that is repaired or serviced in a way that alters the ability to identify the device for Windows Autopilot must go through the normal OOBE process, and manually select the right settings or apply a custom image, as is the case today. <br><br>To reuse the same device for Windows Autopilot after a motherboard replacement, the device would need to be de-registered from Autopilot, the motherboard replaced, a new 4K HH harvested, and then re-registered using the new 4K hardware hash (or device ID). <br><br>**Note**: An OEM will not be able to use the OEM Direct API to re-register the device, since the OEM Direct API only accepts a tuple or PKID. In this case, the OEM would either have to send the new 4K hardware hash information using a CSV file to customer, and let customer reregister the device using MSfB or Intune.|
## SMBIOS
| Question | Answer |
| --- | --- |
| Any specific requirement to SMBIOS UUID? | It must be unique as specified in the Windows 10 hardware requirements. |
| What is the requirement on the SMBIOS table to meet the Windows Autopilot hardware hash need? | It must meet all the Windows 10 hardware requirements. Additional details may be found [here](https://msdn.microsoft.com/library/jj128256(v=vs.85).aspx). |
| If the SMBIOS supports UUID and Serial Number, is it enough for the OA3 tool to generate the hardware hash? | No. At a minimum, the following SMBIOS fields need to be populated with unique values: ProductKeyID SmbiosSystemManufacturer SmbiosSystemProductName SmbiosSystemSerialNumber SmbiosSkuNumber SmbiosSystemFamily MacAddress SmbiosUuid DiskSerialNumber TPM EkPub |
## Technical interface
| Question | Answer |
| --- | --- |
| What is the interface to get the MAC Address and Disk Serial Number? How does the OA tool get MAC and Disk Serial #? | Disk serial number is found from IOCTL_STORAGE_QUERY_PROPERTY with StorageDeviceProperty/PropertyStandardQuery. Network MAC address is IOCTL_NDIS_QUERY_GLOBAL_STATS from OID_802_3_PERMANENT_ADDRESS. However the method for performing this operation varies depending on the scenario. |
| Follow up clarification: If we have 2-3 MACs on the system, how does OA Tool choose which MAC Address and Disk Serial Number are on the system since there are multiple instances of each? If a platform has LAN And WLAN, which MAC is chosen? | In short, all available values are used. In detail, there may be specific usage rules. The system disk serial number is more important than the other disks available. Network interfaces that are removable should not be used if detected as they are removable. LAN vs WLAN should not matter, as both will be used. |
## The end-user experience
|Question|Answer|
|----|-----|
|How do I know that I received Autopilot?|You can tell that you received Windows Autopilot (as in the device received a configuration but has not yet applied it) when you skip the selection page (as seen below), and are immediately taken to a generic or customized sign-in page.|
|Windows Autopilot didnt work, what do I do now?| Questions and actions to assist in troubleshooting: Did a screen not get skipped? Did a user end up as an admin when configured not to? Remember that Azure AD Admins will be local admins regardless of whether Windows Autopilot is configured to disable local admin Collection information: run licensingdiag.exe and send the .cab (Cabinet) file that is generated to AutopilotHelp@microsoft.com. If possible, collect an ETL from Windows Performance Recorder (WPR). Often in these cases, users are not signing into the right Azure AD tenant, or are creating local user accounts. For a complete list of support options, refer to [Windows Autopilot support](autopilot-support.md). |
| If an Administrator makes changes to an existing profile, will the changes take effect on devices that have that profile assigned to them that have already been deployed? |No. Windows Autopilot profiles are not resident on the device. They are downloaded during OOBE, the settings defined at the time are applied. Then, the profile is discarded on the device. If the device is reimaged or reset, the new profile settings will take effect the next time the device goes through OOBE.|
|What is the experience if a device isnt registered or if an IT Admin doesnt configure Windows Autopilot prior to an end user attempting to self-deploy? |If the device isnt registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will not be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience. The IT Admin would then have to manually enroll that device into the MDM, after which the next time that device is reset, it will go through the Windows Autopilot OOBE experience.|
|Why didn't I receive a customized sign-in screen during Autopilot? |Tenant branding must be configured in portal.azure.com to receive a customized sign-in experience.|
|What happens if a device is registered with Azure AD but does not have a Windows Autopilot profile assigned? |The regular Azure AD OOBE will occur since no Windows Autopilot profile was assigned to the device.|
|How can I collect logs on Autopilot?|The best way to collect logs on Windows Autopilot performance is to collect a WPR trace during OOBE. The XML file (WPRP extension) for this trace may be provided upon request.|
## MDM
| Question | Answer |
| --- | --- |
| Must we use Intune for our MDM? | No, any MDM will work with Autopilot, but others probably wont have the same full suite of Windows Autopilot features as Intune. Youll get the best experience from Intune. |
| Can Intune support Win32 app preinstalls? | Yes. Starting with the Windows 10 October Update (version 1809), Intune supports Win32 apps using .msi (and .msix) wrappers. |
| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premises configuration tool like Microsoft Endpoint Configuration Manager. You only need to use the Configuration Manager if Intune cant support what you want to do with your profile. If you choose to co-manage using Intune + Configuration Manager, you do it by including a Configuration Manager agent in your Intune profile. When that profile is pushed to the device, the device will see the Configuration Manager agent and go out to the Configuration Manager to pull down any additional profile settings. |
| Must we use Microsoft Endpoint Configuration Manager for Windows Autopilot | No. Co-management (described above) is optional. |
## Features
| Question | Answer |
| --- | --- |
| Self-deploying mode | A new version of Windows Autopilot where the user only turns on the device, and nothing else. Its useful for scenarios where a standard user account isnt needed (for example, shared devices, or KIOSK devices). |
| Hybrid Azure Active Directory join | Allows Windows Autopilot devices to connect to an on-premises Active Directory domain controller (in addition to being Azure AD joined). |
| Windows Autopilot reset | Removes user apps and settings from a device, but maintains Azure AD domain join and MDM enrollment. Useful for when transferring a device from one user to another. |
| Personalization | Adds the following to the OOBE experience: A personalized welcome message can be created. A username hint can be added Sign-in page text can be personalized. The companys logo can be included |
| [Autopilot for existing devices](existing-devices.md) | Offers an upgrade path to Windows Autopilot for all existing Windows 7- and Windows 8-based devices. |
## General
|Question|Answer
|------------------|-----------------|
|If I wipe the machine and restart, will I still receive Windows Autopilot?|Yes, if the device is still registered for Windows Autopilot and is running a supported version of Windows 10 semi-annual channel, it will receive the Windows Autopilot experience.|
|Can I harvest the device fingerprint on existing machines?|Yes, if the device is running a supported version of Windows 10 semi-annual channel, you can harvest device fingerprints for registration. There are no plans to backport the functionality to legacy releases and no way to harvest them on devices running unsupported versions of Windows.|
|Is Windows Autopilot supported on other SKUs, for example, Surface Hub, HoloLens, Windows Mobile.|No, Windows Autopilot isnt supported on other SKUs.|
|Does Windows Autopilot work after MBR or image reinstallation?|Yes.|
| Can machines that have reimaged a few times go through Autopilot? What does the error message "This user is not authorized to enroll" mean? Error code 801c0003. |There are limits to the number of devices a particular Azure AD user can enroll in Azure AD, as well as the number of devices that are supported per user in Intune. (These are configurable but not infinite.) Youll run into this frequently if you reuse the devices, or even if you roll back to previous virtual machine snapshots.|
|What happens if a device is registered to a malicious agent? |By design, Windows Autopilot does not apply a profile until the user signs in with the matching tenant for the configured profile using the Azure AD sign-in process. What occurs is illustrated below. If badguys.com registers a device owned by contoso.com, at worst, the user would be directed to sign into badguys.com. When the user enters their email/password, the sign-in information is redirected through Azure AD to the proper Azure AD authentication and the user is prompted to then sign into contoso.com. Since contoso.com does not match badguys.com as the tenant, the Windows Autopilot profile will not be applied and the regular Azure AD OOBE will occur.|
|Where is the Windows Autopilot data stored? |Windows Autopilot data is stored in the United States (US), not in a sovereign cloud, even when the Azure AD tenant is registered in a sovereign cloud. This is applicable to all Windows Autopilot data, regardless of the portal leveraged to deploy Autopilot.|
|Why is Windows Autopilot data stored in the US and not in a sovereign cloud?|It is not customer data that we store, but business data that enables Microsoft to provide a service, therefore it is okay for the data to reside in the US. Customers can stop subscribing to the service at any time, and, in that event, the business data is removed by Microsoft.|
|How many ways are there to register a device for Windows Autopilot|There are six ways to register a device, depending on who is doing the registering: <br><br>1. OEM Direct API (only available to TVOs) <br>2. MPC using the MPC API (must be a CSP) <br>3. MPC using manual upload of CSV file in the UI (must be a CSP) <br>4. MSfB using CSV file upload <br>5. Intune using CSV file upload <br>6. Microsoft 365 Business portal using CSV file upload|
|How many ways are there to create a Windows Autopilot profile?|There are four ways to create and assign a Windows Autopilot profile: <br><br>1. Through MPC (must be a CSP) <br>2. Through MSfB <br>3. Through Intune (or another MDM) <br>4. Microsoft 365 Business portal <br><br>Microsoft recommends creation and assignment of profiles through Intune. |
| What are some common causes of registration failures? |1. Bad or missing hardware hash entries can lead to faulty registration attempts <br>2. Hidden special characters in CSV files. <br><br>To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.|
| Is Autopilot supported on IoT devices? | Autopilot is not supported on IoT Core devices, and there are currently no plans to add this support. Autopilot is supported on Windows 10 IoT Enterprise SAC devices. Autopilot is supported on Windows 10 Enterprise LTSC 2019 and above; it is not supported on earlier versions of LTSC.|
| Is Autopilot supported in all regions/countries? | Autopilot only supports customers using global Azure. Global Azure does not include the three entities listed below:<br>- Azure Germany <br>- Azure China 21Vianet<br>- Azure Government<br>So, if a customer is set up in global Azure, there are no region restrictions. For example, if Contoso uses global Azure but has employees working in China, the Contoso employees working in China would be able to use Autopilot to deploy devices. If Contoso uses Azure China 21Vianet, the Contoso employees would not be able to use Autopilot.|
| I need to register a device that's been previously registered to another organisation. | Partners registering devices through partner center can also deregister the device if it's moving between different customer tenants. If this isn't possible, as a last resort you can raise a ticket through the Intune "Help and Support" node and our support teams will assist you. |
## Glossary
| Term | Meaning |
| --- | --- |
| CSV | Comma Separated Values (File type similar to Excel spreadsheet) |
| MPC | Microsoft Partner Center |
| MDM | Mobile Device Management |
| OEM | Original Equipment Manufacturer |
| CSP | Cloud Solution Provider |
| MSfB | Microsoft Store for Business |
| Azure AD | Azure Active Directory |
| 4K HH | 4K hardware hash |
| CBR | Computer Build Report |
| EC | Enterprise Commerce |
| DDS | Device Directory Service |
| OOBE | Out of the Box Experience |
| UUID | Universally Unique Identifier |

421
windows/deployment/windows-autopilot/autopilot-mbr.md
View File

@ -1,421 +0,0 @@
---
title: Windows Autopilot motherboard replacement
ms.reviewer:
manager: laurawi
description: Windows Autopilot deployment MBR scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot motherboard replacement scenario guidance
**Applies to**
- Windows 10
This document offers guidance for Windows Autopilot device repair scenarios that Microsoft partners can use in Motherboard Replacement (MBR) situations, and other servicing scenarios.
Repairing Autopilot enrolled devices is complex, as it tries to balance OEM requirements with Windows Autopilot requirements. Specifically, OEMs require strict uniqueness across motherboards, MAC addresses, etc., while Windows Autopilot requires strict uniqueness at the Hardware ID level for each device to enable successful registration. The Hardware ID does not always accommodate all the OEM hardware component requirements, thus these requirements are sometimes at odds, causing issues with some repair scenarios.
**Motherboard Replacement (MBR)**
If a motherboard replacement is needed on a Windows Autopilot device, the following process is recommended:
1. [Deregister the device](#deregister-the-autopilot-device-from-the-autopilot-program) from Windows Autopilot
2. [Replace the motherboard](#replace-the-motherboard)
3. [Capture a new device ID (4K HH)](#capture-a-new-autopilot-device-id-4k-hh-from-the-device)
4. [Reregister the device](#reregister-the-repaired-device-using-the-new-device-id) with Windows Autopilot
5. [Reset the device](#reset-the-device)
6. [Return the device](#return-the-repaired-device-to-the-customer)
Each of these steps is described below.
## Deregister the Autopilot device from the Autopilot program
Before the device arrives at the repair facility, it must be deregistered by the entity that registered it. Only the entity that registered the device can deregister it. This might be the customer IT Admin, the OEM, or the CSP partner. If the IT Admin registered the device, they likely did so via Intune (or possibly the Microsoft Store for Business). In that case, they should deregister the device from Intune (or MSfB). This is necessary because devices registered in Intune will not show up in MPC. However, if the OEM or CSP partner registered the device, they likely did so via the Microsoft Partner Center (MPC). In that case, they should deregister the device from MPC, which will also remove it from the customer IT Admins Intune account. Below, we describe the steps an IT Admin would go through to deregister a device from Intune, and the steps an OEM or CSP would go through to deregister a device from MPC.
**NOTE**: When possible, an OEM or CSP should register Autopilot devices, rather than having the customer do it. This will avoid problems where OEMs or CSPs may not be able to deregister a device if, for example, a customer leasing a device goes out of business before deregistering it themselves.
**EXCEPTION**: If a customer grants an OEM permission to register devices on their behalf via the automated consent process, then an OEM can use the API to deregister devices they didnt register themselves (instead, the customer registered the devices). But keep in mind that this would only remove those devices from the Autopilot program, it would not disenroll them from Intune or disjoin them from AAD. The customer must do those steps, if desired, through Intune.
### Deregister from Intune
To deregister an Autopilot device from Intune, an IT Admin would:
1. Sign in to their Intune account
2. Navigate to Intune > Groups > All groups
3. Remove the desired device from its group
4. Navigate to Intune > Devices > All devices
5. Select the checkbox next to the device you want to delete, then click the Delete button on the top menu
6. Navigate to Intune > Devices > Azure AD devices
7. Select the checkbox next to the device you want to delete, then click the Delete button along the top menu
8. Navigate to Intune > Device enrollment > Windows enrollment > Devices
9. Select the checkbox next to the device you want to deregister
10. Click the extended menu icon (“…”) on the far right end of the line containing the device you want to deregister in order to expose an additional menu with the option to “unassign user”
11. Click “Unassign user” if the device was previously assigned to a user; if not, this option will be grayed-out and can be ignored
12. With the unassigned device still selected, click the Delete button along the top menu to remove this device
**NOTE**: These steps deregister the device from Autopilot, but also unenroll the device from Intune, and disjoin the device from AAD. While it may appear that only deregistering the device from Autopilot is needed, there are certain barriers in place within Intune that necessitate all the steps above be done, which is best practice anyway in case the device gets lost or becomes unrecoverable, to eliminate the possibility of orphaned devices existing in the Autopilot database, or Intune, or AAD. If a device gets into an unrecoverable state, you can contact the appropriate [Microsoft support alias](autopilot-support.md) for assistance.
The deregistration process will take about 15 minutes. You can accelerate the process by clicking the “Sync” button, then “Refresh” the display until the device is no longer present.
More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
### Deregister from MPC
To deregister an Autopilot device from the Microsoft Partner Center (MPC), a CSP would:
1. Log into MPC
2. Navigate to Customer > Devices
3. Select the device to be deregistered and click the “Delete device” button
![devices](images/devices.png)
**NOTE**: Deregistering a device from Autopilot in MPC does only that; it does not also unenroll the device from the MDM (Intune), nor does it disjoin the device from AAD. Therefore, if possible, the OEM/CSP ideally should work with the customer IT Admin to have the device fully removed per the Intune steps in the previous section.
Alternatively, an OEM partner that has integrated the OEM Direct APIs can deregister a device by calling the AutopilotDeviceRegistration API with the TenantID and TenantDomain fields left blank in the request call.
Because the repair facility will not have access to the users login credentials, the repair facility will have to reimage the device as part of the repair process. This means that the customer should do three things before sending the device off for repair:
1. Copy all important data off the device.
2. Let the repair facility know which version of Windows they should reinstall after the repair.
3. If applicable, let the repair facility know which version of Office they should reinstall after the repair.
## Replace the motherboard
Technicians replace the motherboard (or other hardware) on the broken device. A replacement DPK is injected.
Repair and key replacement processes vary between facilities. Sometimes repair facilities receive motherboard spare parts from OEMs that have replacement DPKs already injected, but sometimes not. Sometimes repair facilities receive fully-functional BIOS tools from OEMs, but sometimes not. This means that the quality of the data in the BIOS after an MBR varies. To ensure the repaired device will still be Autopilot-capable following its repair, the new (post-repair) BIOS should be able to successfully gather and populate the following information at a minimum:
- DiskSerialNumber
- SmbiosSystemSerialNumber
- SmbiosSystemManufacturer
- SmbiosSystemProductName
- SmbiosUuid
- TPM EKPub
- MacAddress
- ProductKeyID
- OSType
**NOTE**: For simplicity, and because processes vary between repair facilities, we have excluded many of the additional steps often used in an MBR, such as:
- Verify that the device is still functional
- Disable BitLocker*
- Repair the Boot Configuration Data (BCD)
- Repair and verify the network driver operation
*BitLocker can be suspended rather than disabled if the technician has the ability to resume it after the repair.
## Capture a new Autopilot device ID (4K HH) from the device
Repair technicians must sign in to the repaired device to capture the new device ID. Assuming the repair technician does NOT have access to the customers login credentials, they will have to reimage the device in order to gain access, per the following steps:
1. The repair technician creates a [WinPE bootable USB drive](https://docs.microsoft.com/windows-hardware/manufacture/desktop/oem-deployment-of-windows-10-for-desktop-editions#create-a-bootable-windows-pe-winpe-partition).
2. The repair technician boots the device to WinPE.
3. The repair technician [applies a new Windows image to the device](https://docs.microsoft.com/windows-hardware/manufacture/desktop/work-with-windows-images).
**NOTE**: Ideally, the same version of Windows should be reimaged onto the device that was originally on the device, so some coordination will be required between the repair facility and customer to capture this information at the time the device arrives for repair. This might include the customer sending the repair facility a customized image (.ppk file) via a USB stick, for example.
4. The repair technician boots the device into the new Windows image.
5. Once on the desktop, the repair technician captures the new device ID (4K HH) off the device using either the OA3 Tool or the PowerShell script, as described below.
Those repair facilities with access to the OA3 Tool (which is part of the ADK) can use the tool to capture the 4K Hardware Hash (4K HH).
Alternatively, the [WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) can be used to capture the 4K HH by following these steps:
1. Install the script from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) or from the command line (command line installation is shown below).
2. Navigate to the script directory and run it on the device when the device is either in Full OS or Audit Mode. See the following example.
```powershell
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Install-Script -Name Get-WindowsAutopilotInfo -Force
Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
```
>If you are prompted to install the NuGet package, choose **Yes**.<br>
>If, after installing the script you get an error that Get-WindowsAutopilotInfo.ps1 is not found, verify that C:\Program Files\WindowsPowerShell\Scripts is present in your PATH variable.<br>
>If the Install-Script cmdlet fails, verify that you have the default PowerShell repository registered (**Get-PSRepository**) or register the default repository with **Register-PSRepository -Default -Verbose**.
The script creates a .csv file that contains the device information, including the complete 4K HH. Save this file so that you can access it later. The service facility will use this 4K HH to reregister device as described below. Be sure to use the -OutputFile parameter when saving the file, which ensures that file formatting is correct. Do not attempt to pipe the command output to a file manually.
**NOTE**: If the repair facility does not have the ability to run the OA3 tool or PowerShell script to capture the new 4K HH, then the CSP (or OEM) partners must do this for them. Without some entity capturing the new 4K HH, there is no way to reregister this device as an Autopilot device.
## Reregister the repaired device using the new device ID
If an OEM is not able to reregister the device, then the repair facility or CSP should reregister the device using MPC, or the customer IT Admin should be advised to reregister the device via Intune (or MSfB). Both ways of reregistering a device are shown below.
### Reregister from Intune
To reregister an Autopilot device from Intune, an IT Admin would:
1. Sign in to Intune.
2. Navigate to Device enrollment > Windows enrollment > Devices > Import.
3. Click the **Import** button to upload a csv file containing the device ID of the device to be reregistered (the device ID was the 4K HH captured by the PowerShell script or OA3 tool described previously in this document).
The following video provides a good overview of how to (re)register devices via MSfB.<br>
> [!VIDEO https://www.youtube.com/embed/IpLIZU_j7Z0]
### Reregister from MPC
To reregister an Autopilot device from MPC, an OEM or CSP would:
1. Sign in to MPC.
2. Navigate to the Customer > Devices page and click the **Add devices** button to upload the csv file.
![device](images/device2.png)<br>
![device](images/device3.png)
In the case of reregistering a repaired device through MPC, the uploaded csv file must contain the 4K HH for the device, and not just the PKID or Tuple (SerialNumber + OEMName + ModelName). If only the PKID or Tuple was used, the Autopilot service would be unable to find a match in the Autopilot database, since no 4K HH info was ever previously submitted for this essentially “new” device, and the upload will fail, likely returning a ZtdDeviceNotFound error. So, again, only upload the 4K HH, not the Tuple or PKID.
**NOTE**: When including the 4K HH in the csv file, you do NOT also need to include the PKID or Tuple. Those columns may be left blank, as shown below:
![hash](images/hh.png)
## Reset the device
Since the device was required to be in Full OS or Audit Mode to capture the 4K HH, the repair facility must reset the image back to a pre-OOBE state before returning it to the customer. One way this can be accomplished is by using the built-in reset feature in Windows, as follows:
On the device, go to Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Finally, click on Reset.
![reset](images/reset.png)
However, its likely the repair facility wont have access to Windows because they lack the user credentials to sign in, in which case they need to use other means to reimage the device, such as the [Deployment Image Servicing and Management tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/oem-deployment-of-windows-10-for-desktop-editions#use-a-deployment-script-to-apply-your-image).
## Return the repaired device to the customer
After completing the previous steps, the repaired device can now be returned to the customer, and will be auto-enrolled into the Autopilot program on first boot-up during OOBE.
**NOTE**: If the repair facility did NOT reimage the device, they could be sending it back in a potentially broken state (e.g., theres no way to log into the device because its been dissociated from the only known user account), in which case they should tell the organization that they need to fix the registration and OS themselves.
**IMPORTANT**: A device can be “registered” for Autopilot prior to being powered-on, but the device isnt actually “deployed” to Autopilot (i.e., enabled as an Autopilot device) until it goes through OOBE, which is why resetting the device back to a pre-OOBE state is a required step.
## Specific repair scenarios
This section covers the most common repair scenarios, and their impact on Autopilot enablement.
NOTES ON TEST RESULTS:
- Scenarios below were tested using Intune only (no other MDMs were tested).
- In most test scenarios below, the repaired and reregistered device needed to go through OOBE again for Autopilot to be enabled.
- Motherboard replacement scenarios often result in lost data, so repair centers or customers should be reminded to back up data (if possible) prior to repair.
- In the cases where a repair facility does not have the ability to write device info into the BIOS of the repaired device, new processes need to be created to successfully enable Autopilot.
- Repaired device should have the Product Key (DPK) preinjected in the BIOS before capturing the new 4K HH (device ID)
In the following table:<br>
- Supported = **Yes**: the device can be reenabled for Autopilot
- Supported = **No**: the device cannot be reenabled for Autopilot
<table border="1">
<th>Scenario<th>Supported<th>Microsoft Recommendation
<tr><td>Motherboard Replacement (MBR) in general<td>Yes<td>The recommended course of action for MBR scenarios is:
1. Autopilot device is deregistered from the Autopilot program
2. The motherboard is replace
3. The device is reimaged (with BIOS info and DPK reinjected)*
4. A new Autopilot device ID (4K HH) is captured off the device
5. The repaired device is reregistered for the Autopilot program using the new device ID
6. The repaired device is reset to boot to OOBE
7. The repaired device is shipped back to the customer
*Its not necessary to reimage the device if the repair technician has access to the customers login credentials. Its technically possible to do a successful MBR and Autopilot re-enablement without keys or certain BIOS info (e.g., serial #, model name, etc.), but doing so is only recommended for testing/educational purposes.
<tr><td>MBR when motherboard has a TPM chip (enabled) and only one onboard network card (that also gets replaced)<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard
3. Reimage device (to gain access), unless you have access to customers login credentials
4. Write device info into BIOS
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR when motherboard has a TPM chip (enabled) and a second network card (or network interface) that is not replaced along with the motherboard<td>No<td>This scenario is not recommended, as it breaks the Autopilot experience, because the resulting Device ID will not be stable until after TPM attestation has completed, and even then registration may give incorrect results because of ambiguity with MAC Address resolution.
<tr><td>MBR where the NIC card, HDD, and WLAN all remain the same after the repair<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Reimage device (to gain access), unless you have access to customers login credentials
4. Write old device info into BIOS (same s/n, model, etc.)*
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
*Note that for this and subsequent scenarios, rewriting old device info would not include the TPM 2.0 endorsement key, as the associated private key is locked to the TPM device
<tr><td>MBR where the NIC card remains the same, but the HDD and WLAN are replaced<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Insert new HDD and WLAN
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR where the NIC card and WLAN remains the same, but the HDD is replaced<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Insert new HDD
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR where only the MB is replaced (all other parts remain same) but new MB was taken from a previously used device that had NOT been Autopilot-enabled before.<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Reimage device (to gain access), unless you have access to customers login credentials
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR where only the MB is replaced (all other parts remain same) but new MB was taken from a previously used device that HAD been Autopilot-enabled before.<td>Yes<td>
1. Deregister old device from which MB will be taken
2. Deregister damaged device (that you want to repair)
3. Replace motherboard in repair device with MB from other Autopilot device (with new RDPK preinjected in BIOS)
4. Reimage device (to gain access), unless you have access to customers login credentials
5. Write old device info into BIOS (same s/n, model, etc.)
6. Capture new 4K HH
7. Reregister repaired device
8. Reset device back to OOBE
9. Go through Autopilot OOBE (customer)
10. Autopilot successfully enabled
<b>NOTE</b>: The repaired device can also be used successfully as a normal, non-Autopilot device.
<tr><td>BIOS info excluded from MBR device<td>No<td>Repair facility does not have BIOS tool to write device info into BIOS after MBR.
1. Deregister damaged device
2. Replace motherboard (BIOS does NOT contain device info)
3. Reimage and write DPK into image
4. Capture new 4K HH
5. Reregister repaired device
6. Create Autopilot profile for device
7. Go through Autopilot OOBE (customer)
8. Autopilot FAILS to recognize repaired device
<tr><td>MBR when there is no TPM chip<td>Yes<td>Though we do not recommend enabling Autopilot devices without a TPM chip (which is recommended for BitLocker encryption), it is possible to enable an Autopilot device in “standard user” mode (but NOT Self-deploying mode) that does not have a TPM chip. In this case, you would:
1. Deregister damaged device
2. Replace motherboard
3. Reimage device (to gain access), unless you have access to customers login credentials
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>New DPK written into image on repaired Autopilot device with a new MB<td>Yes<td>Repair facility replaces normal MB on damaged device. MB does not contain any DPK in the BIOS. Repair facility writes DPK into image after MBR.
1. Deregister damaged device
2. Replace motherboard BIOS does NOT contain DPK info
3. Reimage device (to gain access), unless you have access to customers login credentials
4. Write device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reset or reimage device to pre-OOBE and write DPK into image
7. Reregister repaired device
8. Go through Autopilot OOBE
9. Autopilot successfully enabled
<tr><td>New Repair Product Key (RDPK)<td>Yes<td>Using a motherboard with a new RDPK preinjected results in a successful Autopilot refurbishment scenario.
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Reimage or rest image to pre-OOBE
4. Write device info into BIOS
5. Capture new 4K HH
6. Reregister repaired device
7. Reimage or reset image to pre-OOBE
8. Go through Autopilot OOBE
9. Autopilot successfully enabled
<tr><td>No Repair Product Key (RDPK) injected<td>No<td>This scenario violates Microsoft policy and breaks the Windows Autopilot experience.
<tr><td>Reimage damaged Autopilot device that was not deregistered prior to repair<td>Yes, but the device will still be associated with previous tenant ID, so should only be returned to same customer<td>
1. Reimage damaged device
2. Write DPK into image
3. Go through Autopilot OOBE
4. Autopilot successfully enabled (to previous tenant ID)
<tr><td>Disk replacement from a non-Autopilot device to an Autopilot device<td>Yes<td>
1. Do not deregister damaged device prior to repair
2. Replace HDD on damaged device
3. Reimage or reset image back to OOBE
4. Go through Autopilot OOBE (customer)
5. Autopilot successfully enabled (repaired device recognized as its previous self)
<tr><td>Disk replacement from one Autopilot device to another Autopilot device<td>Maybe<td>If the device from which the HDD is taken was itself previously deregistered from Autopilot, then that HDD can be used in a repair device. But if the HDD was never previously deregistered from Autopilot before being used in a repaired device, the newly repaired device will not have the proper Autopilot experience.
Assuming the used HDD was previously deregistered (before being used in this repair):
1. Deregister damaged device
2. Replace HDD on damaged device using a HDD from another deregistered Autopilot device
3. Reimage or rest the repaired device back to a pre-OOBE state
4. Go through Autopilot OOBE (customer)
5. Autopilot successfully enabled
<tr><td>Non-Microsoft network card replacement <td>No<td>Whether from a non-Autopilot device to an Autopilot device, from one Autopilot device to another Autopilot device, or from an Autopilot device to a non-Autopilot device, any scenario where a 3rd party (not onboard) Network card is replaced will break the Autopilot experience, and is not recommended.
<tr><td>A device repaired more than 3 times<td>No<td>Autopilot is not supported when a device is repeatedly repaired, so that whatever parts NOT replaced become associated with too many parts that have been replaced, which would make it difficult to uniquely identify that device in the future.
<tr><td>Memory replacement<td>Yes<td>Replacing the memory on a damaged device does not negatively affect the Autopilot experience on that device. No de/reregistration is needed. The repair technician simply needs to replace the memory.
<tr><td>GPU replacement<td>Yes<td>Replacing the GPU(s) on a damaged device does not negatively affect the Autopilot experience on that device. No de/reregistration is needed. The repair technician simply needs to replace the GPU.
</table>
>When scavenging parts from another Autopilot device, we recommend unregistering the scavenged device from Autopilot, scavenging it, and then NEVER REGISTERING THE SCAVENGED DEVICE (AGAIN) FOR AUTOPILOT, because reusing parts this way may cause two active devices to end up with the same ID, with no possibility of distinguishing between the two.
**NOTE**: The following parts may be replaced without compromising Autopilot enablement or requiring special additional repair steps:
- Memory (RAM or ROM)
- Power Supply
- Video Card
- Card Reader
- Sound card
- Expansion card
- Microphone
- Webcam
- Fan
- Heat sink
- CMOS battery
Other repair scenarios not yet tested and verified include:
- Daughterboard replacement
- CPU replacement
- Wifi replacement
- Ethernet replacement
## FAQ
| Question | Answer |
| --- | --- |
| If we have a tool that programs product information into the BIOS after the MBR, do we still need to submit a CBR report for the device to be Autopilot-capable? | No. Not if the in-house tool writes the minimum necessary information into the BIOS that the Autopilot program looks for to identify the device, as described earlier in this document. |
| What if only some components are replaced rather than the full motherboard? | While its true that some limited repairs do not prevent the Autopilot algorithm from successfully matching the post-repair device with the pre-repair device, it is best to ensure 100% success by going through the MBR steps above even for devices that only needed limited repairs. |
| How does a repair technician gain access to a broken device if they dont have the customers login credentials? | The technician will have to reimage the device and use their own credentials during the repair process. |
## Related topics
[Device guidelines](autopilot-device-guidelines.md)<br>

37
windows/deployment/windows-autopilot/autopilot-support.md
View File

@ -1,37 +0,0 @@
---
title: Windows Autopilot support
description: Find out who to contact for help with your Windows Autopilot installation.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.reviewer:
manager: laurawi
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot support information
**Applies to: Windows 10**
The following table displays support information for the Windows Autopilot program.
Before contacting the resources listed below for Windows Autopilot-related issues, check the [Windows Autopilot FAQ](autopilot-faq.md).
| Audience | Support contact |
|------------|---------------------------------------|
| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if youre a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. |
| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority: <br>Low 120 hours <br>Normal 72 hours <br>High 24 hours <br>Immediate 4 hours |
| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. |
| End-user | Contact your IT administrator. |
| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. |
| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. |
| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). |
| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. |
| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. |

48
windows/deployment/windows-autopilot/autopilot-update.md
View File

@ -1,48 +0,0 @@
---
title: Windows Autopilot update
ms.reviewer:
manager: laurawi
description: Windows Autopilot update
keywords: Autopilot, update, Windows 10
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot update
**Applies to**
- Windows 10, version 1903
Windows Autopilot update enables you to get the latest Autopilot features and critical issue fixes without the need to move to latest Windows OS version. With Autopilot update, organizations can keep their current OS version and still benefit from new Autopilot features and bug fixes.
During the Autopilot deployment process, Windows Autopilot update has been added as a new node after the critical [Windows Zero Day Patch (ZDP) update](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) check. During the update process, Windows Autopilot devices reach out to Windows Update to check for a new Autopilot update. If there is an Autopilot update available, the device will download and install the update, then restart automatically. See the following example.
![Autopilot update 1](images/update1.png)<br>
![Autopilot update 2](images/update2.png)<br>
![Autopilot update 3](images/update3.png)
The following diagram illustrates a typical Windows Autopilot deployment orchestration during the Out of Box Experience (OOBE) with the new Windows Autopilot update node.
![Autopilot update flow](images/update-flow.png)
## Release cadence
- When an Autopilot update is available, it is typically released on the 4th Tuesday of the month. The update could be released on a different week if there is an exception.
- A knowledge base (KB) article will also be published to document the changes that are included in the update.
For a list of released updates, see [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history).
## See also
[Windows Update during OOBE](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe)<br>
[What's new in Windows Autopilot](windows-autopilot-whats-new.md)<br>

54
windows/deployment/windows-autopilot/bitlocker.md
View File

@ -1,54 +0,0 @@
---
title: Setting the BitLocker encryption algorithm for Autopilot devices
ms.reviewer:
manager: laurawi
description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices.
keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Setting the BitLocker encryption algorithm for Autopilot devices
**Applies to**
- Windows 10
With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encryption algorithm isn't applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins.
The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit, or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm.
2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group.
- **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices.
- **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
An example of Microsoft Intune Windows Encryption settings is shown below.
![BitLocker encryption settings](images/bitlocker-encryption.png)
**Note**: A device that is encrypted automatically will need to be decrypted prior to changing the encryption algorithm.
The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
**Note**: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
## Requirements
Windows 10, version 1809 or later.
## See also
[BitLocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

27
windows/deployment/windows-autopilot/deployment-process.md
View File

@ -1,27 +0,0 @@
---
title: Windows 10 deployment process posters
description: View and download Windows 10 deployment process flows for Microsoft Endpoint Configuration Manager and Windows Autopilot.
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
keywords: upgrade, in-place, configuration, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Windows Autopilot deployment process
**Applies to**
- Windows 10
Windows Autopilot deployment processes are summarized in the poster below. The poster is two pages in portrait mode (11x17). Click the image below to view a PDF in your browser.
[![Deploy Windows 10 with Autopilot](../media/windows10-autopilot-flowchart.png)](../media/Windows10AutopilotFlowchart.pdf)
**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager).

70
windows/deployment/windows-autopilot/dfci-management.md
View File

@ -1,70 +0,0 @@
---
title: DFCI Management
ms.reviewer:
manager: laurawi
description: With Windows Autopilot Deployment and Intune, you can manage UEFI (BIOS) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI)
keywords: Autopilot, DFCI, UEFI, Windows 10
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# DFCI Management
**Applies to**
- Windows 10
With Windows Autopilot Deployment and Intune, you can manage Unified Extensible Firmware Interface (UEFI) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI). DFCI [enables Windows to pass management commands](https://docs.microsoft.com/windows/client-management/mdm/uefi-csp) from Intune to UEFI to Autopilot deployed devices. This allows you to limit end user's control over BIOS settings. For example, you can lock down the boot options to prevent users from booting up another OS, such as one that doesn't have the same security features.
If a user reinstalls a previous Windows version, install a separate OS, or format the hard drive, they can't override DFCI management. This feature can also prevent malware from communicating with OS processes, including elevated OS processes. DFCIs trust chain uses public key cryptography, and doesn't depend on local UEFI password security. This layer of security blocks local users from accessing managed settings from the devices UEFI menus.
For an overview of DFCI benefits, scenarios, and prerequisites, see [Device Firmware Configuration Interface (DFCI) Introduction](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/).
## DFCI management lifecycle
The DFCI management lifecycle can be viewed as UEFI integration, device registration, profile creation, enrollment, management, retirement, and recovery. See the following figure.
![Lifecycle](images/dfci.png)
## Requirements
- Windows 10, version 1809 or later and a supported UEFI is required.
- The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process, or as a firmware update that you install. Work with your device vendors to determine the [manufacturers that support DFCI](#oems-that-support-dfci), or the firmware version needed to use DFCI.
- The device must be managed with Microsoft Intune. For more information, see [Enroll Windows devices in Intune using Windows Autopilot](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
- The device must be registered for Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider), or registered directly by the OEM.
>[!IMPORTANT]
>Devices manually registered for Autopilot (such as by [importing from a csv file](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot#add-devices)) are not allowed to use DFCI. By design, DFCI management requires external attestation of the devices commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot. When your device is registered, its serial number is displayed in the list of Windows Autopilot devices.
## Managing DFCI profile with Windows Autopilot
There are four basic steps in managing DFCI profile with Windows Autopilot:
1. Create an Autopilot Profile
2. Create an Enrollment status page profile
3. Create a DFCI profile
4. Assign the profiles
See [Create the profiles](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-the-profiles) and [Assign the profiles, and reboot](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#assign-the-profiles-and-reboot) for details.
You can also [change existing DFCI settings](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#update-existing-dfci-settings) on devices that are in use. In your existing DFCI profile, change the settings and save your changes. Since the profile is already assigned, the new DFCI settings take effect when next time the device syncs or the device reboots.
## OEMs that support DFCI
- [Microsoft Surface](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
Additional OEMs are pending.
## See also
[Microsoft DFCI Scenarios](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Scenarios/DfciScenarios/)<br>
[Windows Autopilot and Surface devices](https://docs.microsoft.com/surface/windows-autopilot-and-surface-devices)<br>

39
windows/deployment/windows-autopilot/enrollment-status.md
View File

@ -1,39 +0,0 @@
---
title: Windows Autopilot Enrollment Status Page
ms.reviewer:
manager: laurawi
description: Gives an overview of the Enrollment Status Page capabilities, configuration
keywords: Autopilot Plug and Forget, Windows 10
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot Enrollment Status Page
**Applies to**
- Windows 10, version 1803 and later
The Enrollment Status Page (ESP) displays the status of the complete device configuration process when an MDM managed user signs into a device for the very first time. The ESP will help users understand the progress of device provisioning and ensures the device has met the organizations desired state before the user can access the desktop for the first time.
The ESP will track the installation of applications, security policies, certificates and network connections. Within Intune, an administrator can deploy ESP profiles to a licensed Intune user and configure specific settings within the ESP profile; a few of these settings are: force the installation of specified applications, allow users to collect troubleshooting logs, specify what a user can do if device setup fails. For more information, see how to set up the [Enrollment Status Page in Intune](https://docs.microsoft.com/intune/windows-enrollment-status).
![Enrollment Status Page](images/enrollment-status-page.png)
## More information
For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).<br>
For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP documentation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
For more information about blocking for app installation:
- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).

324
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -1,324 +0,0 @@
---
title: Windows Autopilot for existing devices
description: Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot for existing devices
**Applies to: Windows 10**
Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.
This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10 devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using Windows Autopilot.
>[!NOTE]
>Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported.
## Prerequisites
- A currently supported version of Microsoft Endpoint Configuration Manager current branch or technical preview branch.
- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
- For more information on Configuration Manager support, see [Support for Windows 10 ADK](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10#windows-10-adk).
- Assigned Microsoft Intune Licenses
- Azure Active Directory Premium
- Windows 10 version 1809 or later imported into Configuration Manager as an Operating System Image
- **Important**: See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Managers built-in **Windows Autopilot existing device** task sequence template. Currently, one of the steps in this task sequence must be edited to work properly with Windows 10, version 1903.
## Procedures
### Configure the Enrollment Status Page (optional)
If desired, you can set up an [enrollment status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) for Autopilot using Intune.
To enable and configure the enrollment and status page:
1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/configmgr/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
See the following examples.
![enrollment status page](images/esp-config.png)<br><br>
![mdm](images/mdm-config.png)
### Create the JSON file
>[!TIP]
>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616).
1. On an Internet connected Windows PC or server, open an elevated Windows PowerShell command window
2. Enter the following lines to install the necessary modules
#### Install required modules
```powershell
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module AzureAD -Force
Install-Module WindowsAutopilotIntune -Force
Install-Module Microsoft.Graph.Intune -Force
```
3. Enter the following lines and provide Intune administrative credentials
- Be sure that the user account you specify has sufficient administrative rights.
```powershell
Connect-MSGraph
```
The user and password for your account will be requested using a standard Azure AD form. Type your username and password and then click **Sign in**.
<br>See the following example:
![Azure AD authentication](images/pwd.png)
If this is the first time youve used the Intune Graph APIs, youll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
- Select **Consent on behalf or your organization**
- Click **Accept**
4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format:
#### Retrieve profiles in Autopilot for existing devices JSON format
```powershell
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
```
See the following sample output: (use the horizontal scroll bar at the bottom to view long lines)
<pre style="overflow-y: visible">
PS C:\> Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
{
"CloudAssignedTenantId": "1537de22-988c-4e93-b8a5-83890f34a69b",
"CloudAssignedForcedEnrollment": 1,
"Version": 2049,
"Comment_File": "Profile Autopilot Profile",
"CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"ForcedEnrollment\":1,\"CloudAssignedTenantDomain\":\"M365x373186.onmicrosoft.com\"}}",
"CloudAssignedTenantDomain": "M365x373186.onmicrosoft.com",
"CloudAssignedDomainJoinMethod": 0,
"CloudAssignedOobeConfig": 28,
"ZtdCorrelationId": "7F9E6025-1E13-45F3-BF82-A3E8C5B59EAC"
}</pre>
Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed.
See the following table for a description of properties used in the JSON file.
| Property | Description |
|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. |
| CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. |
| CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, for example: tenant.onmicrosoft.com. |
| CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
| CloudAssignedDomainJoinMethod (number, required) | This property specifies whether the device should join Azure Active Directory or Active Directory (Hybrid Azure AD Join). Values include: Active AD Join = 0, Hybrid Azure AD Join = 1 |
| CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment. <br>0 = not required, 1 = required. |
| ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. |
| CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled. <br> Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}" |
| CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. |
5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string)
```powershell
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII
```
**IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI.
If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example.
![Notepad JSON](images/notepad.png)
After saving the file, move the file to a location suitable as a Microsoft Endpoint Configuration Manager package source.
>[!IMPORTANT]
>Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI. <br><br>**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.<br>
### Create a package containing the JSON file
1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages**
2. On the ribbon, click **Create Package**
3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:<br>
- <u>Name</u>: **Autopilot for existing devices config**
- Select the **This package contains source files** checkbox
- <u>Source folder</u>: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file.
- Click **OK** and then click **Next**.
- <u>Program Type</u>: **Do not create a program**
4. Click **Next** twice and then click **Close**.
**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Configuration Manager package.
### Create a target collection
>[!NOTE]
>You can also choose to reuse an existing collection
1. Navigate to **\Assets and Compliance\Overview\Device Collections**
2. On the ribbon, click **Create** and then click **Create Device Collection**
3. In the **Create Device Collection Wizard** enter the following **General** details:
- <u>Name</u>: **Autopilot for existing devices collection**
- Comment: (optional)
- <u>Limiting collection</u>: Click **Browse** and select **All Systems**
>[!NOTE]
>You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select.
4. Click **Next**, then enter the following **Membership Rules** details:
- Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection.
- For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next**, and then choose **PC-01** under **Resources**. See the following examples.
![Named resource1](images/pc-01a.png)
![Named resource2](images/pc-01b.png)
5. Continue creating the device collection with the default settings:
- Use incremental updates for this collection: not selected
- Schedule a full update on this collection: default
- Click **Next** twice and then click **Close**
### Create an Autopilot for existing devices Task Sequence
>[!TIP]
>The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later.
1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences**
2. On the Home ribbon, click **Create Task Sequence**
3. Select **Install an existing image package** and then click **Next**
4. In the Create Task Sequence Wizard enter the following details:
- <u>Task sequence name</u>: **Autopilot for existing devices**
- <u>Boot Image</u>: Click **Browse** and select a Windows 10 boot image (1803 or later)
- Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later.
- Select the **Partition and format the target computer before installing the operating system** checkbox.
- Select or clear **Configure task sequence for use with BitLocker** checkbox. This is optional.
- <u>Product Key</u> and <u>Server licensing mode</u>: Optionally enter a product key and server licensing mode.
- <u>Randomly generate the local administrator password and disable the account on all support platforms (recommended)</u>: Optional.
- <u>Enable the account and specify the local administrator password</u>: Optional.
- Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
> [!IMPORTANT]
> The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which uses the System Preparation Tool (sysprep). This action will fail if the target machine is joined to a domain.
>[!IMPORTANT]
> The System Preparation Tool (sysprep) will run with the /Generalize parameter which, on Windows 10 versions 1903 and 1909, will delete the Autopilot profile file and the machine will boot into OOBE phase instead of Autopilot phase. To fix this issue, please see [Windows Autopilot - known issues](https://docs.microsoft.com/windows/deployment/windows-autopilot/known-issues).
5. Click **Next**, and then click **Next** again to accept the default settings on the Install Configuration Manager page.
6. On the State Migration page, enter the following details:
- Clear the **Capture user settings and files** checkbox.
- Clear the **Capture network settings** checkbox.
- Clear the **Capture Microsoft Windows settings** checkbox.
- Click **Next**.
>[!NOTE]
>Because the Autopilot for existing devices task sequence completes while in Windows PE, User State Migration Toolkit (USMT) data migration is not supported as there is no way to restore the user state into the new OS. Also, the User State Migration Toolkit (USMT) does not support Azure AD-joined devices.
7. On the Include Updates page, choose one of the three available options. This selection is optional.
8. On the Install applications page, add applications if desired. This is optional.
9. Click **Next**, confirm settings, click **Next**, and then click **Close**.
10. Right click on the Autopilot for existing devices task sequence and click **Edit**.
11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action.
12. Click **Add** then click **New Group**.
13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**.
14. Click **Add**, point to **General**, then click **Run Command Line**.
15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group.
16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**:
```
cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c
```
- **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier.
17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**.
18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section.
19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task.
20. Click **Add** and then click **New Group**.
21. Change **Name** from **New Group** to **Prepare Device for Autopilot**
22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary.
23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**.
24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step:
- <u>Automatically build mass storage driver list</u>: **Not selected**
- <u>Do not reset activation flag</u>: **Not selected**
- <u>Shut down the computer after running this action</u>: **Optional**
![Autopilot task sequence](images/ap-ts-1.png)
25. Click **OK** to close the Task Sequence Editor.
> [!NOTE]
> On Windows 10 1903 and 1909, the **AutopilotConfigurationFile.json** is deleted by the **Prepare Windows for Capture** step. See [Windows Autopilot - known issues](https://docs.microsoft.com/windows/deployment/windows-autopilot/known-issues) for more information and a workaround.
### Deploy Content to Distribution Points
Next, ensure that all content required for the task sequence is deployed to distribution points.
1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**.
2. Click **Next**, **Review the content to distribute**, and then click **Next**.
3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**.
4. On the Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run.
5. When you are finished specifying content distribution, click **Next** twice then click **Close**.
### Deploy the OS with Autopilot Task Sequence
1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**.
2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details:
- <u>Task Sequence</u>: **Autopilot for existing devices**.
- <u>Collection</u>: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer).
- Click **Next** to specify **Deployment Settings**.
- <u>Action</u>: **Install**.
- <u>Purpose</u>: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations.
- <u>Make available to the following</u>: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media.
- Click **Next** to specify **Scheduling** details.
- <u>Schedule when this deployment will become available</u>: Optional
- <u>Schedule when this deployment will expire</u>: Optional
- Click **Next** to specify **User Experience** details.
- <u>Show Task Sequence progress</u>: Selected.
- <u>Software Installation</u>: Not selected.
- <u>System restart (if required to complete the installation)</u>: Not selected.
- <u>Commit changed at deadline or during a maintenance windows (requires restart)</u>: Optional.
- <u>Allow task sequence to be run for client on the Internet</u>: Optional
- Click **Next** to specify **Alerts** details.
- <u>Create a deployment alert when the threshold is higher than the following</u>: Optional.
- Click **Next** to specify **Distribution Points** details.
- <u>Deployment options</u>: **Download content locally when needed by the running task sequence**.
- <u>When no local distribution point is available use a remote distribution point</u>: Optional.
- <u>Allow clients to use distribution points from the default site boundary group</u>: Optional.
- Click **Next**, confirm settings, click **Next**, and then click **Close**.
### Complete the client installation process
1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
```
C:\Windows\CCM\SCClient.exe
```
2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example:
![Named resource2](images/sc.png)
![Named resource2](images/sc1.png)
The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience.
![refresh-1](images/up-1.png)
![refresh-2](images/up-2.png)
![refresh-3](images/up-3.png)
>[!NOTE]
>If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information.
### Register the device for Windows Autopilot
Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile).
Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices).
## Speeding up the deployment process
To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/).

78
windows/deployment/windows-autopilot/index.md
View File

@ -1,78 +0,0 @@
---
title: Windows Autopilot deployment
description: Discover resources for Windows Autopilot deployment with this guide.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot deployment
**Applies to**
- Windows 10
Windows Autopilot is a zero-touch, self-service Windows deployment platform introduced with Windows 10, version 1703. The Windows Autopilot process runs immediately after powering on a new computer for the first time, enabling employees to configure new devices to be business-ready with just a few clicks.
This guide is intended for use by an IT-specialist, system architect, or business decision maker. The guide provides information about how Windows Autopilot deployment works, including detailed requirements, deployment scenarios, and platform capabilities. The document highlights options that are available to you when planning a modern, cloud-joined Windows 10 deployment strategy. Links are provided to detailed step by step configuration procedures.
## In this guide
<table border="0">
<tr><td><a href="windows-autopilot-whats-new.md">What's new</a> <td>Windows Autopilot is always being updated with new features! Check this topic to read about the latest capabilities.
</table>
### Understanding Windows Autopilot
<table>
<tr><td><a href="windows-autopilot.md">Overview of Windows Autopilot</a><td>A review of Windows Autopilot is provided with a video walkthrough. Benefits and general requirements are discussed.
<tr><td><a href="windows-autopilot-requirements.md">Requirements</a><td>Detailed software, network, licensing, and configuration requirements are provided.
<tr><td><a href="windows-autopilot-scenarios.md">Scenarios and Capabilities</a><td>A summary of Windows Autopilot deployment scenarios and capabilities.
<tr><td><a href="demonstrate-deployment-on-vm.md">Get started</a><td>Interested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account.
</table>
### Deployment scenarios
<table>
<tr><td><a href="user-driven.md">User-driven mode</a><td>Requirements and validation steps for deploying a new Azure Active Directory (AAD) joined or hybrid AAD-joined Windows 10 device are provided.
<tr><td><a href="self-deploying.md">Self-deploying mode</a><td>Requirements and validation steps for deploying a new Windows 10 device with little to no user interaction are provided.
<tr><td><a href="windows-autopilot-reset.md">Windows Autopilot Reset</a><td>Using Windows Autopilot Reset, a device can be restored to its original settings, taking it back to a business-ready state. Both local and remote reset scenarios are discussed.
<tr><td><a href="white-glove.md">Windows Autopilot for white glove deployment</a><td>Requirements and procedures are described that enable additional policies and apps to be delivered to a Windows Autopilot device.
<tr><td><a href="existing-devices.md">Support for existing devices</a><td>This topic describes how Windows Autopilot can be used to convert Windows 7 or Windows 8.1 domain-joined computers to AAD-joined computers running Windows 10.
</table>
### Using Windows Autopilot
<table>
<tr><td><a href="add-devices.md">Registering devices</a><td>The process of registering a device with the Windows Autopilot deployment service is described.
<tr><td><a href="profiles.md">Configuring device profiles</a><td>The device profile settings that specific its behavior when it is deployed are described.
<tr><td><a href="enrollment-status.md">Enrollment status page</a><td>Settings that are available on the Enrollment Status Page are described.
<tr><td><a href="bitlocker.md">BitLocker encryption</a><td> Available options for configuring BitLocker on Windows Autopilot devices are described.
<tr><td><a href="dfci-management.md">DFCI management</a><td> Manage UEFI settings using the Device Firmware Configuration Interface (DFCI) with Windows Autopilot and Intune.
<tr><td><a href="troubleshooting.md">Troubleshooting Windows Autopilot</a><td>Diagnostic event information and troubleshooting procedures are provided.
<tr><td><a href="known-issues.md">Known issues</a><td>A list of current known issues and solutions is provided.
</table>
### Support topics
<table>
<tr><td><a href="autopilot-faq.md">FAQ</a><td>Frequently asked questions on several topics are provided.
<tr><td><a href="autopilot-support.md">Support contacts</a><td>Support information is provided.
<tr><td><a href="registration-auth.md">Registration authorization</a><td>This article discusses how a CSP partner or OEM can obtain customer authorization to register Windows Autopilot devices.
<tr><td><a href="autopilot-mbr.md">Motherboard replacement</a><td>Information about how to deal with Autopilot registration and device repair issues is provided.
</table>
## Related topics
[Windows Autopilot](https://www.microsoft.com/windowsforbusiness/windows-autopilot)

38
windows/deployment/windows-autopilot/index.yml Normal file
View File

@ -0,0 +1,38 @@
### YamlMime:Landing
title: Windows Autopilot deployment resources and documentation # < 60 chars
summary: 'Note: Windows Autopilot documentation has moved! A few additional resources will also be available here. See the links on this page for more information.' # < 160 chars
metadata:
title: Windows Autopilot deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
ms.topic: landing-page # Required
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 08/05/2020 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card
- title: Overview
linkLists:
- linkListType: overview
links:
- text: Overview of Windows Autopilot
url: https://docs.microsoft.com/mem/autopilot/windows-autopilot
# Card
- title: Tutorials
linkLists:
- linkListType: get-started
links:
- text: Demonstrate Windows Autopilot deployment
url: demonstrate-deployment-on-vm.md

89
windows/deployment/windows-autopilot/known-issues.md
View File

@ -1,89 +0,0 @@
---
title: Windows Autopilot known issues
ms.reviewer:
manager: laurawi
description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot - known issues
**Applies to**
- Windows 10
<table>
<th>Issue<th>More information
<tr><td>Blocking apps specified in a user-targeted Enrollment Status Profile are ignored during device ESP.</td>
<td>The services responsible for determining the list of apps that should be blocking during device ESP are not able to determine the correct ESP profile containing the list of apps because they do not know the user identity. As a workaround, enable the default ESP profile (which targets all users and devices) and place the blocking app list there. In the future, it will be possible to instead target the ESP profile to device groups to avoid this issue.</tr>
<tr><td>That username looks like it belongs to another organization. Try signing in again or start over with a different account.</td>
<td>Confirm that all of your information is correct at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot. See <a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/troubleshooting#windows-10-version-1709-and-above">Troubleshooting Windows Auto Pilot </a> for more details.</td></tr>
<tr><td>Windows Autopilot user-driven Hybrid Azure AD deployments do not grant users Administrator rights even when specified in the Windows Autopilot profile.</td>
<td>This will occur when there is another user on the device that already has Administrator rights. For example, a PowerShell script or policy could create an additional local account that is a member of the Administrators group. To ensure this works properly, do not create an additional account until after the Windows Autopilot process has completed.</tr>
<tr><td>Windows Autopilot device provisioning can fail with TPM attestation errors or ESP timeouts on devices where the real-time clock is off by a significant amount of time (e.g. several minutes or more).</td>
<td>To fix this issue: <ol><li>Boot the device to the start of the out-of-box experience (OOBE).
<li>Establish a network connection (wired or wireless).
<li>Run the command <b>w32tm /resync /force</b> to sync the time with the default time server (time.windows.com).</ol>
</tr>
<tr><td>Windows Autopilot for existing devices does not work for Windows 10, version 1903 or 1909; you see screens that you've disabled in your Windows Autopilot profile, such as the Windows 10 License Agreement screen.
<br>&nbsp;<br>
This happens because Windows 10, version 1903 and 1909 deletes the AutopilotConfigurationFile.json file.
<td>To fix this issue: <ol><li>Edit the Configuration Manager task sequence and disable the <b>Prepare Windows for Capture</b> step.
<li>Add a new <b>Run command line</b> step that runs <b>c:\windows\system32\sysprep\sysprep.exe /oobe /reboot</b>.</ol>
<a href="https://oofhours.com/2019/09/19/a-challenge-with-windows-autopilot-for-existing-devices-and-windows-10-1903/">More information</a></tr>
<tr><td>TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them dont, so that validation will be removed).
<td>Download and install the <a href="https://support.microsoft.com/help/4517211/windows-10-update-kb4517211">KB4517211 update</a>.
<tr><td>The following known issues are resolved by installing the August 30, 2019 KB4512941 update (OS Build 18362.329):
- Windows Autopilot for existing devices feature does not properly suppress “Activities” page during OOBE. (Because of this, youll see that extra page during OOBE).
- TPM attestation state is not cleared by sysprep /generalize, causing TPM attestation failure during later OOBE flow. (This isnt a particularly common issue, but you could run into it while testing if you are running sysprep /generalize and then rebooting or reimaging the device to go back through an Autopilot white glove or self-deploying scenario).
- TPM attestation may fail if the device has a valid AIK cert but no EK cert. (This is related to the previous item).
- If TPM attestation fails during the Windows Autopilot white glove process, the landing page appears to be hung. (Basically, the white glove landing page, where you click “Provision” to start the white glove process, isnt reporting errors properly).
- TPM attestation fails on newer Infineon TPMs (firmware version > 7.69). (Prior to this fix, only a specific list of firmware versions was accepted).
- Device naming templates may truncate the computer name at 14 characters instead of 15.
- Assigned Access policies cause a reboot which can interfere with the configuration of single-app kiosk devices.
<td>Download and install the <a href="https://support.microsoft.com/help/4512941">KB4512941 update</a>. <br><br>See the section: <b>How to get this update</b> for information on specific release channels you can use to obtain the update.
<tr><td>The following known issues are resolved by installing the July 26, 2019 KB4505903 update (OS Build 18362.267):
- Windows Autopilot white glove does not work for a non-English OS and you see a red screen that says "Success."
- Windows Autopilot reports an AUTOPILOTUPDATE error during OOBE after sysprep, reset or other variations. This typically happens if you reset the OS or used a custom sysprepped image.
- BitLocker encryption is not correctly configured. Ex: BitLocker didnt get an expected notification after policies were applied to begin encryption.
- You are unable to install UWP apps from the Microsoft Store, causing failures during Windows Autopilot. If you are deploying Company Portal as a blocking app during Windows Autopilot ESP, youve probably seen this error.
- A user is not granted administrator rights in the Windows Autopilot user-driven Hybrid Azure AD join scenario. This is another non-English OS issue.
<td>Download and install the <a href="https://support.microsoft.com/help/4505903">KB4505903 update</a>. <br><br>See the section: <b>How to get this update</b> for information on specific release channels you can use to obtain the update.
<tr><td>Windows Autopilot <a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying">self-deploying mode</a> fails with an error code:
<td><table>
<tr><td>0x800705B4<td>This is a general error indicating a timeout. A common cause of this error in self-deploying mode is that the device is not TPM 2.0 capable (ex: a virtual machine). Devices that are not TPM 2.0 capable cannot be used with self-deploying mode.
<tr><td>0x801c03ea<td>This error indicates that TPM attestation failed, causing a failure to join Azure Active Directory with a device token.
<tr><td>0xc1036501<td>The device cannot do an automatic MDM enrollment because there are multiple MDM configurations in Azure AD. See <a href="https://oofhours.com/2019/10/01/inside-windows-autopilot-self-deploying-mode/">Inside Windows Autopilot self-deploying mode</a>.
</table>
<tr><td>White glove gives a red screen and the <b>Microsoft-Windows-User Device Registration/Admin</b> event log displays <b>HResult error code 0x801C03F3</b><td>This can happen if Azure AD cant find an AAD device object for the device that you are trying to deploy. This will occur if you manually delete the object. To fix it, remove the device from AAD, Intune, and Autopilot, then re-register it with Autopilot, which will recreate the AAD device object.<br>
<br>To obtain troubleshooting logs use: <b>Mdmdiagnosticstool.exe -area Autopilot;TPM -cab c:\autopilot.cab</b>
<tr><td>White glove gives a red screen<td>White glove is not supported on a VM.
<tr><td>Error importing Windows Autopilot devices from a .csv file<td>Ensure that you have not edited the .csv file in Microsoft Excel or an editor other than Notepad. Some of these editors can introduce extra characters causing the file format to be invalid.
<tr><td>Windows Autopilot for existing devices does not follow the Autopilot OOBE experience.<td>Ensure that the JSON profile file is saved in <b>ANSI/ASCII</b> format, not Unicode or UTF-8.
<tr><td><b>Something went wrong</b> is displayed page during OOBE.<td>The client is likely unable to access all the required AAD/MSA-related URLs. For more information, see <a href="windows-autopilot-requirements.md#networking-requirements">Networking requirements</a>.
<tr><td>Using a provisioning package in combination with Windows Autopilot can cause issues, especially if the PPKG contains join, enrollment, or device name information.<td>Using PPKGs in combination with Windows Autopilot is not recommended.
</table>
## Related topics
[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)<br>
[Troubleshooting Windows Autopilot](troubleshooting.md)

45
windows/deployment/windows-autopilot/policy-conflicts.md
View File

@ -1,45 +0,0 @@
---
title: Windows Autopilot policy conflicts
ms.reviewer:
manager: laurawi
description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: mtniehaus
ms.author: mniehaus
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot - Policy Conflicts
**Applies to**
- Windows 10
There are a significant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
<table>
<th>Policy<th>More information
<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/windows/client-management/mdm/devicelock-csp">Password Policy</a></td>
<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings (including any that disable autologon) are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience (OOBE) or user desktop autologon can fail unexpectantly. This is especially true for kiosk scenarios where passwords are automatically generated.</td>
<tr><td width="50%">Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Administrator elevation prompt behavior</a>
<br>Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Require admin approval mode for administrators</a></td>
<td>When modifying user account control (UAC) settings during the OOBE using the device Enrollment Status Page (ESP), additional UAC prompts may result, especially if the device reboots after these policies are applied, enabling them to take effect. To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process.</td>
<tr><td width="50%">Device restrictions / Cloud and Storage / <a href="https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#cloud-and-storage">Microsoft Account sign-in assistant</a></td>
<td>Setting this policy to "disabled" will disable the Microsoft Sign-in Assistant service (wlidsvc). This service is required by Windows Autopilot to obtain the Windows Autopilot profile.</td>
</table>
## Related topics
[Troubleshooting Windows Autopilot](troubleshooting.md)

49
windows/deployment/windows-autopilot/profiles.md
View File

@ -1,49 +0,0 @@
---
title: Configure Autopilot profiles
description: Learn how to configure device profiles while performing a Windows Autopilot deployment.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Configure Autopilot profiles
**Applies to**
- Windows 10
For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices).
## Profile settings
The following profile settings are available:
- **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process.
- **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process.
- **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organizations name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings.
- **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool.
- **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete.
- **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users.
- **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details.
## Related topics
[Profile download](troubleshooting.md#profile-download)
[Registering devices](add-devices.md)

94
windows/deployment/windows-autopilot/registration-auth.md
View File

@ -1,94 +0,0 @@
---
title: Windows Autopilot customer consent
description: Learn how a cloud service provider (CSP) partner or an OEM can get customer authorization to register Windows Autopilot devices on the customers behalf.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot customer consent
**Applies to: Windows 10**
This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customers behalf.
## CSP authorization
CSP partners can get customer authorization to register Windows Autopilot devices on the customers behalf per the following restrictions:
<table>
<tr><td>Direct CSP<td>Gets direct authorization from the customer to register devices.
<tr><td>Indirect CSP Provider<td>Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.
<tr><td>Indirect CSP Reseller<td>Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs.
</table>
### Steps
For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process:
1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so:
- CSP logs into Microsoft Partner Center
- Click **Dashboard** on the top menu
- Click **Customer** on the side menu
- Click the **Request a reseller relationship** link:
![Request a reseller relationship](images/csp1.png)
- Select the checkbox indicating whether or not you want delegated admin rights:
![Delegated rights](images/csp2.png)
- NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Admin Center or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
- Send the template above to the customer via email.
2. Customer with global administrator privileges in Microsoft Admin Center clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following Microsoft 365 admin center page:
![Global admin](images/csp3a.png)
The image above is what the customer will see if they requested delegated admin rights (DAP). Note that the page says what Admin roles are being requested. If the customer did not request delegated admin rights they would see the following page:
![Global admin](images/csp3b.png)
> [!NOTE]
> A user without global admin privileges who clicks the link will see a message similar to the following:
![Not global admin](images/csp4.png)
3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously.
4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSPs MPC account under their **customers** list, for example:
![Customers](images/csp5.png)
## OEM authorization
Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com.
1. OEM emails link to their customer.
2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page:
![Global admin](images/csp6.png)
> [!NOTE]
> A user without global admin privileges who clicks the link will see a message similar to the following:
![Not global admin](images/csp7.png)
3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and theyre done. Authorization happens instantaneously.
> [!NOTE]
> Once this process has completed, it is not currently possible for an administrator to remove an OEM. To remove an OEM or revoke
their permissions, send a request to msoemops@microsoft.com
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
> [!NOTE]
> During the OEM authorization registration process, no delegated admin permissions are granted to the OEM.
## Summary
At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked.

74
windows/deployment/windows-autopilot/self-deploying.md
View File

@ -1,74 +0,0 @@
---
title: Windows Autopilot Self-Deploying mode
description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot Self-Deploying mode
**Applies to: Windows 10, version 1903 or later**
Windows Autopilot self-deploying mode enables a device to be deployed with little to no user interaction. For devices with an Ethernet connection, no user interaction is required; for devices connected via Wi-fi, no interaction is required after making the Wi-fi connection (choosing the language, locale, and keyboard, then making a network connection).
Self-deploying mode joins the device into Azure Active Directory, enrolls the device in Intune (or another MDM service) leveraging Azure AD for automatic MDM enrollment, and ensures that all policies, applications, certificates, and networking profiles are provisioned on the device, leveraging the enrollment status page to prevent access to the desktop until the device is fully provisioned.
>[!NOTE]
>Self-deploying mode does not support Active Directory Join or Hybrid Azure AD Join. All devices will be joined to Azure Active Directory.
Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. When setting up a kiosk, you can leverage the new Kiosk Browser, an app built on Microsoft Edge that can be used to create a tailored, MDM-managed browsing experience. When combined with MDM policies to create a local account and configure it to automatically log on, the complete configuration of the device can be automated. Find out more about these options by reading simplifying kiosk management for IT with Windows 10. See [Set up a kiosk or digital sign in Intune or other MDM service](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-in-intune-or-other-mdm-service) for additional details.
>[!NOTE]
>Self-deploying mode does not presently associate a user with the device (since no user ID or password is specified as part of the process). As a result, some Azure AD and Intune capabilities (such as BitLocker recovery, installation of apps from the Company Portal, or Conditional Access) may not be available to a user that signs into the device. For more information see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md) and [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md).
![The user experience with Windows Autopilot self-deploying mode](images/self-deploy-welcome.png)
## Requirements
Because self-deploying mode uses a devices TPM 2.0 hardware to authenticate the device into an organizations Azure AD tenant, devices without TPM 2.0 cannot be used with this mode. The devices must also support TPM device attestation. (All newly-manufactured Windows devices should meet these requirements.)
>[!IMPORTANT]
>If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported). Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC. See [Windows Autopilot known issues](known-issues.md) to review other known errors and solutions.
In order to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details.
## Step by step
In order to perform a self-deploying mode deployment using Windows Autopilot, the following preparation steps need to be completed:
- Create an Autopilot profile for self-deploying mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. (Note that it is not possible to create a profile in the Microsoft Store for Business or Partner Center for self-deploying mode.)
- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group. Ensure that the profile has been assigned to the device before attempting to deploy that device.
- Boot the device, connecting it to Wi-fi if required, then wait for the provisioning process to complete.
## Validation
When performing a self-deploying mode deployment using Windows Autopilot, the following end-user experience should be observed:
- Once connected to a network, the Autopilot profile will be downloaded.
- If the Autopilot profile has been configured to automatically configure the language, locale, and keyboard layout, these OOBE screens should be skipped as long as Ethernet connectivity is available. Otherwise, manual steps are required:
- If multiple languages are preinstalled in Windows 10, the user must pick a language.
- The user must pick a locale and a keyboard layout, and optionally a second keyboard layout.
- If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
- The device will join Azure Active Directory.
- After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services).
- The [enrollment status page](enrollment-status.md) will be displayed.
- Depending on the device settings deployed, the device will either:
- Remain at the logon screen, where any member of the organization can log on by specifying their Azure AD credentials.
- Automatically sign in as a local account, for devices configured as a kiosk or digital signage.
>[!NOTE]
>Deploying EAS policies using self-deploying mode for kiosk deployments will cause auto-logon functionality to fail.
In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.

164
windows/deployment/windows-autopilot/troubleshooting.md
View File

@ -1,164 +0,0 @@
---
title: Troubleshooting Windows Autopilot
description: Learn how to handle issues as they arise during the Windows Autopilot deployment process.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Troubleshooting Windows Autopilot
**Applies to: Windows 10**
Windows Autopilot is designed to simplify all parts of the Windows device lifecycle, but there are always situations where issues may arise, either due to configuration or other issues. To assist with troubleshooting efforts, review the following information.
## Troubleshooting process
Whether you are performing user-driven or self-deploying device deployments, the troubleshooting process is about the same. It is always useful to understand the flow for a specific device:
- A network connection is established. This can be a wireless (Wi-fi) or wired (Ethernet) connection.
- The Windows Autopilot profile is downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
- User authentication occurs. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
- Azure Active Directory join occurs. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
- Automatic MDM enrollment occurs. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (for example, Microsoft Intune).
- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
For troubleshooting, key activities to perform are:
- Configuration: Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
- Network connectivity: Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
- Autopilot OOBE behavior: Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected?
- Azure AD join issues: Was the device able to join Azure Active Directory?
- MDM enrollment issues: Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
## Troubleshooting Autopilot Device Import
### Clicking Import after selecting CSV does nothing, '400' error appears in network trace with error body **"Cannot convert the literal '[DEVICEHASH]' to the expected type 'Edm.Binary'"**
This error points to the device hash being incorrectly formatted. This could be caused by anything that corrupts the collected hash, but one possibility is that the hash itself (even if it is completely valid) fails to be decoded.
The device hash is Base64. At the device level, it's encoded as unpadded Base64, but Autopilot expects padded Base64. In most cases, it seems the payload lines up to not require padding, so the process works, but sometimes it doesn't line up cleanly and padding is necessary. This is when you get the error above. PowerShell's Base64 decoder also expects padded Base64, so we can use that to validate that the hash is properly padded.
The "A" characters at the end of the hash are effectively empty data - Each character in Base64 is 6 bits, A in Base64 is 6 bits equal to 0. Deleting or adding **A**'s at the end doesn't change the actual payload data.
To fix this, we'll need to modify the hash, then test the new value, until PowerShell succeeds in decoding the hash. The result is mostly illegible, this is fine - we're just looking for it to not throw the error "Invalid length for a Base-64 char array or string".
To test the base64, you can use the following:
```powershell
[System.Text.Encoding]::ascii.getstring( [System.Convert]::FromBase64String("DEVICE HASH"))
```
So, as an example (this is not a device hash, but it's misaligned unpadded Base64 so it's good for testing):
```powershell
[System.Text.Encoding]::ascii.getstring( [System.Convert]::FromBase64String("Q29udG9zbwAAA"))
```
Now for the padding rules. The padding character is "=". The padding character can only be at the end of the hash, and there can only be a maximum of 2 padding characters. Here's the basic logic.
- Does decoding the hash fail?
- Yes: Are the last two characters "="?
- Yes: Replace both "=" with a single "A" character, then try again
- No: Add another "=" character at the end, then try again
- No: That hash is valid
Looping the logic above on the previous example hash, we get the following permutations:
- Q29udG9zbwAAA
- Q29udG9zbwAAA=
- Q29udG9zbwAAA==
- Q29udG9zbwAAAA
- Q29udG9zbwAAAA=
- **Q29udG9zbwAAAA==** (This one has valid padding)
Replace the collected hash with this new padded hash then try to import again.
## Troubleshooting Autopilot OOBE issues
If the expected Autopilot behavior does not occur during the out-of-box experience (OOBE), it is useful to see whether the device received an Autopilot profile and what settings that profile contained. Depending on the Windows 10 release, there are different mechanisms available to do that.
### Windows 10 version 1803 and above
To see details related to the Autopilot profile settings and OOBE flow, Windows 10 version 1803 and above adds event log entries. These can be viewed using Event Viewer, navigating to the log at **Application and Services Logs > Microsoft > Windows > Provisioning-Diagnostics-Provider > Autopilot** for versions before 1903, or **Application and Services Logs > Microsoft > Windows > ModernDeployment-Diagnostics-Provider > Autopilot** for 1903 and above. The following events may be recorded, depending on the scenario and profile configuration.
| Event ID | Type | Description |
|----------|------|-------------|
| 100 | Warning | “Autopilot policy [name] not found.” This is typically a temporary problem, while the device is waiting for an Autopilot profile to be downloaded. |
| 101 | Info | “AutopilotGetPolicyDwordByName succeeded: policy name = [setting name]; policy value [value].” This shows Autopilot retrieving and processing numeric OOBE settings. |
| 103 | Info | “AutopilotGetPolicyStringByName succeeded: policy name = [name]; value = [value].” This shows Autopilot retrieving and processing OOBE setting strings such as the Azure AD tenant name. |
| 109 | Info | “AutopilotGetOobeSettingsOverride succeeded: OOBE setting [setting name]; state = [state].” This shows Autopilot retrieving and processing state-related OOBE settings. |
| 111 | Info | “AutopilotRetrieveSettings succeeded.” This means that the settings stored in the Autopilot profile that control the OOBE behavior have been retrieved successfully. |
| 153 | Info | “AutopilotManager reported the state changed from [original state] to [new state].” Typically this should say “ProfileState_Unknown” to “ProfileState_Available” to show that a profile was available for the device and downloaded, so the device is ready to be deployed using Autopilot. |
| 160 | Info | “AutopilotRetrieveSettings beginning acquisition.” This shows that Autopilot is getting ready to download the needed Autopilot profile settings. |
| 161 | Info | “AutopilotManager retrieve settings succeeded.” The Autopilot profile was successfully downloaded. |
| 163 | Info | “AutopilotManager determined download is not required and the device is already provisioned. Clean or reset the device to change this.” This message indicates that an Autopilot profile is resident on the device; it typically would only be removed by the **Sysprep /Generalize** process. |
| 164 | Info | “AutopilotManager determined Internet is available to attempt policy download.” |
| 171 | Error | “AutopilotManager failed to set TPM identity confirmed. HRESULT=[error code].” This indicates an issue performing TPM attestation, needed to complete the self-deploying mode process. |
| 172 | Error | “AutopilotManager failed to set Autopilot profile as available. HRESULT=[error code].” This is typically related to event ID 171. |
In addition to the event log entries, the registry and ETW trace options described below also work with Windows 10 version 1803 and above.
### Windows 10 version 1709 and above
On Windows 10 version 1709 and above, information about the Autopilot profile settings are stored in the registry on the device after they are received from the Autopilot deployment service. These can be found at **HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\Autopilot**. Available registry entries include:
| Value | Description |
|-------|-------------|
| AadTenantId | The GUID of the Azure AD tenant the user signed into. This should match the tenant that the device was registered with; if it does not match the user will receive an error. |
| CloudAssignedTenantDomain | The Azure AD tenant the device has been registered with, for example, “contosomn.onmicrosoft.com.” If the device is not registered with Autopilot, this value will be blank. |
| CloudAssignedTenantId | The GUID of the Azure AD tenant the device has been registered with (the GUID corresponds to the tenant domain from the CloudAssignedTenantDomain registry value). If the device isnt registered with Autopilot, this value will be blank.|
| IsAutopilotDisabled | If set to 1, this indicates that the device is not registered with Autopilot. This could also indicate that the Autopilot profile could not be downloaded due to network connectivity or firewall issues, or network timeouts. |
| TenantMatched | This will be set to 1 if the tenant ID of the user matches the tenant ID that the device was registered with. If this is 0, the user would be shown an error and forced to start over. |
| CloudAssignedOobeConfig | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
### Windows 10 semi-annual channel supported versions
On devices running a [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel, ETW tracing can be used to capture detailed information from Autopilot and related components. The resulting ETW trace files can then be viewed using the Windows Performance Analyzer or similar tools. See [the advanced troubleshooting blog](https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400/) for more information.
## Troubleshooting Azure AD Join issues
The most common issue joining a device to Azure AD is related to Azure AD permissions. Ensure [the correct configuration is in place](windows-autopilot-requirements.md) to allow users to join devices to Azure AD. Errors can also happen if the user has exceeded the number of devices that they are allowed to join, as configured in Azure AD.
An Azure AD device is created upon import - it's important that this object is not deleted. It acts as Autopilot's anchor in AAD for group membership and targeting (including the profile) and can lead to join errors if it's deleted. Once this object has been deleted, to fix the issue, deleting and reimporting this autopilot hash will be necessary so it can recreate the associated object.
Error code 801C0003 will typically be reported on an error page titled "Something went wrong". This error means that the Azure AD join failed.
## Troubleshooting Intune enrollment issues
See [this knowledge base article](https://support.microsoft.com/help/4089533/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for assistance with Intune enrollment issues. Common issues include incorrect or missing licenses assigned to the user or too many devices enrolled for the user.
Error code 80180018 will typically be reported on an error page titled "Something went wrong". This error means that the MDM enrollment failed.
If Autopilot Reset fails immediately with an error **Ran into trouble. Please sign in with an administrator account to see why and reset manually**, see [Troubleshoot Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset#troubleshoot-autopilot-reset) for more help.
## Profile download
When an Internet-connected Windows 10 device boots up, it will attempt to connect to the Autopilot service and download an Autopilot profile. Note: It is important that a profile exists at this stage so that a blank profile is not cached locally on the PC. To remove the currently cached local profile in Windows 10 version 1803 and earlier, it is necessary to re-generalize the OS using **sysprep /generalize /oobe**, reinstall the OS, or re-image the PC. In Windows 10 version 1809 and later, you can retrieve a new profile by rebooting the PC.
When a profile is downloaded depends upon the version of Windows 10 that is running on the PC. See the following table.
| Windows 10 version | Profile download behavior |
| --- | --- |
| 1709 | The profile is downloaded after the OOBE network connection page. This page is not displayed when using a wired connection. In this case, the profile is downloaded just prior to the EULA screen. |
| 1803 | The profile is downloaded as soon as possible. If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
If you need to reboot a computer during OOBE:
- Press Shift-F10 to open a command prompt.
- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.
For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options).
## Related topics
[Windows Autopilot - known issues](known-issues.md)<br>
[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)<br>

148
windows/deployment/windows-autopilot/user-driven.md
View File

@ -1,148 +0,0 @@
---
title: Windows Autopilot User-Driven Mode
description: Windows Autopilot user-driven mode allows devices to be deployed to a ready-to-use state without requiring help from IT personnel.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot user-driven mode
Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device. The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
- Unbox the device, plug it in, and turn it on.
- Choose a language (only required when multiple languages are installed), locale and keyboard.
- Connect it to a wireless or wired network with internet access. If using wireless, the user must establish the Wi-Fi link.
- Specify your e-mail address and password for your organization account.
After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization. Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices. See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options.
From a process flow perspective, the tasks performed during the user-driven process are as follows:
- Once connected to a network, the device will download a Windows Autopilot profile specifying the settings that should be used (e.g. the prompts during OOBE that should be suppressed).
- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
- The user will be prompted for Azure Active Directory credentials, with a customized user experience showing the Azure AD tenant name, logo, and sign-in text.
- The device will join Azure Active Directory or Active Directory, based on the Windows Autopilot profile settings.
- The device will enroll in Intune (or other configured MDM services). (This occurs as part of the Azure Active Directory join process via MDM auto-enrollment, or before the Active Directory join process, as needed.)
- If configured, the [enrollment status page](enrollment-status.md) (ESP) will be displayed.
- Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided. (Note that if the device reboots during the device ESP process, the user will need to re-enter their credentials as these are not persisted across reboots.)
- Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
If any issues are encountered during this process, see the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
For more information on the available join options, see the following sections:
- [Azure Active Directory join](#user-driven-mode-for-azure-active-directory-join) is available if devices do not need to be joined to an on-prem Active Directory domain.
- [Hybrid Azure Active Directory join](#user-driven-mode-for-hybrid-azure-active-directory-join) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
- [Hybrid Azure Active Directory join with VPN support](#user-driven-mode-for-hybrid-azure-active-directory-join-with-vpn-support) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain, but are not connected to the corporate network and must use VPN connectivity.
## User-driven mode for Azure Active Directory join
In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
- Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory. See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
- Create an Autopilot profile for user-driven mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
For each device that will be deployed using user-driven deployment, these additional steps are needed:
- Ensure that the device has been added to Windows Autopilot. This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later. See [Adding devices to Windows Autopilot](add-devices.md) for more information.
- Ensure an Autopilot profile has been assigned to the device:
- If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
- If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
- If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
## User-driven mode for hybrid Azure Active Directory join
Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid-joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).
### Requirements
To perform a user-driven hybrid Azure AD joined deployment using Windows Autopilot:
- A Windows Autopilot profile for user-driven mode must be created and
- **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
- If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
- The device must be running Windows 10, version 1809 or later.
- The device must be able to access an Active Directory domain controller, so it must be connected to the organization's network (where it can resolve the DNS records for the AD domain and the AD domain controller, and communicate with the domain controller to authenticate the user).
- The device must be able to access the Internet, following the [documented Windows Autopilot network requirements](windows-autopilot-requirements.md).
- The Intune Connector for Active Directory must be installed.
- Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf.
- If using Proxy, WPAD Proxy settings option must be enabled and configured.
The hybrid Azure AD join process uses the system context to register the device to Azure AD, therefore it is not affected by user based Azure AD join permission settings.
## User-driven mode for hybrid Azure Active Directory join with VPN support
Devices that are joined to Active Directory require connectivity to an Active Directory domain controller for a variety of activities, such as user sign-in (validating the user's credentials) and Group Policy application. As a result, the Windows Autopilot user-driven Hybrid Azure AD Join process would validate that the device is able to contact an Active Directory domain controller by pinging that domain controller.
With the additional of VPN support for this scenario, it is now possible for you to specify to skip that connectivity check during the Hybrid Azure AD Join. This does not eliminate the need for communicating with an Active Directory domain controller, but rather enables the device to be first prepared with a needed VPN configuration delivered via Intune prior to the user attempting to sign into Windows, allowing connectivity to the organization's network.
### Requirements
The following additional requirements apply for Hybrid Azure AD Join with VPN support:
- A supported version of Windows 10:
- Windows 10 1903 + December 10th Cumulative update (KB4530684, OS build 18362.535) or higher
- Windows 10 1909 + December 10th Cumulative update (KB4530684, OS build 18363.535) or higher
- Windows 10 2004 or later
- Enable the new “Skip domain connectivity check” toggle in the Hybrid Azure AD Join Autopilot profile.
- A VPN configuration that can be deployed via Intune that enables the user to manually establish a VPN connection from the Windows logon screen, or one that automatically establishes a VPN connection as needed.
The specific VPN configuration required depends on the VPN software and authentication being used. For third-party (non-Microsoft) VPN solutions, this typically would involve deploying a Win32 app (containing the VPN client software itself as well as any specific connection information, e.g. VPN endpoint host names) via Intune Management Extensions. Consult your VPN provider's documentation for configuration details specific to that provider.
> [!NOTE]
> The VPN requirements are not specific to Windows Autopilot. For example, if you have already implemented a VPN configuration to enable remote password resets, where a user needs to log on to Windows with a new password when not on the organization's network, that same configuration can be used with Windows Autopilot. Once the user has signed in to cache their credentials, subsequent log-on attempts do not need connectivity since the cached credentials can be used.
In cases where certificate authentication is required by the VPN software, the needed machine certificate should also be deployed via Intune. This can be done using the Intune certificate enrollment capabilities, targeting the certificate profiles to the device.
Note that user certificates are not supported because these certificates cannot be deployed until the user logs in. Also, third-party UWP VPN plug-ins delivered from the Windows Store are also not supported because these are not installed until after the user signs in.
### Validation
Before attempting a hybrid Azure AD Join using VPN, it is important to first confirm that a user-driven Hybrid Azure AD Join process can be performed on the organization's network, before adding in the additional requirements described below. This simplifies troubleshooting by making sure the core process works fine before adding the additional VPN configuration required.
Next, validate that the VPN configuration (Win32 app, certs, and any other requirements) can be deployed via Intune to an existing device that has already been hybrid Azure AD joined. For example, some VPN clients create a per-machine VPN connection as part of the installation process, so you can validate the configuration using steps such as these:
- From PowerShell, verify that at least one per-machine VPN connection has been created using the "Get-VpnConnection -AllUserConnection" command.
- Attempt to manually start the VPN connection using the command: RASDIAL.EXE "ConnectionName"
- Log out and verify that the "VPN connection" icon can be seen on the Windows logon page.
- Move the device off the corporate network and attempt to establish the connection using the icon on the Windows logon page, signing into an account that does not have cached credentials.
For VPN configurations that automatically connect, the validation steps may be different.
> [!NOTE]
> Always On VPN can be used for this scenario. See the [Deploy Always On VPN](https://docs.microsoft.com/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-deployment) documentation for more information. Note that Intune cannot yet deploy the needed per-machine VPN profile.
To validate the end-to-end process, ensure the needed Windows 10 cumulative update has been installed on Windows 10 1903 or Windows 10 1909. This can be done manually during OOBE by first downloading the latest cumulative from https://catalog.update.microsoft.com and then manually installing it:
- Press Shift-F10 to open a command prompt.
- Insert a USB key containing the downloaded update.
- Install the update using the command (substituting the real file name): WUSA.EXE <filename>.msu /quiet
- Reboot the computer using the command: shutdown.exe /r /t 0
Alternatively, you can invoke Windows Update to install the latest updates through this process:
- Press Shift-F10 to open a command prompt.
- Run the command "start ms-settings:"
- Navigate to the "Update & Security" node and check for updates.
- Reboot after the updates are installed.
## Step by step instructions
See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).

120
windows/deployment/windows-autopilot/white-glove.md
View File

@ -1,120 +0,0 @@
---
title: Windows Autopilot for white glove deployment
description: Windows Autopilot for white glove deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, pre-provisioning
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
audience: itproF
author: greg-lindsay
manager: laurawi
ms.audience: itpro
author: greg-lindsay
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot for white glove deployment
**Applies to: Windows 10, version 1903**
Windows Autopilot enables organizations to easily provision new devices - leveraging the preinstalled OEM image and drivers with a simple process that can be performed by the end user to help get their device business-ready.
![OEM](images/wg01.png)
Windows Autopilot can also provide a <I>white glove</I> service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end users perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster.
With **Windows Autopilot for white glove deployment**, the provisioning process is split. The time-consuming portions are performed by IT, partners, or OEMs. The end user simply completes a few necessary settings and polices and then they can begin using their device.
![OEM](images/wg02.png)
Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven mode for Azure Active Directory Join, and user-driven mode for Hybrid Azure Active Directory join scenarios.
## Prerequisites
In addition to [Windows Autopilot requirements](windows-autopilot-requirements.md), Windows Autopilot for white glove deployment adds the following:
- Windows 10, version 1903 or later is required.
- An Intune subscription.
- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements.
- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device.
>[!IMPORTANT]
>Because the OEM or vendor performs the white glove process, this <u>doesnt require access to an end-user's on-prem domain infrastructure</u>. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user.
## Preparation
Devices slated for white glove provisioning are registered for Autopilot via the normal registration process.
To be ready to try out Windows Autopilot for white glove deployment, ensure that you can first successfully use existing Windows Autopilot user-driven scenarios:
- User-driven Azure AD join. Devices can be deployed using Windows Autopilot and joined to an Azure Active Directory tenant.
- User-driven with Hybrid Azure AD join. Devices can be deployed using Windows Autopilot and joined to an on-premises Active Directory domain, then registered with Azure Active Directory to enable the Hybrid Azure AD join features.
If these scenarios cannot be completed, Windows Autopilot for white glove deployment will also not succeed since it builds on top of these scenarios.
To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility:
![allow white glove](images/allow-white-glove-oobe.png)
The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. Please make sure not to target both win32 and LOB apps to the same device, as this can make troubleshooting difficult if there are app installation failures. For more information, see [Add a Windows line-of-business app to Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/lob-apps-windows).
> [!NOTE]
> Select the language mode as the user specified in Autopilot profiles to ensure easy access into white glove provisioning mode.
> The white glove technician phase will install all device-targeted apps as well as any user-targeted, device-context apps that are targeted to the assigned user. If there is no assigned user, then it will only install the device-targeted apps. Other user-targeted policies will not apply until the user signs into the device. To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users.
## Scenarios
Windows Autopilot for white glove deployment supports two distinct scenarios:
- User-driven deployments with Azure AD Join. The device will be joined to an Azure AD tenant.
- User-driven deployments with Hybrid Azure AD Join. The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD.
Each of these scenarios consists of two parts, a technician flow and a user flow. At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps.
### Technician flow
After the customer or IT Admin has targeted all the apps and settings they want for their devices through Intune, the white glove technician can begin the white glove process. The technician could be a member of the IT staff, a services partner, or an OEM each organization can decide who should perform these activities. Regardless of the scenario, the process to be performed by the technician is the same:
- Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later).
- From the first OOBE screen (which could be a language selection or locale selection screen), do not click **Next**. Instead, press the Windows key five times to view an additional options dialog. From that screen, choose the **Windows Autopilot provisioning** option and then click **Continue**.
![choice](images/choice.png)
- On the **Windows Autopilot Configuration** screen, information will be displayed about the device:
- The Autopilot profile assigned to the device.
- The organization name for the device.
- The user assigned to the device (if there is one).
- A QR code containing a unique identifier for the device, useful to look up the device in Intune to make any configuration changes needed (e.g. assigning a user, adding the device to any additional groups needed for app or policy targeting).
- **Note**: The QR codes can be scanned using a companion app, which will also configure the device to specify who it belongs to. An [open-source sample of the companion app](https://github.com/Microsoft/WindowsAutopilotCompanion) that integrates with Intune via the Graph API has been published to GitHub by the Autopilot team.
- Validate the information displayed. If any changes are needed, make these and then click **Refresh** to re-download the updated Autopilot profile details.
![landing](images/landing.png)
- Click **Provision** to begin the provisioning process.
If the pre-provisioning process completes successfully:
- A green status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
![white-glove-result](images/white-glove-result.png)
- Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user.
>[!NOTE]
>Technician Flow inherits behavior from [Self-Deploying Mode](self-deploying.md). Per the Self-Deploying Mode documentation, it leverages the Enrollment Status Page to hold the device in a provisioning state and prevent the user from proceeding to the desktop after enrollment but before software and configuration is done applying. As such, if Enrollment Status Page is disabled, the reseal button may appear before software and configuration is done applying letting you proceed to the user flow before technician flow provisioning is complete. The green screen validates that enrollment was successful, not that the technician flow is necessarily complete.
If the pre-provisioning process fails:
- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.
### User flow
If the pre-provisioning process completed successfully and the device was resealed, it can be delivered to the end user to complete the normal Windows Autopilot user-driven process. They will perform a standard set of steps:
- Power on the device.
- Select the appropriate language, locale, and keyboard layout.
- Connect to a network (if using Wi-Fi). Internet access is always required. If using Hybrid Azure AD Join, there must also be connectivity to a domain controller.
- On the branded sign-on screen, enter the users Azure Active Directory credentials.
- If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the users Active Directory credentials.
- Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP). Once complete, the user will be able to access the desktop.
## Related topics
[White glove video](https://youtu.be/nE5XSOBV0rI)

145
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -1,145 +0,0 @@
---
title: Windows Autopilot requirements
ms.reviewer:
manager: laurawi
description: See the requirements you need to run Windows Autopilot in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, Autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
ms.custom:
- CI 116757
- CSSTroubleshooting
---
# Windows Autopilot requirements
**Applies to: Windows 10**
Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met.
> [!NOTE]
> For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsAutopilot).
## Software requirements
- A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 Semi-Annual Channel is required. Windows 10 Enterprise 2019 long-term servicing channel (LTSC) is also supported.
- The following editions are supported:
- Windows 10 Pro
- Windows 10 Pro Education
- Windows 10 Pro for Workstations
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Enterprise 2019 LTSC
>[!NOTE]
>Procedures for deploying Windows Autopilot might refer to specific products and versions. The inclusion of these products in this content doesn't imply an extension of support for a version that is beyond its support lifecycle. Windows Autopilot does not support products that are beyond their support lifecycle. For more information, see [Microsoft Lifecycle Policy](https://go.microsoft.com/fwlink/p/?LinkId=208270).
## Networking requirements
Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
- Ensure DNS name resolution for internet DNS names.
- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP).
In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to allow access to the required services.
> [!NOTE]
> Smart card and certificate based authentication is not supported during OOBE. For more information, see [Smartcards and certificate-based authentication](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan#smartcards-and-certificate-based-authentication).
For additional details about each of these services and their specific requirements, review the following details:
<table><th>Service<th>Information
<tr><td><b>Windows Autopilot Deployment Service<b><td>After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com. <br>
<tr><td><b>Windows Activation<b><td>Windows Autopilot also requires Windows Activation services. See <a href="https://support.microsoft.com/help/921471/windows-activation-or-validation-fails-with-error-code-0x8004fe33">Windows activation or validation fails with error code 0x8004FE33</a> for details about the URLs that need to be accessible for the activation services.<br>
<tr><td><b>Azure Active Directory<b><td>User credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See <a href="https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service">Office 365 IP Address and URL Web service</a> for more information.
<tr><td><b>Intune<b><td>Once authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: <a href="https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements">Intune network configuration requirements and bandwidth</a>.
<tr><td><b>Windows Update<b><td>During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see <a href="https://support.microsoft.com/help/818018/how-to-solve-connection-problems-concerning-windows-update-or-microsof">How to solve connection problems concerning Windows Update or Microsoft Update</a>.<br>
If Windows Update is inaccessible, the Autopilot process will still continue but critical updates will not be available.
<tr><td><b>Delivery Optimization<b><td>When downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the <a href="https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization">Delivery Optimization</a> service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.<br>
If the Delivery Optimization Service is inaccessible, the Autopilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer).
<tr><td><b>Network Time Protocol (NTP) Sync<b><td>When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible.
<tr><td><b>Domain Name Services (DNS)<b><td>To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names.
<tr><td><b>Diagnostics data<b><td>Starting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see <a href="https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#manage-enterprise-diagnostic-data-level">Manage enterprise diagnostic data level</a>.<br>
If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work.
<tr><td><b>Network Connection Status Indicator (NCSI)<b><td>Windows must be able to tell that the device is able to access the internet. For more information, see <a href="https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#14-network-connection-status-indicator">Network Connection Status Indicator (NCSI)</a>.
<a href="http://www.msftconnecttest.com">www.msftconnecttest.com</a> must be resolvable via DNS and accessible via HTTP.
<tr><td><b>Windows Notification Services (WNS)<b><td>This service is used to enable Windows to receive notifications from apps and services. See <a href="https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store</a> for more information.<br>
If the WNS services are not available, the Autopilot process will still continue without notifications.
<tr><td><b>Microsoft Store, Microsoft Store for Business<b><td>Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see <a href="https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business">Prerequisites for Microsoft Store for Business and Education</a> (also includes Azure AD and Windows Notification Services).<br>
If the Microsoft Store is not accessible, the Autopilot process will still continue without Microsoft Store apps.
<tr><td><b>Office 365<b><td>As part of the Intune device configuration, installation of Microsoft 365 Apps for enterprise may be required. For more information, see <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2">Office 365 URLs and IP address ranges</a> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
<tr><td><b>Certificate revocation lists (CRLs)<b><td>Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_crl">Office 365 URLs and IP address ranges</a> and <a href="https://aka.ms/o365chains">Office 365 Certificate Chains</a>.
<tr><td><b>Hybrid AAD join<b><td>The device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at <a href="https://docs.microsoft.com/windows/deployment/windows-Autopilot/user-driven-hybrid">Windows Autopilot user-driven mode</a>
<tr><td><b>Autopilot Self-Deploying mode and Autopilot White Glove<b><td>Firmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips (including devices from any other manufacturer) come with these certificates preinstalled. See <a href="https://docs.microsoft.com/windows/security/information-protection/tpm/tpm-recommendations">TPM recommendations</a> for more details. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested:
<br>Intel- https://ekop.intel.com/ekcertservice
<br>Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1
<br>AMD- https://ftpm.amd.com/pki/aia
</table>
## Licensing requirements
Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs.
To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
- [Microsoft 365 Business Premium subscription](https://www.microsoft.com/microsoft-365/business).
- [Microsoft 365 F1 or F3 subscription](https://www.microsoft.com/microsoft-365/enterprise/firstline).
- [Microsoft 365 Academic A1, A3, or A5 subscription](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx).
- [Microsoft 365 Enterprise E3 or E5 subscription](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
- [Enterprise Mobility + Security E3 or E5 subscription](https://www.microsoft.com/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
- [Intune for Education subscription](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/cloud-platform/microsoft-intune) (or an alternative MDM service).
> [!NOTE]
> Even when using Microsoft 365 subscriptions, you still need to [assign Intune licenses to the users](https://docs.microsoft.com/intune/fundamentals/licenses-assign).
Additionally, the following are also recommended (but not required):
- [Microsoft 365 Apps for enterprise](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise.
## Configuration requirements
Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios.
- Configure Azure Active Directory automatic enrollment. For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details. If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services.
- Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties).
- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise.
Specific scenarios will then have additional requirements. Generally, there are two specific tasks:
- Device registration. Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios. See [Adding devices to Windows Autopilot](add-devices.md) for more details.
- Profile configuration. Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device. See [Configure Autopilot profiles](profiles.md) for details. Note that Microsoft Intune can automate this profile assignment; see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-Autopilot#create-an-Autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-Autopilot#assign-an-Autopilot-deployment-profile-to-a-device-group) for more information.
See [Windows Autopilot Scenarios](windows-Autopilot-scenarios.md) for additional details.
For a walkthrough for some of these and related steps, see this video:
</br>
<iframe width="560" height="315" src="https://www.youtube.com/embed/KYVptkpsOqs" frameborder="0" allow="accelerometer; autoplay; encrypted-media" gyroscope; picture-in-picture" allowfullscreen></iframe>
There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications).
## Related topics
[Configure Autopilot deployment](https://docs.microsoft.com/windows/deployment/windows-Autopilot/)

138
windows/deployment/windows-autopilot/windows-autopilot-reset.md
View File

@ -1,138 +0,0 @@
---
title: Windows Autopilot Reset
description: Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and easily.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot Reset
- Applies to: Windows 10, version 1709 and later (local reset)
- Applies to: Windows 10, version 1809 and later (remote reset)
Windows Autopilot Reset removes personal files, apps, and settings and reapplies a devices original settings, maintaining its identity connection to Azure AD and its management connection to Intune so that the device is once again ready for use. Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply.
The Windows Autopilot Reset process automatically retains information from the existing device:
- Set the region, language, and keyboard to the originally-configured values.
- Wi-Fi connection details.
- Provisioning packages previously applied to the device, as well as a provisioning package present on a USB drive when the reset process is initiated.
- Azure Active Directory device membership and MDM enrollment information.
Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages. For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.
When Autopilot reset is used on a device, the device's primary user will be removed. The next user who signs in after the reset will be set as the primary user.
>[!NOTE]
>The Autopilot Reset does not support Hybrid Azure AD joined devices.
## Scenarios
Windows Autopilot Reset supports two scenarios:
- [Local reset](#reset-devices-with-local-windows-autopilot-reset) initiated by IT personnel or other administrators from the organization.
- [Remote reset](#reset-devices-with-remote-windows-autopilot-reset) initiated remotely by IT personnel via an MDM service such as Microsoft Intune.
Additional requirements and configuration details apply with each scenario; see the detailed links above for more information.
## Reset devices with local Windows Autopilot Reset
**Applies to: Windows 10, version 1709 and above**
The Intune Service Administrator role is required to perform this task. For more information, see [Add users and grant administrative permission to Intune](https://docs.microsoft.com/intune/users-add).
IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
To enable local Autopilot Reset in Windows 10:
1. [Enable the policy for the feature](#enable-local-windows-autopilot-reset)
2. [Trigger a reset for each device](#trigger-local-windows-autopilot-reset)
### Enable local Windows Autopilot Reset
To enable a local Windows Autopilot Reset, the **DisableAutomaticReDeploymentCredentials** policy must be configured. This policy is documented in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, local Windows Autopilot is disabled. This ensures that a local Autopilot Reset is not triggered by accident.
You can set the policy using one of these methods:
- MDM provider
- When using Intune, you can create a new device configuration profile, specifying "Windows 10 or later" for the platform, "Device restrictions" for the profile type, and "General" for the settings category. The **Automatic Redeployment** setting should be set to **Allow**. Deploy this setting to all devices where a local reset should be permitted.
- If you're using an MDM provider other than Intune, check your MDM provider documentation on how to set this policy.
- Windows Configuration Designer
You can [use Windows Configuration Designer](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting to 0 and then create a provisioning package.
- Set up School PCs app
The latest release of the Set up School PCs app supports enabling local Windows Autopilot Reset.
### Trigger local Windows Autopilot Reset
Performing a local Windows Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it is done, the device is again ready for use.
**To trigger a local Autopilot Reset**
1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**.
![Enter CTRL+Windows key+R on the Windows lock screen](images/autopilot-reset-lockscreen.png)
This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes:
1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset
2. Notify the user in case a provisioning package, created using Windows Configuration Designer, will be used as part of the process.
![Custom login screen for local Autopilot Reset](images/autopilot-reset-customlogin.png)
2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger the local Autopilot Reset.
Once the local Autopilot Reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
## Reset devices with remote Windows Autopilot Reset
**Applies to: Windows 10, version 1809 or later**
When performing a remote Windows Autopilot Reset, an MDM service such an Microsoft Intune can be used to initiate the reset process, avoiding the need for IT staff or other administrators to visit each machine to initiate the process.
To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed and joined to Azure AD. This feature is not supported on devices that were enrolled using [Autopilot self deploying mode](self-deploying.md).
### Triggering a remote Windows Autopilot Reset
To trigger a remote Windows Autopilot Reset via Intune, follow these steps:
- Navigate to **Devices** tab in the Intune console.
- In the **All devices** view, select the targeted reset devices and then click **More** to view device actions.
- Select **Autopilot Reset** to kick-off the reset task.
>[!NOTE]
>The Autopilot Reset option will only be enabled in Microsoft Intune for devices running Windows 10 build 17672 or higher.
>[!IMPORTANT]
>The feature for Autopilot Reset will stay grayed out, **unless** you reset the device using Autopilot (either using Fresh Reset or manually sysprep the device).
Once the reset is complete, the device is again ready for use.
## Troubleshooting
Windows Autopilot Reset requires that the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is correctly configured and enabled on the device. If it is not configured and enabled, an error such as `Error code: ERROR_NOT_SUPPORTED (0x80070032)` will be reported.
To make sure WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
```
reagentc /enable
```
If Windows Autopilot Reset fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.

76
windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
View File

@ -1,76 +0,0 @@
---
title: Windows Autopilot scenarios and capabilities
description: Follow along with several typical Windows Autopilot deployment scenarios, such as re-deploying a device in a business-ready state.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot scenarios and capabilities
**Applies to: Windows 10**
## Scenarios
Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management).
The following Windows Autopilot scenarios are described in this guide:
| Scenario | More information |
| --- | --- |
| Deploy devices that will be set up by a member of the organization and configured for that person | [Windows Autopilot user-driven mode](user-driven.md) |
| Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.| [Windows Autopilot self-deploying mode](self-deploying.md) |
| Re-deploy a device in a business-ready state.| [Windows Autopilot Reset](windows-autopilot-reset.md) |
| Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) |
| Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) |
These scenarios are summarized in the following video.
&nbsp;
> [!video https://www.microsoft.com/videoplayer/embed/RE4Ci1b?autoplay=false]
## Windows Autopilot capabilities
### Windows Autopilot is self-updating during OOBE
Starting with the Windows 10, version 1903, Autopilot functional and critical updates will begin downloading automatically during OOBE after a device gets connected to a network and the [critical driver and Windows zero-day patch (ZDP) updates](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) have completed. The user or IT admin cannot opt-out of these Autopilot updates; they are required for Windows Autopilot deployment to operate properly. Windows will alert the user that the device is checking for, downloading and installing the updates.
See [Windows Autopilot update](autopilot-update.md) for more information.
### Cortana voiceover and speech recognition during OOBE
In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
If desired, you can enable Cortana voiceover and speech recognition during OOBE by creating the following registry key. This key does not exist by default.
HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\EnableVoiceForAllEditions
The key value is a DWORD with **0** = disabled and **1** = enabled.
| Value | Description |
| --- | --- |
| 0 | Cortana voiceover is disabled |
| 1 | Cortana voiceover is enabled |
| No value | Device will fall back to default behavior of the edition |
To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
### Bitlocker encryption
With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md)
## Related topics
[Windows Autopilot: What's new](windows-autopilot-whats-new.md)

64
windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
View File

@ -1,64 +0,0 @@
---
title: Windows Autopilot what's new
ms.reviewer:
manager: laurawi
description: Read news and resources about the latest updates and past versions of Windows Autopilot.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot: What's new
**Applies to**
- Windows 10
## Windows Autopilot update history
The following [Windows Autopilot updates](autopilot-update.md) are available. **Note**: Updates are automatically downloaded and applied during the Windows Autopilot deployment process.
No updates are available yet. Check back here later for more information.
## New in Windows 10, version 2004
With this release, you can configure Windows Autopilot [user-driven](user-driven.md) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, this was only supported with self-deploying profiles.
## New in Windows 10, version 1903
[Windows Autopilot for white glove deployment](white-glove.md) is new in Windows 10, version 1903. See the following video:
<br>
> [!VIDEO https://www.youtube.com/embed/nE5XSOBV0rI]
Also new in this version of Windows:
- The Intune enrollment status page (ESP) now tracks Intune Management Extensions.
- [Cortana voiceover and speech recognition during OOBE](windows-autopilot-scenarios.md#cortana-voiceover-and-speech-recognition-during-oobe) is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
- [Windows Autopilot is self-updating during OOBE](windows-autopilot-scenarios.md#windows-autopilot-is-self-updating-during-oobe). Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
- Windows Autopilot will set the diagnostics data level to Full on Windows 10 version 1903 and later during OOBE.
## New in Windows 10, version 1809
Windows Autopilot [self-deploying mode](self-deploying.md) enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured by Windows Autopilot. This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process.
You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organizations MDM provider, and provision policies and applications, all with no user authentication or user interaction required.
>[!NOTE]
>Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809.
## Related topics
[What's new in Microsoft Intune](https://docs.microsoft.com/intune/whats-new)<br>
[What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/)

62
windows/deployment/windows-autopilot/windows-autopilot.md
View File

@ -1,62 +0,0 @@
---
title: Overview of Windows Autopilot
description: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.reviewer: mniehaus
manager: laurawi
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Overview of Windows Autopilot
**Applies to**
- Windows 10
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following video and diagram:
&nbsp;
> [!video https://www.microsoft.com/videoplayer/embed/RE4C7G9?autoplay=false]
![Process overview](images/image1.png)
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, Microsoft Endpoint Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
Windows Autopilot enables you to:
* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription for configuration*](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Windows-10-Azure-AD-and-Microsoft-Intune-Automatic-MDM/ba-p/244067)).
* Restrict the Administrator account creation.
* Create and auto-assign devices to configuration groups based on a device's profile.
* Customize OOBE content specific to the organization.
## Benefits of Windows Autopilot
Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach.
From the user's perspective, it only takes a few simple operations to make their device ready to use.
From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
## Requirements
A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel is required to use Windows Autopilot. Windows 10 Enterprise LTSC 2019 is also supported. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
## Related topics
[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot)<br>
[Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md)

1
windows/hub/windows-10.yml
View File

@ -3,7 +3,6 @@
documentType: LandingData
title: Windows 10
metadata:
document_id:
title: Windows 10
description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization.
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories

29
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -934,25 +934,24 @@ To turn off **Location for this device**:
-or-
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location** and set the **Select a setting** box to **Force Deny**.
-or-
- Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
To turn off **Location**:
- Turn off the feature in the UI.
-or-
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
-or-
- Create a REG_DWORD registry setting named **DisableLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one).
To turn off **Allow apps to access your location**:
- Turn off the feature in the UI.
-or-
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location** and set the **Select a setting** box to **Force Deny**.
-or-
- Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
To turn off **Location history**:
@ -1623,6 +1622,10 @@ You can stop sending file samples back to Microsoft.
You can stop downloading **Definition Updates**:
> [!NOTE]
> The Group Policy path for 1809 and earlier builds is **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Defender Antivirus** &gt; **Signature Updates**
- **Enable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Defender Antivirus** &gt; **Security Intelligence Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
-and-

2
windows/privacy/windows-10-and-privacy-compliance.md
View File

@ -88,7 +88,7 @@ The following table provides an overview of the privacy settings discussed earli
| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md##manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop editions:<br />Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Required diagnostic data | Security and block endpoints |
| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop editions:<br />Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Required diagnostic data | Security and block endpoints |
| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off |
| Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off |
| Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off |

36
windows/release-information/TOC.md
View File

@ -1,36 +0,0 @@
# [Windows 10 release information](index.md)
# [Message center](windows-message-center.yml)
# Version 1909
## [Known issues and notifications](status-windows-10-1909.yml)
## [Resolved issues](resolved-issues-windows-10-1909.yml)
# Version 1903
## [Known issues and notifications](status-windows-10-1903.yml)
## [Resolved issues](resolved-issues-windows-10-1903.yml)
# Version 1809 and Windows Server 2019
## [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
## [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
# Version 1803
## [Known issues and notifications](status-windows-10-1803.yml)
## [Resolved issues](resolved-issues-windows-10-1803.yml)
# Version 1709
## [Known issues and notifications](status-windows-10-1709.yml)
## [Resolved issues](resolved-issues-windows-10-1709.yml)
# Version 1607 and Windows Server 2016
## [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
## [Resolved issues](resolved-issues-windows-10-1607.yml)
# Version 1507
## [Known issues and notifications](status-windows-10-1507.yml)
## [Resolved issues](resolved-issues-windows-10-1507.yml)
# Previous versions
## Windows 8.1 and Windows Server 2012 R2
### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
### [Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
## Windows Server 2012
### [Known issues and notifications](status-windows-server-2012.yml)
### [Resolved issues](resolved-issues-windows-server-2012.yml)
## Windows 7 and Windows Server 2008 R2
### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
### [Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
## Windows Server 2008 SP2
### [Known issues and notifications](status-windows-server-2008-sp2.yml)
### [Resolved issues](resolved-issues-windows-server-2008-sp2.yml)

11
windows/release-information/breadcrumb/toc.yml
View File

@ -1,11 +0,0 @@
- name: Docs
tocHref: /
topicHref: /
items:
- name: Windows
tocHref: /windows
topicHref: /windows/windows-10
items:
- name: Release information
tocHref: /windows/release-information/
topicHref: /windows/release-information/index

30
windows/release-information/index.md
View File

@ -1,30 +0,0 @@
---
title: Windows 10 - release information
description: Learn release information for Windows 10 releases
keywords: ["Windows 10", "Windows 10 October 2018 Update"]
ms.prod: w10
layout: LandingPage
ms.topic: landing-page
ms.mktglfcycl: deploy
ms.sitesec: library
author: lizap
ms.author: elizapo
ms.localizationpriority: high
---
# Windows 10 release information
Feature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel. They will be serviced with monthly quality updates for 18 or 30 months from the date of the release, depending on the lifecycle policy.
We recommend that you begin deployment of each Semi-Annual Channel release immediately as a targeted deployment to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
> [!NOTE]
> Beginning with Windows 10, version 1903, you will find a [single entry for each SAC release](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
<div class="m-rich-content-block" data-grid="col-12">
<div id="winrelinfo" xmlns="http://www.w3.org/1999/xhtml"><iframe width="100%" height="866px" id="winrelinfo_iframe" src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto"></iframe></div>
<script src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/iframe.js" xmlns="http://www.w3.org/1999/xhtml"></script>
<script xmlns="http://www.w3.org/1999/xhtml">/*<![CDATA[*/winrelinfo_setup("https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html")/*]]>*/</script>
</div>

53
windows/release-information/resolved-issues-windows-10-1507.yml
View File

@ -1,53 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1507
metadata:
document_id:
title: Resolved issues in Windows 10, version 1507
description: Resolved issues in Windows 10, version 1507
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1507"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1507 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
</table>
"

75
windows/release-information/resolved-issues-windows-10-1607.yml
View File

@ -1,75 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1607 and Windows Server 2016
metadata:
document_id:
title: Resolved issues in Windows 10, version 1607 and Windows Server 2016
description: Resolved issues in Windows 10, version 1607
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1607"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1607 and Windows Server 2016 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='61msg'></div><b>Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM</b><br>Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.<br><br><a href = '#61msgdesc'>See details ></a></td><td>OS Build 14393.2608<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467691' target='_blank'>KB4467691</a></td><td>Resolved External<br></td><td>January 23, 2020 <br>02:08 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 14393.3206<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522010' target='_blank'>KB4522010</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 14393.3204<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 17, 2019 <br>04:47 PM PT</td></tr>
<tr><td><div id='301msg'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><br>Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.<br><br><a href = '#301msgdesc'>See details ></a></td><td>OS Build 14393.3053<br><br>June 18, 2019<br><a href ='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>September 10, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 14393.3206<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522010' target='_blank'>KB4522010</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;After investigation, we have found that this issue does not affect this version of Windows.</div><br><a href ='#336msg'>Back to top</a></td><td>OS Build 14393.3204<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 17, 2019 <br>04:47 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='301msgdesc'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><div>&nbsp;Applications and scripts that call the <a href=\"https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a href=\"https://docs.microsoft.com/en-us/windows/win32/adsi/adsi-winnt-provider\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries.&nbsp;When requesting additional pages you may receive the error, “1359: an internal error occurred.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a>.</div><br><a href ='#301msg'>Back to top</a></td><td>OS Build 14393.3053<br><br>June 18, 2019<br><a href ='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>Resolved:<br>September 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 01, 2019 <br>05:00 PM PT</td></tr>
</table>
"
- title: November 2018
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='61msgdesc'></div><b>Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM</b><div>After installing <a href=\"https://support.microsoft.com/help/4467691\" rel=\"noopener noreferrer\" target=\"_blank\">KB4467691</a>, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Workaround:</strong> Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.</div><div><br></div><div>If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.</div><div><br></div><div><strong>Resolution:</strong> Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.</div><br><a href ='#61msg'>Back to top</a></td><td>OS Build 14393.2608<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467691' target='_blank'>KB4467691</a></td><td>Resolved External<br></td><td>Last updated:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 13, 2018 <br>10:00 AM PT</td></tr>
</table>
"

65
windows/release-information/resolved-issues-windows-10-1709.yml
View File

@ -1,65 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709
metadata:
document_id:
title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709
description: Resolved issues in Windows 10, version 1709 and Windows Server 1709
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1709"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1709 and Windows Server, version 1709 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534318' target='_blank'>KB4534318</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 16299.1392<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522012' target='_blank'>KB4522012</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4534318' target='_blank'>KB4534318</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534318' target='_blank'>KB4534318</a></td><td>Resolved:<br>January 23, 2020 <br>02:00 PM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 16299.1392<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522012' target='_blank'>KB4522012</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#336msg'>Back to top</a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
</table>
"

79
windows/release-information/resolved-issues-windows-10-1803.yml
View File

@ -1,79 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1803
metadata:
document_id:
title: Resolved issues in Windows 10, version 1803
description: Resolved issues in Windows 10, version 1803
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1803"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1803 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534308' target='_blank'>KB4534308</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='330msg'></div><b>Windows Mixed Reality Portal users may intermittently receive a 15-5 error code</b><br>You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.<br><br><a href = '#330msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>October 15, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='244msg'></div><b>Startup to a black screen after installing updates</b><br>Your device may startup to a black screen during the first logon after installing updates.<br><br><a href = '#244msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>October 15, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 17134.1009<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522014' target='_blank'>KB4522014</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
<tr><td><div id='325msg'></div><b>Notification issue: \"Your device is missing important security and quality fixes.\"</b><br>Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"<br><br><a href = '#325msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 03, 2019 <br>12:32 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4534308' target='_blank'>KB4534308</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534308' target='_blank'>KB4534308</a></td><td>Resolved:<br>January 23, 2020 <br>02:00 PM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='330msgdesc'></div><b>Windows Mixed Reality Portal users may intermittently receive a 15-5 error code</b><div>After installing <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a>, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a>.</div><br><a href ='#330msg'>Back to top</a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 11, 2019 <br>05:32 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 17134.1009<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522014' target='_blank'>KB4522014</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#336msg'>Back to top</a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='325msgdesc'></div><b>Notification issue: \"Your device is missing important security and quality fixes.\"</b><div>Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes\" in the Windows Update dialog and a red \"!\" in the task tray on the Windows Update tray icon. This notification is intended for devices that are 90 days or more out of date, but some users with installed updates released in June or July also saw this notification.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1803</li><li>Server: Windows Server, version 1803</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved on the server side on August 30, 2019. Only devices that are out of date by 90 days or more should now see the notification. No action is required by the user to resolve this issue. If you are still seeing the \"Your device is missing important security and quality fixes\" notification, we recommend selecting <strong>Check for Updates </strong>in the <strong>Windows Update </strong>dialog. For instructions, see&nbsp;<a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>. Microsoft always recommends trying to keep your devices up to date, as the monthly updates contain important security fixes.&nbsp;</div><br><a href ='#325msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 03, 2019 <br>12:32 PM PT<br><br>Opened:<br>September 03, 2019 <br>12:32 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
</table>
"

89
windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
View File

@ -1,89 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1809 and Windows Server 2019
metadata:
document_id:
title: Resolved issues in Windows 10, version 1809 and Windows Server 2019
description: Resolved issues in Windows 10, version 1809 or Windows Server 2019
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10 1809"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1809 and Windows Server 2019 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534321' target='_blank'>KB4534321</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='330msg'></div><b>Windows Mixed Reality Portal users may intermittently receive a 15-5 error code</b><br>You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.<br><br><a href = '#330msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>October 15, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='244msg'></div><b>Startup to a black screen after installing updates</b><br>Your device may startup to a black screen during the first logon after installing updates.<br><br><a href = '#244msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>October 15, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 17763.740<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522015' target='_blank'>KB4522015</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='301msg'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><br>Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.<br><br><a href = '#301msgdesc'>See details ></a></td><td>OS Build 17763.55<br><br>October 09, 2018<br><a href ='https://support.microsoft.com/help/4464330' target='_blank'>KB4464330</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4534321' target='_blank'>KB4534321</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534321' target='_blank'>KB4534321</a></td><td>Resolved:<br>January 23, 2020 <br>02:00 PM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><div>After installing the optional non-security&nbsp;update (<a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a&nbsp;0xc0000409 error in <strong>Event Viewer</strong> on MsSense.exe.</div><div><br></div><div><strong>Note</strong> Microsoft Microsoft Defender Antivirus is not affected by this issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a>.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 17, 2019 <br>05:14 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='330msgdesc'></div><b>Windows Mixed Reality Portal users may intermittently receive a 15-5 error code</b><div>After installing <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a>, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>.</div><br><a href ='#330msg'>Back to top</a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 11, 2019 <br>05:32 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 17763.740<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522015' target='_blank'>KB4522015</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#336msg'>Back to top</a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='301msgdesc'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><div>&nbsp;Applications and scripts that call the <a href=\"https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a href=\"https://docs.microsoft.com/en-us/windows/win32/adsi/adsi-winnt-provider\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries.&nbsp;When requesting additional pages you may receive the error, “1359: an internal error occurred.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a>.</div><br><a href ='#301msg'>Back to top</a></td><td>OS Build 17763.55<br><br>October 09, 2018<br><a href ='https://support.microsoft.com/help/4464330' target='_blank'>KB4464330</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a></td><td>Resolved:<br>September 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 01, 2019 <br>05:00 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
</table>
"

124
windows/release-information/resolved-issues-windows-10-1903.yml
View File

@ -1,124 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1903 and Windows Server, version 1903
metadata:
document_id:
title: Resolved issues in Windows 10, version 1903 and Windows Server, version 1903
description: Resolved issues in Windows 10, version 1903 and Windows Server 1903
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1903"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1903 and Windows Server, version 1903 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
<tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 18362.357<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522016' target='_blank'>KB4522016</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='335msg'></div><b>Audio in games is quiet or different than expected</b><br>Microsoft has received reports that audio in certain games is quieter or different than expected.<br><br><a href = '#335msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>September 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
<tr><td><div id='331msg'></div><b>Some users report issues related to the Start menu and Windows Desktop Search</b><br>A small number of users have reported issues related to the Start menu and Windows Desktop Search.<br><br><a href = '#331msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:58 PM PT</td></tr>
<tr><td><div id='332msg'></div><b>Screenshots and Snips have an unnatural orange tint</b><br>Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed<br><br><a href = '#332msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516115' target='_blank'>KB4516115</a></td><td>Resolved External<br></td><td>September 11, 2019 <br>08:54 PM PT</td></tr>
<tr><td><div id='324msg'></div><b>Windows Desktop Search may not return any results and may have high CPU usage</b><br>Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.<br><br><a href = '#324msgdesc'>See details ></a></td><td>OS Build 18362.329<br><br>August 30, 2019<br><a href ='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>September 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='255msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.<br><br><a href = '#255msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='254msg'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><br>Windows 10, version 1903 update may fail with certain versions of Intel Rapid Storage Technology (Intel RST) drivers.<br><br><a href = '#254msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 18362.295<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='253msg'></div><b>Initiating a Remote Desktop connection may result in black screen</b><br>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.<br><br><a href = '#253msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='236msg'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><br>Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.<br><br><a href = '#236msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or Configuration Manager servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='358msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#358msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 25, 2019 <br>04:21 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='338msgdesc'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><div>Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on&nbsp;specific models of NEC devices.&nbsp;If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections.&nbsp;The Wi-Fi driver may have a&nbsp;yellow exclamation point in device manager.&nbsp;The task tray icon for networking may show the icon for no internet and&nbsp;<strong>Network &amp; Internet settings</strong>&nbsp;may not show any Wi-Fi networks.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a>. The safeguard hold is estimated to be removed in mid-November.</div><br><a href ='#338msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>Resolved:<br>October 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 18362.357<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522016' target='_blank'>KB4522016</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='335msgdesc'></div><b>Audio in games is quiet or different than expected</b><div>Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a>.</div><br><a href ='#335msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>Resolved:<br>September 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#336msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='331msgdesc'></div><b>Some users report issues related to the Start menu and Windows Desktop Search</b><div>Microsoft has received&nbsp;reports that a small number of&nbsp;users are having issues related to the <strong>Start </strong>menu and Windows Desktop Search.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> At this time, Microsoft has not found a <strong>Search</strong> or <strong>Start</strong> issue significantly impacting users originating from <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas.&nbsp;If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub <strong>(Windows + F)</strong> then try the Windows 10 Troubleshoot settings (found in <strong>Settings</strong>).&nbsp;If you are having an issue with search, see&nbsp;<a href=\"https://support.microsoft.com/en-us/help/4520146/fix-problems-in-windows-search\" target=\"_blank\">Fix problems in Windows Search</a>.</div><br><a href ='#331msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:58 PM PT<br><br>Opened:<br>September 11, 2019 <br>05:18 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='332msgdesc'></div><b>Screenshots and Snips have an unnatural orange tint</b><div>When creating screenshots or using similar tools (such as Snipping Tool or Snip &amp; Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage.&nbsp;This issue started on or around September 5, 2019.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: None</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;For guidance on this issue, see the Lenovo support article <a href=\"https://forums.lenovo.com/t5/Lenovo-Vantage-Knowledge-Base/Screenshots-and-Snips-have-an-unnatural-orange-tint/ta-p/4522439\" target=\"_blank\">Screenshots and Snips have an unnatural orange tint</a>. There is no update for Windows needed for this issue.</div><br><a href ='#332msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516115' target='_blank'>KB4516115</a></td><td>Resolved External<br></td><td>Last updated:<br>September 11, 2019 <br>08:54 PM PT<br><br>Opened:<br>September 11, 2019 <br>08:54 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='324msgdesc'></div><b>Windows Desktop Search may not return any results and may have high CPU usage</b><div>Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been&nbsp;disabled.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>.</div><br><a href ='#324msg'>Back to top</a></td><td>OS Build 18362.329<br><br>August 30, 2019<br><a href ='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved:<br>September 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 04, 2019 <br>02:25 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='317msgdesc'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><div>Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the <strong>Windows Update</strong> dialog or within U<strong>pdate history</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved for most users. If you are still having issues, please see <a href=\"https://support.microsoft.com/help/4528159\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528159</a>.</div><br><a href ='#317msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>November 12, 2019 <br>08:11 AM PT<br><br>Opened:<br>August 16, 2019 <br>01:41 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.&nbsp;The optional update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 18362.295<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='248msgdesc'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolved:&nbsp;</strong>To resolve this issue, you will need to update the firmware of your Surface Book 2&nbsp;device. Please see the <a href=\"https://support.microsoft.com/help/4055398/surface-book-2-update-history\" target=\"_blank\">Surface Book 2 update history page</a><strong>&nbsp;</strong>for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.</div><div>&nbsp;</div><div>The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.</div><br><a href ='#248msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>October 18, 2019 <br>04:33 PM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='255msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#255msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='254msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#254msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='253msgdesc'></div><b>Initiating a Remote Desktop connection may result in black screen</b><div>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#253msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 12, 2019 <br>04:42 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or Configuration Manager servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager might fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='236msgdesc'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><div>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#236msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
</table>
"

65
windows/release-information/resolved-issues-windows-10-1909.yml
View File

@ -1,65 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 10, version 1909 and Windows Server, version 1909
metadata:
document_id:
title: Resolved issues in Windows 10, version 1909 and Windows Server, version 1909
description: Resolved issues in Windows 10, version 1909 and Windows Server 1909
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1909"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 10, version 1909 and Windows Server, version 1909 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
</table>
"

85
windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -1,85 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: See a list of known issues that have been resolved for Windows 7 and Windows Server 2008 R2 SP1 over the last six months.
metadata:
document_id:
title: Resolved issues in Windows 7 and Windows Server 2008 R2 SP1
description: Resolved issues in Windows 7 and Windows Server 2008 R2 SP1
keywords: ["Resolved issues in Windows 7", "Windows 7", "Windows Server 2008 R2 SP1"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 7 and Windows Server 2008 R2 SP1 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='390msg'></div><b>After installing an update and restarting, you might receive an error</b><br>You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.<br><br><a href = '#390msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537820' target='_blank'>KB4537820</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>February 12, 2020 <br>05:37 PM PT</td></tr>
<tr><td><div id='384msg'></div><b>Custom wallpaper displays as black</b><br>Using a custom image set to \"Stretch\" might not display as expected.<br><br><a href = '#384msgdesc'>See details ></a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4539601' target='_blank'>KB4539601</a></td><td>February 07, 2020 <br>10:00 AM PT</td></tr>
<tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>January 23, 2020 <br>02:08 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='329msg'></div><b>You may receive an error when opening or using the Toshiba Qosmio AV Center</b><br>Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.<br><br><a href = '#329msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='390msgdesc'></div><b>After installing an update and restarting, you might receive an error</b><div>After installing <a href='https://support.microsoft.com/help/4537820' target='_blank'>KB4537820</a> and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as&nbsp;<strong>Failed&nbsp;</strong>in&nbsp;<strong>Update History</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution: </strong>This is expected in the following circumstances:</div><ul><li>If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see&nbsp;<a href=\"https://support.microsoft.com/help/4497181\" rel=\"noopener noreferrer\" target=\"_blank\">KB4497181</a>.</li><li>If you do not have an ESU MAK add-on key installed and activated.&nbsp;</li></ul><div></div><div>If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this&nbsp;<a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">blog</a>&nbsp;post.&nbsp;For information on the prerequisites, see the \"How to get this update\" section of this article.</div><br><a href ='#390msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537820' target='_blank'>KB4537820</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>February 12, 2020 <br>05:37 PM PT<br><br>Opened:<br>February 12, 2020 <br>03:47 PM PT</td></tr>
</table>
"
- title: January 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='384msgdesc'></div><b>Custom wallpaper displays as black</b><div>After installing <a href='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a>, your desktop wallpaper when set to \"Stretch\" might display as black.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4539601' target='_blank'>KB4539601</a>, if you are using Monthly Rollups. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4539602\" rel=\"noopener noreferrer\" target=\"_blank\">KB4539602</a>. These updates are available for all customers running Windows 7 SP1 and Windows Server 2008 R2 SP1.</div><br><a href ='#384msg'>Back to top</a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4539601' target='_blank'>KB4539601</a></td><td>Resolved:<br>February 07, 2020 <br>10:00 AM PT<br><br>Opened:<br>January 24, 2020 <br>09:15 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='374msgdesc'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><div>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc&nbsp;&nbsp;WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WUAHandler&nbsp;&nbsp;&nbsp;14/11/2019 16:33:23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;980 (0x03D4)\". <strong>Note</strong> All Configuration Manager information&nbsp;also applies to System Center Configuration Manager and Microsoft Endpoint Configuration Manager.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).</div><br><a href ='#374msg'>Back to top</a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Note </strong>This issue also affects the Internet Explorer Cumulative Update <a href=\"https://support.microsoft.com/help/4522007/\" target=\"_blank\">KB4522007</a>, release September 23, 2019.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a>. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4519974\" target=\"_blank\">KB4519974</a>&nbsp;for resolving KB for your platform.</div><br><a href ='#351msg'>Back to top</a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='329msgdesc'></div><b>You may receive an error when opening or using the Toshiba Qosmio AV Center</b><div>After installing <a href='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a>, you may receive an error when opening or using the Toshiba <strong>Qosmio AV Center</strong>.&nbsp;You may also receive an error in <strong>Event Log</strong> related to cryptnet.dll.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a>.</div><br><a href ='#329msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>Resolved:<br>September 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 10, 2019 <br>09:48 AM PT</td></tr>
</table>
"

65
windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -1,65 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows 8.1 and Windows Server 2012 R2
metadata:
document_id:
title: Resolved issues in Windows 8.1 and Windows Server 2012 R2
description: Resolved issues in Windows 8.1 and Windows Server 2012 R2
keywords: ["Resolved issues in Windows 8.1", "Windows 8.1", "Windows Server 2012 R2"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows 8.1 and Windows Server 2012 R2 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='333msg'></div><b>Windows RT 8.1 devices may have issues opening Internet Explorer 11</b><br>On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.<br><br><a href = '#333msgdesc'>See details ></a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516067' target='_blank'>KB4516067</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a>. However, the issue occurs when you install&nbsp;only <a href='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/en-us/help/4507457\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507457</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Note </strong>This issue also affects the Internet Explorer Cumulative Update <a href=\"https://support.microsoft.com/help/4522007/\" target=\"_blank\">KB4522007</a>, release September 23, 2019.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a>. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4519974\" target=\"_blank\">KB4519974</a>&nbsp;for resolving KB for your platform.</div><br><a href ='#351msg'>Back to top</a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='333msgdesc'></div><b>Windows RT 8.1 devices may have issues opening Internet Explorer 11</b><div>On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\"</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows RT 8.1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a>.</div><br><a href ='#333msg'>Back to top</a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516067' target='_blank'>KB4516067</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>Resolved:<br>September 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
</table>
"

75
windows/release-information/resolved-issues-windows-server-2008-sp2.yml
View File

@ -1,75 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Resolved issues in Windows Server 2008 SP2
metadata:
document_id:
title: Resolved issues in Windows Server 2008 SP2
description: Resolved issues in Windows Server 2008 SP2
keywords: ["Resolved issues in Windows Server 2008 SP2", "Windows Server 2008 SP2"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows Server 2008 SP2 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='390msg'></div><b>After installing an update and restarting, you might receive an error</b><br>You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.<br><br><a href = '#390msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537810' target='_blank'>KB4537810</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>February 12, 2020 <br>05:37 PM PT</td></tr>
<tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>January 23, 2020 <br>02:08 PM PT</td></tr>
<tr><td><div id='327msg'></div><b>Issues manually installing updates by double-clicking the .msu file</b><br>You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.<br><br><a href = '#327msgdesc'>See details ></a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>September 23, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516030' target='_blank'>KB4516030</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='390msgdesc'></div><b>After installing an update and restarting, you might receive an error</b><div>After installing <a href='https://support.microsoft.com/help/4537810' target='_blank'>KB4537810</a> and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as&nbsp;<strong>Failed&nbsp;</strong>in&nbsp;<strong>Update History</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution: </strong>This is expected in the following circumstances:</div><ul><li>If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see&nbsp;<a href=\"https://support.microsoft.com/help/4497181\" rel=\"noopener noreferrer\" target=\"_blank\">KB4497181</a>.</li><li>If you do not have an ESU MAK add-on key installed and activated.&nbsp;</li></ul><div></div><div>If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this&nbsp;<a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">blog</a>&nbsp;post.&nbsp;For information on the prerequisites, see the \"How to get this update\" section of this article.</div><br><a href ='#390msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537810' target='_blank'>KB4537810</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>February 12, 2020 <br>05:37 PM PT<br><br>Opened:<br>February 12, 2020 <br>03:47 PM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='374msgdesc'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><div>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc&nbsp;&nbsp;WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WUAHandler&nbsp;&nbsp;&nbsp;14/11/2019 16:33:23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;980 (0x03D4)\". <strong>Note</strong> All Configuration Manager information&nbsp;also applies to System Center Configuration Manager and Microsoft Endpoint Configuration Manager.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).</div><br><a href ='#374msg'>Back to top</a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='327msgdesc'></div><b>Issues manually installing updates by double-clicking the .msu file</b><div>After installing the SHA-2 update (<a href='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a>) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2</li></ul><div></div><div><strong>Workaround:</strong> Open a command prompt and use the following command (replacing &lt;msu location&gt; with the actual location and filename of the update): <strong>wusa.exe &lt;msu location&gt; /quiet</strong></div><div><br></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a> released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.</div><div><br></div><div><strong>Note&nbsp;</strong>If you previously installed&nbsp;<a href='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a>&nbsp;released&nbsp;September 23, 2019, then you already have the latest version of this update and do not need to reinstall.</div><br><a href ='#327msg'>Back to top</a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved:<br>September 23, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 20, 2019 <br>04:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Note </strong>This issue also affects the Internet Explorer Cumulative Update <a href=\"https://support.microsoft.com/help/4522007/\" target=\"_blank\">KB4522007</a>, release September 23, 2019.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a>. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4519974\" target=\"_blank\">KB4519974</a>&nbsp;for resolving KB for your platform.</div><br><a href ='#351msg'>Back to top</a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516030' target='_blank'>KB4516030</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
</table>
"

63
windows/release-information/resolved-issues-windows-server-2012.yml
View File

@ -1,63 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: See a list of known issues that have been resolved for Windows Server 2012 over the last six months.
metadata:
document_id:
title: Resolved issues in Windows Server 2012
description: Resolved issues in Windows Server 2012
keywords: ["Resolved issues in Windows Server 2012", "Windows Server 2012"]
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
See a list of known issues that have been resolved for Windows Server 2012 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Resolved issues
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516069' target='_blank'>KB4516069</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a>. However, the issue occurs when you install&nbsp;only <a href='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/help/4507447\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507447</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
</table>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Note </strong>This issue also affects the Internet Explorer Cumulative Update <a href=\"https://support.microsoft.com/help/4522007/\" target=\"_blank\">KB4522007</a>, release September 23, 2019.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a>. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4519974\" target=\"_blank\">KB4519974</a>&nbsp;for resolving KB for your platform.</div><br><a href ='#351msg'>Back to top</a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516069' target='_blank'>KB4516069</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
</table>
"

101
windows/release-information/status-windows-10-1507.yml
View File

@ -1,101 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1507
metadata:
document_id:
title: Windows 10, version 1507
description: View announcements and review known issues and fixes for Windows 10 version 1507
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 10, version 1507. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 10240.18368<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='196msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#196msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 10240.18368<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='196msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#196msg'>Back to top</a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"

113
windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
View File

@ -1,113 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1607 and Windows Server 2016
metadata:
document_id:
title: Windows 10, version 1607 and Windows Server 2016
description: View announcements and review known issues and fixes for Windows 10 version 1607 and Windows Server 2016
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 10, version 1607 and Windows Server 2016. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 14393.3274<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='195msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#195msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='36msg'></div><b>Cluster service may fail if the minimum password length is set to greater than 14</b><br>The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.<br><br><a href = '#36msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 14393.3274<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='195msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; &nbsp;Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#195msg'>Back to top</a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: November 2018
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='36msgdesc'></div><b>Cluster service may fail if the minimum password length is set to greater than 14</b><div>After installing <a href=\"https://support.microsoft.com/help/4467684\" target=\"_blank\">KB4467684</a>, the cluster service may fail to start with the error \"2245 (NERR_PasswordTooShort)\" if the Group Policy \"Minimum Password Length\" is configured with greater than 14 characters.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Workaround:</strong> Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.</div><div><br></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#36msg'>Back to top</a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>November 27, 2018 <br>10:00 AM PT</td></tr>
</table>
"

103
windows/release-information/status-windows-10-1709.yml
View File

@ -1,103 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1709 and Windows Server, version 1709
metadata:
document_id:
title: Windows 10, version 1709 and Windows Server, version 1709
description: View announcements and review known issues and fixes for Windows 10 version 1709 and Windows Server 1709
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 10, version 1709 and Windows Server, version 1709. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 16299.1451<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='193msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#193msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 16299.1451<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='193msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#193msg'>Back to top</a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"

107
windows/release-information/status-windows-10-1803.yml
View File

@ -1,107 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1803
metadata:
document_id:
title: Windows 10, version 1803
description: View announcements and review known issues and fixes for Windows 10 version 1803
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 10, version 1803. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
<table border = '0' class='box-info'><tr>
<td bgcolor='#d3f1fb' class='alert is-primary'><div><strong>Current status as of November 12, 2019:</strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</div><div>Windows&nbsp;10,&nbsp;version&nbsp;1803&nbsp;(the April 2018 Update) Home and Pro editions have reached end of service. For&nbsp;Windows&nbsp;10&nbsp;devices that are at, or within several months of reaching end of service,&nbsp;Windows&nbsp;Update will automatically initiate a feature update (with users having the ability to choose a convenient time); keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.</div>
</td></tr></table>
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17134.1069<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='192msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#192msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 17134.1069<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='192msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#192msg'>Back to top</a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"

117
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -1,117 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1809 and Windows Server 2019
metadata:
document_id:
title: Windows 10, version 1809 and Windows Server 2019
description: View announcements and review known issues and fixes for Windows 10 version 1809 and Windows Server 2019
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 10, version 1809 and Windows Server 2019. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
<table border = '0' class='box-info'><tr>
<td bgcolor='#d3f1fb' class='alert is-primary'><div><strong>Current status as of November 12, 2019:</strong></div><div>Windows 10, version 1809 is designated for broad deployment. The recommended servicing status is Semi-Annual Channel.</div>
</td></tr></table>
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
<tr><td><div id='191msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#191msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='211msgdesc'></div><b>Devices with some Asian language packs installed may receive an error</b><div>After installing the April 2019 Cumulative Update (<a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong></div><ol><li>Uninstall and reinstall any recently added language packs.&nbsp;For instructions, see \"<a href=\"https://support.microsoft.com/help/4496404/windows-10-manage-the-input-and-display-language\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>\".</li><li>Click <strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see \"<a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>\".</li></ol><div><strong>Note: </strong>If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</div><ol><ol><li>Go to <strong>Settings app</strong> -&gt; <strong>Recovery</strong>.</li><li>Click on <strong>Get Started</strong> under <strong>\"Reset this PC\"</strong> recovery option.</li><li>Select <strong>\"Keep my Files\"</strong>.</li></ol></ol><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#211msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>10:59 AM PT<br><br>Opened:<br>May 02, 2019 <br>04:36 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='191msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#191msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"

99
windows/release-information/status-windows-10-1903.yml
View File

@ -1,99 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1903 and Windows Server, version 1903
metadata:
document_id:
title: Windows 10, version 1903 and Windows Server, version 1903
description: View announcements and review known issues and fixes for Windows 10 version 1903 and Windows Server 1903
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues and the status of the rollout for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
<table border = '0' class='box-info'><tr>
<td bgcolor='#d3f1fb' class='alert is-primary'><div><strong>Current status as of November 12, 2019:</strong>&nbsp;&nbsp;&nbsp;</div><div>Windows 10, version 1903 (the May 2019 Update) is designated ready for broad deployment for all users via Windows Update.</div><div><br></div><div>We recommend commercial customers running earlier versions of Windows 10 begin broad deployments of Windows 10, version 1903 in their organizations.</div><div><br></div><div><strong>Note </strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</div>
</td></tr></table>
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&amp;p_ves=1&amp;p_lng=en&amp;p_lid=en-us&amp;p_vbd=2022&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&amp;urlName=AVG-Antivirus-Windows-10-update&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420&amp;l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 25, 2019 <br>05:25 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"

97
windows/release-information/status-windows-10-1909.yml
View File

@ -1,97 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 10, version 1909 and Windows Server, version 1909
metadata:
document_id:
title: Windows 10, version 1909 and Windows Server, version 1909
description: View announcements and review known issues and fixes for Windows 10 version 1909 and Windows Server 1909
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues and the status of the rollout for Windows 10, version 1909 and Windows Server, version 1909. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
<table border = '0' class='box-info'><tr>
<td bgcolor='#d3f1fb' class='alert is-primary'><div><strong>Current status as of January 21, 2020:</strong></div><div>Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.</div><div>&nbsp;</div><div>We are starting the next phase in our controlled approach to automatically initiate a feature update for an increased number of devices running the October 2018 Update (Windows 10, version 1809) Home and Pro editions, keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.&nbsp;Our rollout process starts several months in advance of the end of service date to provide adequate time for a smooth update process.</div><div><br></div><div>For information on how users running Windows 10, version 1903 can update to&nbsp;Windows 10, version 1909 in a new, streamlined way, see <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1909-delivery-options/ba-p/1002660\" rel=\"noopener noreferrer\" target=\"_blank\">this post</a>.</div><div>&nbsp;</div><div><strong>Note </strong>follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;on Twitter to find out when new content is published to the release information dashboard.</div>
</td></tr></table>
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&amp;p_ves=1&amp;p_lng=en&amp;p_lid=en-us&amp;p_vbd=2022&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&amp;urlName=AVG-Antivirus-Windows-10-update&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420&amp;l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 25, 2019 <br>05:25 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
</table>
"

111
windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -1,111 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 7 and Windows Server 2008 R2 SP1
metadata:
document_id:
title: Windows 7 and Windows Server 2008 R2 SP1
description: View announcements and review known issues and fixes for Windows 7 and Windows Server 2008 R2 SP1
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 7 and Windows Server 2008 R2 SP1. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='390msg'></div><b>After installing an update and restarting, you might receive an error</b><br>You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.<br><br><a href = '#390msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537820' target='_blank'>KB4537820</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>February 12, 2020 <br>05:37 PM PT</td></tr>
<tr><td><div id='384msg'></div><b>Custom wallpaper displays as black</b><br>Using a custom image set to \"Stretch\" might not display as expected.<br><br><a href = '#384msgdesc'>See details ></a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4539601' target='_blank'>KB4539601</a></td><td>February 07, 2020 <br>10:00 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='310msg'></div><b>IA64 and x64 devices may fail to start after installing updates</b><br>After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.<br><br><a href = '#310msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>August 17, 2019 <br>12:59 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='390msgdesc'></div><b>After installing an update and restarting, you might receive an error</b><div>After installing <a href='https://support.microsoft.com/help/4537820' target='_blank'>KB4537820</a> and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as&nbsp;<strong>Failed&nbsp;</strong>in&nbsp;<strong>Update History</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution: </strong>This is expected in the following circumstances:</div><ul><li>If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see&nbsp;<a href=\"https://support.microsoft.com/help/4497181\" rel=\"noopener noreferrer\" target=\"_blank\">KB4497181</a>.</li><li>If you do not have an ESU MAK add-on key installed and activated.&nbsp;</li></ul><div></div><div>If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this&nbsp;<a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">blog</a>&nbsp;post.&nbsp;For information on the prerequisites, see the \"How to get this update\" section of this article.</div><br><a href ='#390msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537820' target='_blank'>KB4537820</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>February 12, 2020 <br>05:37 PM PT<br><br>Opened:<br>February 12, 2020 <br>03:47 PM PT</td></tr>
</table>
"
- title: January 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='384msgdesc'></div><b>Custom wallpaper displays as black</b><div>After installing <a href='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a>, your desktop wallpaper when set to \"Stretch\" might display as black.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4539601' target='_blank'>KB4539601</a>, if you are using Monthly Rollups. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4539602\" rel=\"noopener noreferrer\" target=\"_blank\">KB4539602</a>. These updates are available for all customers running Windows 7 SP1 and Windows Server 2008 R2 SP1.</div><br><a href ='#384msg'>Back to top</a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4539601' target='_blank'>KB4539601</a></td><td>Resolved:<br>February 07, 2020 <br>10:00 AM PT<br><br>Opened:<br>January 24, 2020 <br>09:15 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='310msgdesc'></div><b>IA64 and x64 devices may fail to start after installing updates</b><div>IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:</div><div><strong>\"File: \\Windows\\system32\\winload.efi</strong></div><div><strong>Status: 0xc0000428</strong></div><div><strong>Info: Windows cannot verify the digital signature for this file.\"</strong></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Take Action: </strong>To resolve this issue please follow the steps outlined in the&nbsp;<a href=\"https://support.microsoft.com/help/4472027\" target=\"_blank\">SHA-2 support FAQ</a> article for error code 0xc0000428.</div><br><a href ='#310msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>August 17, 2019 <br>12:59 PM PT<br><br>Opened:<br>August 13, 2019 <br>08:34 AM PT</td></tr>
</table>
"

111
windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -1,111 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows 8.1 and Windows Server 2012 R2
metadata:
document_id:
title: Windows 8.1 and Windows Server 2012 R2
description: View announcements and review known issues and fixes for Windows 8.1 and Windows Server 2012 R2.
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows 8.1 and Windows Server 2012 R2. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='217msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#217msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='161msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround</strong>: Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesnt have CSV ownership.</li></ul><div></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#161msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"

91
windows/release-information/status-windows-server-2008-sp2.yml
View File

@ -1,91 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows Server 2008 SP2
metadata:
document_id:
title: Windows Server 2008 SP2
description: View announcements and review known issues and fixes for Windows Server 2008 SP2.
keywords: Windows, Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows Server 2008 SP2. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='390msg'></div><b>After installing an update and restarting, you might receive an error</b><br>You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History.<br><br><a href = '#390msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537810' target='_blank'>KB4537810</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>February 12, 2020 <br>05:37 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='390msgdesc'></div><b>After installing an update and restarting, you might receive an error</b><div>After installing <a href='https://support.microsoft.com/help/4537810' target='_blank'>KB4537810</a> and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as&nbsp;<strong>Failed&nbsp;</strong>in&nbsp;<strong>Update History</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution: </strong>This is expected in the following circumstances:</div><ul><li>If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see&nbsp;<a href=\"https://support.microsoft.com/help/4497181\" rel=\"noopener noreferrer\" target=\"_blank\">KB4497181</a>.</li><li>If you do not have an ESU MAK add-on key installed and activated.&nbsp;</li></ul><div></div><div>If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this&nbsp;<a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">blog</a>&nbsp;post.&nbsp;For information on the prerequisites, see the \"How to get this update\" section of this article.</div><br><a href ='#390msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4537810' target='_blank'>KB4537810</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>February 12, 2020 <br>05:37 PM PT<br><br>Opened:<br>February 12, 2020 <br>03:47 PM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"

111
windows/release-information/status-windows-server-2012.yml
View File

@ -1,111 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows Server 2012
metadata:
document_id:
title: Windows Server 2012
description: View announcements and review known issues and fixes for Windows Server 2012
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: "
Find information on known issues for Windows Server 2012. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
"
- items:
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- items:
- type: markdown
text: "
<div align='right' style='font-size:0.87rem'><a class='is-size-7' href='https://docs.microsoft.com/windows/release-information/windows-message-center'>See all messages ></a></div>
"
- items:
- type: markdown
text: "
<hr class='cardsM'>
"
- title: Known issues
- items:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
- title: Issue details
- items:
- type: markdown
text: "
<div>
</div>
"
- title: February 2020
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"
- title: November 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='217msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#217msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='187msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as&nbsp;<strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround:</strong> Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesnt have CSV ownership.</li></ul><div></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#187msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"

89
windows/release-information/windows-message-center.yml
View File

@ -1,89 +0,0 @@
### YamlMime:YamlDocument
documentType: LandingData
title: Windows message center
metadata:
document_id:
title: Windows message center
description: Windows message center
keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
ms.localizationpriority: high
author: greg-lindsay
ms.author: greglin
manager: dougkim
ms.topic: article
ms.devlang: na
sections:
- items:
- type: list
style: cards
className: cardsM
columns: 2
items:
- href: https://aka.ms/Windows7ESU
html: Stay protected with Extended Security Updates >
image:
src: https://docs.microsoft.com/media/common/i_subscription.svg
title: Still have devices running Windows 7 in your enterprise?
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
src: http://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10, version 1909 delivery options
- href: https://aka.ms/whats-new-in-1909
html: Learn about the latest capabilities for IT >
image:
src: http://docs.microsoft.com/media/common/i_article.svg
title: Whats new in Windows 10, version 1909
- href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376
html: Learn more >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
title: Windows 10 update servicing cadence
- title: Recent announcements
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
<tr><td id='397'><a href = 'https://support.microsoft.com/help/4535996' target='_blank'><b>February 2020 Windows 10, version 1909 and Windows 10, version 1903 \"D\" optional release is available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='397' href='#397'></a><br><div>The February 2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>February 27, 2020 <br>01:30 PM PT</td></tr>
<tr><td id='396'><b>February 2020 Windows \"C\" optional release is available.</b><a class='docon docon-link heading-anchor' aria-labelledby='396' href='#396'></a><br><div>The February 2020<strong> </strong>optional monthly “C” release for all supported versions of Windows&nbsp;prior to Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>February 25, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='394'><b>Status of February 2020 “C” release</b><a class='docon docon-link heading-anchor' aria-labelledby='394' href='#394'></a><br><div>The optional monthly “C” release for February 2020 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\"><u>@WindowsUpdate</u></a> for the latest on the availability of this release.</div></td><td>February 21, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='391'><a href = 'https://support.microsoft.com/help/4542617' target='_blank'><b>Compatibility issue with some Windows Server container images</b></a><a class='docon docon-link heading-anchor' aria-labelledby='391' href='#391'></a><br><div>If you are encountering issues with Windows Server container images, please see <a href=\"https://support.microsoft.com/help/4542617\" rel=\"noopener noreferrer\" target=\"_blank\">KB4542617</a>.</div></td><td>February 13, 2020 <br>03:21 PM PT</td></tr>
<tr><td id='389'><a href = 'https://support.microsoft.com/help/4532693' target='_blank'><b>Take action: February 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='389' href='#389'></a><br><div>The February 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>February 11, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='388'><b>Take action: ESU security updates available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2</b><a class='docon docon-link heading-anchor' aria-labelledby='388' href='#388'></a><br><div>Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 reached end of support on January 14, 2020. For customers who have purchased Extended Security Updates (ESU), the first monthly ESU security updates are now available. If your organization has&nbsp;not yet been able to complete your transition to Windows 10, Windows Server 2016, or Windows Server 2019 and want to continue to receive security updates for your current version of Windows, you will need to purchase Extended Security Updates. For information on how to do so, please see <a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>, Windows 7 <a href=\"https://support.microsoft.com/help/4527873\" rel=\"noopener noreferrer\" target=\"_blank\">ESU frequently ask questions</a>, and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 <a href=\"https://www.microsoft.com/en-us/cloud-platform/extended-security-updates\" rel=\"noopener noreferrer\" target=\"_blank\">ESU frequently asked questions</a>.</div><div><br></div><div>We recommend ESU customers review the applicable KB article below for prerequisites and other important information you will need to deploy these updates.</div><div><br></div><div>The following updates were released today for Windows Server 2008 SP2:</div><ul><li>Extended Security Updates (ESU) Licensing Preparation Package (<a href=\"https://support.microsoft.com/help/4538484\" rel=\"noopener noreferrer\" target=\"_blank\">KB4538484</a>)</li><li>Monthly Rollup (<a href=\"https://support.microsoft.com/help/4537810\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537810</a>)</li><li>Security Only (<a href=\"https://support.microsoft.com/help/4537822\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537822</a>)</li><li>Servicing Stack Update (<a href=\"https://support.microsoft.com/help/4537830\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537830</a>)</li><li>Internet Explorer 9 Cumulative Updates (<a href=\"https://support.microsoft.com/help/4537767\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537767</a>)</li></ul><div></div><div>The following updates were released today for Windows 7 SP1 and Windows Server 2008 R2 SP1:</div><ul><li>Extended Security Updates (ESU) Licensing Preparation Package (<a href=\"https://support.microsoft.com/help/4538483\" rel=\"noopener noreferrer\" target=\"_blank\">KB4538483</a>)</li><li>Monthly Rollup (<a href=\"https://support.microsoft.com/help/4537820\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537820</a>)</li><li>Security Only (<a href=\"https://support.microsoft.com/help/4537813\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537813</a>)</li><li>Servicing Stack Update (<a href=\"https://support.microsoft.com/help/4537829\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537829</a>)</li><li>Internet Explorer 11 Cumulative Updates (<a href=\"https://support.microsoft.com/help/4537767\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537767</a>)</li></ul></td><td>February 11, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='387'><b>Resolved: Windows Search shows blank box</b><a class='docon docon-link heading-anchor' aria-labelledby='387' href='#387'></a><br><div>We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved&nbsp;for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved.&nbsp;</div><div><br></div><div>This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, to mitigate this issue you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select <strong>CTRL + Shift + Esc </strong>then select the <strong>Details </strong>tab.) If you have restarted and tried the previous mitigations and are still encountering issues with Windows Search, you are not experiencing the issue described here. Please see <a href=\"https://support.microsoft.com/help/4520146\" rel=\"noopener noreferrer\" target=\"_blank\" style=\"\">Fix problems in Windows Search</a> for other mitigations.</div></td><td>February 05, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='385'><a href = 'https://support.microsoft.com/help/4532695' target='_blank'><b>January 2020 Windows 10, version 1909 \"D\" optional release is available.</b></a><a class='docon docon-link heading-anchor' aria-labelledby='385' href='#385'></a><br><div>The January<strong> </strong>2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 28, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='383'><b>January 2020 Windows \"C\" optional release is available.</b><a class='docon docon-link heading-anchor' aria-labelledby='383' href='#383'></a><br><div>The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 23, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='382'><a href = 'https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/' target='_blank'><b>Windows 7 has reached end of support</b></a><a class='docon docon-link heading-anchor' aria-labelledby='382' href='#382'></a><br><div>Windows&nbsp;7 reached end of support on January 14, 2020. If your organization has&nbsp;not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read <a href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/how-to-get-extended-security-updates-for-eligible-windows/ba-p/917807\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>. For more information on end of service dates for currently supported versions of Windows 10, see the&nbsp;<a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\">Windows lifecycle fact sheet</a>.</div></td><td>January 15, 2020 <br>10:00 AM PT</td></tr>
<tr><td id='379'><a href = 'https://support.microsoft.com/help/4528760' target='_blank'><b>Take action: January 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='379' href='#379'></a><br><div>The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='380'><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601' target='_blank'><b>Advisory: Windows CryptoAPI certificate validation vulnerability</b></a><a class='docon docon-link heading-anchor' aria-labelledby='380' href='#380'></a><br><div>On January 14, 2020, Microsoft released security updates to address&nbsp;an&nbsp;<a href=\"https://en.wikipedia.org/wiki/Elliptic-curve_cryptography\" rel=\"noopener noreferrer\" target=\"_blank\"><u>elliptic-curve cryptography</u></a>&nbsp;(ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10&nbsp;operating system, client and server.&nbsp;While we have not observed an attack exploiting this vulnerability,&nbsp;we recommend that you apply this update to all of your Windows 10 devices&nbsp;with priority. Here is what you need to know:</div><ul><li>If you are running a supported version of Windows&nbsp;10&nbsp;and have automatic updates enabled, you are automatically protected and do not need to take any&nbsp;further&nbsp;action.</li><li>If you are managing updates on behalf of your organization, you should download the latest updates from the&nbsp;<a href=\"https://portal.msrc.microsoft.com/en-us/\" rel=\"noopener noreferrer\" target=\"_blank\">Microsoft Security Update Guide&nbsp;</a>and apply those updates to your&nbsp;Windows 10 devices and servers&nbsp;as soon as possible.</li></ul><div></div><div>If you are&nbsp;running an <a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\">unsupported version of Windows 10</a>, we&nbsp;recommend that you upgrade to the current version of Windows 10 to benefit from the latest security protections.&nbsp;For more information&nbsp;about this vulnerability,&nbsp;see&nbsp;the <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\" rel=\"noopener noreferrer\" target=\"_blank\">Microsoft Security Guidance for&nbsp;CVE-2020-0601</a> and the Microsoft Security Response Center blog, <a href=\"https://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/\" rel=\"noopener noreferrer\" target=\"_blank\">January 2020 Security Updates: CVE-2020-0601</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='376'><a href = 'https://support.microsoft.com/help/4530684' target='_blank'><b>Take action: December 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='376' href='#376'></a><br><div>The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='378'><b>Timing of Windows 10 optional update releases (December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='378' href='#378'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week.&nbsp;For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='369'><a href = 'https://aka.ms/how-to-get-1909' target='_blank'><b>Windows 10, version 1909 now available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='369' href='#369'></a><br><div>Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how weve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='370'><a href = 'https://aka.ms/1909mechanics' target='_blank'><b>Windows 10, version 1909 delivery options</b></a><a class='docon docon-link heading-anchor' aria-labelledby='370' href='#370'></a><br><div>Learn how devices running Windows 10, version 1903 can update to Windows 10, version 1909 using the same servicing technology used to deliver monthly quality updates, resulting in a single restart and reducing update-related downtime.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='371'><a href = 'https://aka.ms/whats-new-in-1909' target='_blank'><b>Whats new for IT pros in Windows 10, version 1909</b></a><a class='docon docon-link heading-anchor' aria-labelledby='371' href='#371'></a><br><div>Explore the latest features for IT, get information about media availability and related tools, and find answers to frequently asked questions.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='367'><a href = 'https://support.microsoft.com/help/4524570' target='_blank'><b>Take action: November 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='367' href='#367'></a><br><div>The November 2019 security update release, referred to as our “B” release, is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='366'><b>Timing of Windows 10 optional update releases (November/December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='366' href='#366'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. <strong>Note</strong> There will be a December Security Update&nbsp;Tuesday release, as usual. For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a></div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='373'><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/End-of-service-reminders-for-Windows-10-versions-1703-and-1803/ba-p/903715' target='_blank'><b>Windows 10, version 1803 Home and Pro editions have reached end of service</b></a><a class='docon docon-link heading-anchor' aria-labelledby='373' href='#373'></a><br><div>Windows&nbsp;10,&nbsp;version&nbsp;1803&nbsp;(the April 2018 Update) Home and Pro editions have reached end of service. For&nbsp;Windows&nbsp;10&nbsp;devices that are at, or within several months of reaching end of service,&nbsp;Windows&nbsp;Update will automatically initiate a feature update (with users having the ability to choose a convenient time); keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. For more information on end of service dates for currently supported versions of Windows 10, see the&nbsp;<a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\"><strong><u>Windows lifecycle fact sheet</u></strong></a>.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='363'><a href = 'https://support.microsoft.com/help/4522355' target='_blank'><b>October 2019 Windows 10, version 1903 \"D\" optional release is available.</b></a><a class='docon docon-link heading-anchor' aria-labelledby='363' href='#363'></a><br><div>The October 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>October 24, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='359'><b>October 2019 Windows \"C\" optional release is available.</b><a class='docon docon-link heading-anchor' aria-labelledby='359' href='#359'></a><br><div>The October 2019<strong> </strong>optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>October 15, 2019 <br>09:59 AM PT</td></tr>
<tr><td id='347'><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/End-of-service-reminders-for-Windows-10-versions-1703-and-1803/ba-p/903715' target='_blank'><b>Windows 10, version 1703 has reached end of service</b></a><a class='docon docon-link heading-anchor' aria-labelledby='347' href='#347'></a><br><div>Consumer and commercial editions&nbsp;of Windows 10, version 1703 have reached end of service. As devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats, we recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates for currently supported versions of Windows 10, see the&nbsp;<a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\"><strong><u>Windows lifecycle fact sheet</u></strong></a>.</div><div><br></div><div><strong>Note</strong> The Windows 10, version 1703 section will be removed from this dashboard on November 12, 2019.</div></td><td>October 09, 2019 <br>12:00 PM PT</td></tr>
<tr><td id='356'><a href = 'https://support.microsoft.com/help/4517389' target='_blank'><b>Take Action: October 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='356' href='#356'></a><br><div>The October 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>.</div><div>&nbsp;</div></td><td>October 08, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='342'><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367' target='_blank'><b>Take action: Security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='342' href='#342'></a><br><div>On October 3, 2019, Microsoft expanded delivery of the out-of-band&nbsp;<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367\" target=\"_blank\">Internet Explorer scripting engine security vulnerability (CVE-2019-1367)</a> update released on September 23, 2019 to Windows Update and Windows Server Update Services (WSUS). This is now a required security update for all supported versions of Windows as it includes the Internet Explorer scripting engine vulnerability mitigation and <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903#351msgdesc\" target=\"_blank\">corrects a recent printing issue </a>some users have experienced. All customers using Windows Update or WSUS will be offered this update automatically. We recommend that you install this update as soon as a possible, then restart your PC to fully apply the mitigations and help secure your devices. As with all cumulative updates, this update supersedes any preceding update.</div><div>&nbsp;</div><div><strong>Note</strong>: This update does not replace the standard October 2019 monthly security update release, which is scheduled for October 8, 2019.</div></td><td>October 03, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='345'><a href = 'https://support.microsoft.com/help/4517211' target='_blank'><b>September 2019 Windows 10, version 1903 \"D\" optional release is available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='345' href='#345'></a><br><div>The September 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>September 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td id='344'><b>Status update: September 2019 Windows \"C\" optional release available</b><a class='docon docon-link heading-anchor' aria-labelledby='344' href='#344'></a><br><div>The September 2019 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>September 24, 2019 <br>08:10 AM PT</td></tr>
<tr><td id='343'><b>Plan for change: Windows Media Center Electronic Program Guide retiring in January 2020</b><a class='docon docon-link heading-anchor' aria-labelledby='343' href='#343'></a><br><div>Starting in January 2020, Microsoft is retiring its Electronic Program Guide (EPG) service for all versions of Windows Media Center. To continue receiving TV Program Guide information on your Windows Media Center, youll need to configure an alternate TV listing provider.</div></td><td>September 24, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='341'><b>Status of September 2019 “C” release</b><a class='docon docon-link heading-anchor' aria-labelledby='341' href='#341'></a><br><div>The optional monthly “C” release for September 2019 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow <a href=\"https://twitter.com/windowsupdate\" target=\"_blank\"><u>@WindowsUpdate</u></a> for the latest on the availability of this release.</div></td><td>September 19, 2019 <br>04:11 PM PT</td></tr>
<tr><td id='337'><b>Plan for change: End of service reminders for Windows 10, versions 1703 and 1803</b><a class='docon docon-link heading-anchor' aria-labelledby='337' href='#337'></a><br><div>The&nbsp;Enterprise and Education editions of Windows 10, version 1703 (the Creators Update)&nbsp;will reach end of service on October 8, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions of&nbsp;Windows 10, version 1803&nbsp;(the April 2018 Update) will reach end of service on November 12, 2019. We recommend that you update&nbsp;devices running these versions and editions&nbsp;to the latest version of Windows 10—Windows 10, version 1903—as soon as possible to help keep them protected and your environments secure.</div></td><td>September 13, 2019 <br>03:23 PM PT</td></tr>
<tr><td id='328'><b>September 2019 security update available for all supported versions of Windows</b><a class='docon docon-link heading-anchor' aria-labelledby='328' href='#328'></a><br><div>The September 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>September 10, 2019 <br>09:34 AM PT</td></tr>
<tr><td id='321'><a href = 'https://support.microsoft.com/help/4512941' target='_blank'><b>Status update: Windows 10, version 1903 \"D\" optional release available August 30th</b></a><a class='docon docon-link heading-anchor' aria-labelledby='321' href='#321'></a><br><div>The August optional monthly “D” release for Windows 10, version 1903 is now available. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>August 30, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='323'><b>Feature update install notification on Windows 10, version 1809 (the October 2018 Update)</b><a class='docon docon-link heading-anchor' aria-labelledby='323' href='#323'></a><br><div>We've had reports on August 29th that some customers running Windows 10, version 1809 (the October 2018 Update) have received notification to install the latest feature update (version 1903) early. Updating remains in your control.&nbsp;To install the update, you must select one of the following options: \"Pick a Time\", \"Restart Tonight,\" or \"Restart Now\". If you are not ready to update at this time, simply dismiss the notification by clicking the arrow in the top right corner. If you have updated to Windows 10, version 1903 and would like to go back to your previous version, see the instructions <a href=\"https://support.microsoft.com/help/12415/windows-10-recovery-options#section6\" target=\"_blank\">here</a>.</div></td><td>August 29, 2019 <br>04:39 PM PT</td></tr>
<tr><td id='320'><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297' target='_blank'><b>Take Action: Internet Explorer 11 now available on Windows Update/WSUS for Windows Server 2012 and Windows Embedded 8 Standard</b></a><a class='docon docon-link heading-anchor' aria-labelledby='320' href='#320'></a><br><div>Internet Explorer 11 (<a href=\"https://support.microsoft.com/help/4492872\" target=\"_blank\">KB 4492872</a>) is now available via Windows Update (WU) and Windows Server Update Services (WSUS) for commercial customers running Windows Server 2012 and Windows Embedded 8 Standard. For details about these changes and end of support for IE10, please refer to the&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297\" target=\"_blank\">IT Pro blog</a>.&nbsp;</div></td><td>August 29, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='262'><a href = 'https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update/#1P75kJB6T5OhySyo.97' target='_blank'><b>Windows 10, version 1903 rollout begins</b></a><a class='docon docon-link heading-anchor' aria-labelledby='262' href='#262'></a><br>The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback.</td><td>May 21, 2019 <br>10:00 AM PT</td></tr>
</table>
"

2
windows/security/information-protection/tpm/tpm-recommendations.md
View File

@ -112,7 +112,7 @@ The following table defines which Windows features require TPM support.
Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
-|-|-|-|-
Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required, but [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support
BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support
Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0.
Windows Defender Application Control (Device Guard) | No | Yes | Yes
Windows Defender System Guard | Yes | No | Yes

2
windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
View File

@ -41,7 +41,7 @@ This policy setting configured which TPM authorization values are stored in the
|--------------|---------------|---------|-----------------|-----------------|------------------|
| OwnerAuthAdmin | StorageOwnerAuth | Create SRK | No | Yes | Yes |
| OwnerAuthEndorsement | EndorsementAuth | Create or use EK (1.2 only: Create AIK) | No | Yes | Yes |
| OwnerAuthFull | LockoutAuth | Reset/change Dictionary Attack Protection | No | No | No |
| OwnerAuthFull | LockoutAuth | Reset/change Dictionary Attack Protection | No | No | Yes |
There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.

27
windows/security/threat-protection/TOC.md
View File

@ -134,6 +134,15 @@
###### [Compatibility charts](microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)
###### [Use limited periodic antivirus scanning](microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md)
##### [Manage next-generation protection in your business]()
###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next-generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
###### [Use Group Policy settings to manage next-generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
###### [Use PowerShell cmdlets to manage next-generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
###### [Use the mpcmdrun.exe command line tool to manage next-generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md)
##### [Deploy, manage updates, and report on antivirus]()
###### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md)
###### [Deploy and enable antivirus](microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md)
@ -169,14 +178,6 @@
##### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
##### [Manage antivirus in your business]()
###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
###### [Use Group Policy settings to configure and manage antivirus](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
###### [Use PowerShell cmdlets to configure and manage antivirus](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
##### [Manage scans and remediation]()
###### [Management overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
@ -196,16 +197,6 @@
###### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md)
###### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
##### [Manage next-generation protection in your business]()
###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md)
###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next-generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
###### [Use Group Policy settings to manage next-generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
###### [Use PowerShell cmdlets to manage next-generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
###### [Use the mpcmdrun.exe command line tool to manage next-generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md)
#### [Better together: Microsoft Defender Antivirus and Office 365](microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md)

4
windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
View File

@ -18,10 +18,6 @@ ms.custom: nextgen
# Configure Microsoft Defender Antivirus exclusions on Windows Server
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Microsoft Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
> [!NOTE]

3
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
View File

@ -7,7 +7,6 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
@ -97,3 +96,5 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md)
- [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md)
- [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
- [Configure Endpoint Protection on a standalone client](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client)

23
windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
View File

@ -9,7 +9,6 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: denisebmsft
@ -28,6 +27,7 @@ ms.custom: nextgen
During some kinds of cyber attacks, bad actors try to disable security features, such as anti-virus protection, on your machines. They do this to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices. Tamper protection helps prevent this from occurring.
With tamper protection, malicious apps are prevented from taking actions such as:
- Disabling virus and threat protection
- Disabling real-time protection
- Turning off behavior monitoring
@ -38,6 +38,7 @@ With tamper protection, malicious apps are prevented from taking actions such as
### How it works
Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as:
- Configuring settings in Registry Editor on your Windows machine
- Changing settings through PowerShell cmdlets
- Editing or removing security settings through group policies
@ -174,21 +175,21 @@ If you are an organization using [Microsoft Defender ATP E5](https://www.microso
Your regular group policy doesnt apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on.
>[!NOTE]
>A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection. To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior from GPO and simply allow tamper protection to protect Microsoft Defender Antivirus settings. <br><br>
> Sample Microsoft Defender Antivirus settings:<br>
> Turn off Microsoft Defender Antivirus <br>
> Computer Configuration\Administrative Templates\Windows Components\Windows Defender\
Value DisableAntiSpyware = 0 <br><br>
>Turn off real-time protection<br>
Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\
Value DisableRealtimeMonitoring = 0
> [!NOTE]
> A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection.
To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior from GPO and simply allow tamper protection to protect Microsoft Defender Antivirus settings.
Some sample Microsoft Defender Antivirus settings:
- *Turn off real-time protection* <br />
Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\<br />
Value `DisableRealtimeMonitoring` = 0
### For Microsoft Defender ATP E5, is configuring tamper protection in Intune targeted to the entire organization only?
Configuring tamper protection in Intune can be targeted to your entire organization as well as to specific devices and user groups.
### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager?
Currently we do not have support to manage Tamper Protection through Microsoft Endpoint Configuration Manager.

48
windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
View File

@ -111,3 +111,51 @@ If hyperthreading is disabled (because of an update applied through a KB article
Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume.
### Why am I getting the error message ("ERR_NAME_NOT_RESOLVED") after not being able to reach PAC file?
This is a known issue. To mitigate this you need to create two firewall rules.
For guidance on how to create a firewall rule by using group policy, see:
- [Create an inbound icmp rule](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule)
- [Open Group Policy management console for Microsoft Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security)
First rule (DHCP Server):
1. Program path: %SystemRoot%\System32\svchost.exe
2. Local Service: Sid: S-1-5-80-2009329905-444645132-2728249442-922493431-93864177 (Internet Connection Service (SharedAccess))
3. Protocol UDP
4. Port 67
Second rule (DHCP Client)
This is the same as the first rule, but scoped to local port 68.
In the Microsoft Defender Firewall user interface go through the following steps:
1. Right click on inbound rules, create a new rule.
2. Choose **custom rule**.
3. Program path: **%SystemRoot%\System32\svchost.exe**.
4. Protocol Type: UDP, Specific ports: 67, Remote port: any.
5. Any IP addresses.
6. Allow the connection.
7. All profiles.
8. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
### Why can I not launch Application Guard when Exploit Guard is enabled?
There is a known issue where if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to Windows Security-> App and Browser control -> Exploit Protection Setting -> switch CFG to the “use default".
### How can I have ICS in enabled state yet still use Application Guard?
This is a two step process.
Step 1:
Enable Internet Connection sharing by changing the Group Policy setting “Prohibit use of Internet Connection Sharing on your DNS domain network” which is part of the MS Security baseline from Enabled to Disabled.
Step 2:
1. Disable IpNat.sys from ICS load
System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1
2. Configure ICS (SharedAccess) to enabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3
3. Disabling IPNAT (Optional)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4
4. Reboot.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
View File

@ -27,6 +27,10 @@ ms.topic: article
The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
> [!NOTE]
> Collection of DeviceLogonEvents is not supported on Windows 7 or Windows Server 2008 R2.
> We recommend upgrading to Windows 10 or Windows Server 2019 for optimal visibility into user logon activity.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |

3
windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
View File

@ -7,7 +7,6 @@ ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
author: martyav
@ -51,7 +50,7 @@ ASR currently supports all of the rules below:
* [Block all Office applications from creating child processes](attack-surface-reduction.md#block-all-office-applications-from-creating-child-processes)
* [Block Office applications from creating executable content](attack-surface-reduction.md#block-office-applications-from-creating-executable-content)
* [Block Office applications from injecting code into other processes](attack-surface-reduction.md#block-office-applications-from-injecting-code-into-other-processes)
* [Block JavaScript or VBScript from launching downloaded executable content](attack-surface-reduction.md##block-javascript-or-vbscript-from-launching-downloaded-executable-content)
* [Block JavaScript or VBScript from launching downloaded executable content](attack-surface-reduction.md#block-javascript-or-vbscript-from-launching-downloaded-executable-content)
* [Block execution of potentially obfuscated scripts](attack-surface-reduction.md#block-execution-of-potentially-obfuscated-scripts)
* [Block Win32 API calls from Office macro](attack-surface-reduction.md#block-win32-api-calls-from-office-macros)
* [Use advanced protection against ransomware](attack-surface-reduction.md#use-advanced-protection-against-ransomware)

3
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
View File

@ -23,8 +23,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about)
Devices in your organization must be configured so that the Microsoft Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.

6
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -115,6 +115,9 @@ If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the
> [!NOTE]
> settings-win.data.microsoft.com is only needed if you have Windows 10 devices running version 1803 or earlier.<br>
> [!NOTE]
> URLs that include v20 in them are only needed if you have Windows 10 devices running version 1803 or later. For example, ```us-v20.events.data.microsoft.com``` is needed for a Windows 10 device running version 1803 or later and onboarded to US Data Storage region.
@ -198,6 +201,9 @@ However, if the connectivity check results indicate a failure, an HTTP error is
> [!NOTE]
> The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
> [!NOTE]
> When the TelemetryProxyServer is set, in Registry or via Group Policy, Microsoft Defender ATP will fall back to direct if it can't access the defined proxy.
## Related topics

7
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -191,9 +191,12 @@ The following capabilities are included in this integration:
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
> [!IMPORTANT]
> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).
> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).<br>
Data collected by Microsoft Defender ATP is stored in the geo-location of the tenant as identified during provisioning.
> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
> - When you use Azure Security Center to monitor Windows servers, a Microsoft Defender ATP tenant is automatically created and the Microsoft Defender ATP data is stored in Europe by default. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
> - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. <br>
Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
## Offboard Windows servers
You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices.

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

80
windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
View File

@ -140,9 +140,83 @@ Use the **Logs** tab to monitor deployment status for each enrolled device.
Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all devices with Defender:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"><dict><key>PayloadContent</key><array><dict><key>NotificationSettings</key><array><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.autoupdate2</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.wdav.tray</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadType</key><string>com.apple.notificationsettings</string><key>PayloadUUID</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadVersion</key><integer>1</integer></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>mdatp - allow notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadScope</key><string>System</string><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadVersion</key><integer>1</integer></dict></plist>
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>NotificationSettings</key>
<array>
<dict>
<key>AlertType</key>
<integer>2</integer>
<key>BadgesEnabled</key>
<true/>
<key>BundleIdentifier</key>
<string>com.microsoft.autoupdate2</string>
<key>CriticalAlertEnabled</key>
<false/><key>GroupingType</key>
<integer>0</integer>
<key>NotificationsEnabled</key>
<true/>
<key>ShowInLockScreen</key>
<false/>
<key>ShowInNotificationCenter</key>
<true/>
<key>SoundsEnabled</key>
<true/>
</dict>
<dict>
<key>AlertType</key>
<integer>2</integer><key>BadgesEnabled</key>
<true/><key>BundleIdentifier</key>
<string>com.microsoft.wdav.tray</string>
<key>CriticalAlertEnabled</key>
<false/><key>GroupingType</key>
<integer>0</integer>
<key>NotificationsEnabled</key>
<true/><key>ShowInLockScreen</key>
<false/><key>ShowInNotificationCenter</key>
<true/><key>SoundsEnabled</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string/><key>PayloadDisplayName</key>
<string>notifications</string>
<key>PayloadEnabled</key>
<true/><key>PayloadIdentifier</key>
<string>BB977315-E4CB-4915-90C7-8334C75A7C64</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadType</key>
<string>com.apple.notificationsettings</string>
<key>PayloadUUID</key>
<string>BB977315-E4CB-4915-90C7-8334C75A7C64</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string/><key>PayloadDisplayName</key>
<string>mdatp - allow notifications</string>
<key>PayloadEnabled</key><true/>
<key>PayloadIdentifier</key>
<string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadRemovalDisallowed</key>
<false/><key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
```
### Package

34
windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
View File

@ -25,7 +25,7 @@ ms.topic: conceptual
## Collecting diagnostic information
If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
If you can reproduce a problem, increase the logging level, run the system for some time, and restore the logging level to the default.
1. Increase logging level:
@ -63,7 +63,7 @@ The detailed log will be saved to `/Library/Logs/Microsoft/mdatp/install.log`. I
## Uninstalling
There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
There are several ways to uninstall Microsoft Defender ATP for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
### Interactive uninstallation
@ -100,6 +100,36 @@ Important tasks, such as controlling product settings and triggering on-demand s
|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --edr --set-tag GROUP [name]` |
|EDR |Remove group tag from device |`mdatp --edr --remove-tag [name]` |
### How to enable autocompletion
To enable autocompletion in `Bash`, run the following command and restart the Terminal session:
```bash
$ echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile
```
To enable autocompletion in `zsh`:
- Check whether autocompletion is enabled on your device:
```zsh
$ cat ~/.zshrc | grep autoload
```
- If the above command does not produce any output, you can enable autocompletion using the following command:
```zsh
$ echo "autoload -Uz compinit && compinit" >> ~/.zshrc
```
- Run the following command to enable autocompletion for Microsoft Defender ATP for Mac and restart the Terminal session:
```zsh
sudo mkdir -p /usr/local/share/zsh/site-functions
sudo ln -svf "/Applications/Microsoft Defender ATP.app/Contents/Resources/Tools/mdatp_completion.zsh" /usr/local/share/zsh/site-functions/_mdatp
```
## Client Microsoft Defender ATP quarantine directory
`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp --threat --list --pretty`.

9
windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
View File

@ -41,7 +41,8 @@ While you can start a threat scan at any time with Microsoft Defender ATP, your
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key><dict>
<key>StartCalendarInterval</key>
<dict>
<key>Day</key>
<integer>3</integer>
<key>Hour</key>
@ -68,11 +69,11 @@ While you can start a threat scan at any time with Microsoft Defender ATP, your
4. To load your file into **launchd**, enter the following commands:
```bash
`$ launchctl load /Library/LaunchDaemons/<your file name.plist>`
`$ launchctl start <your file name>`
launchctl load /Library/LaunchDaemons/<your file name.plist>
launchctl start <your file name>
```
5. Your scheduled scan runs at the date, time, and frequency you defined in your .plist file. In the example, the scan runs at 2:00 AM every 7 days on a Friday, with the StartInterval using 604800 seconds for one week.
5. Your scheduled scan runs at the date, time, and frequency you defined in your .plist file. In the example, the scan runs at 2:00 AM every seven days on a Friday, with the StartInterval using 604,800 seconds for one week.
> [!NOTE]
> Agents executed with launchd will not run at the scheduled time if the computer is asleep, but will run once the computer is awake. If the computer is off, the scan will not run until the computer is on at the next scheduled time.

38
windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
View File

@ -51,15 +51,15 @@ Add the following JAMF payload to grant Full Disk Access to the Microsoft Defend
![Privacy Preferences Policy Control](images/mac-system-extension-privacy.png)
### Web Content Filtering Policy
### Network Extension Policy
A web content filtering policy is needed to run the network extension. Add the following web content filtering policy:
As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
>[!NOTE]
>JAMF doesnt have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
>As such, the following steps provide a workaround that involve signing the web content filtering configuration profile.
>As such, the following steps provide a workaround that involve signing the configuration profile.
1. Save the following content to your device as `com.apple.webcontent-filter.mobileconfig`
1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig`
```xml
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@ -74,7 +74,7 @@ A web content filtering policy is needed to run the network extension. Add the f
<key>PayloadIdentifier</key>
<string>DA2CC794-488B-4AFF-89F7-6686A7E7B8AB</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender ATP Content Filter</string>
<string>Microsoft Defender ATP Network Extension</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
@ -97,7 +97,7 @@ A web content filtering policy is needed to run the network extension. Add the f
<key>PayloadIdentifier</key>
<string>CEBF7A71-D9A1-48BD-8CCF-BD9D18EC155A</string>
<key>PayloadDisplayName</key>
<string>Approved Content Filter</string>
<string>Approved Network Extension</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
@ -107,7 +107,7 @@ A web content filtering policy is needed to run the network extension. Add the f
<key>FilterType</key>
<string>Plugin</string>
<key>UserDefinedName</key>
<string>Microsoft Defender ATP Content Filter</string>
<string>Microsoft Defender ATP Network Extension</string>
<key>PluginBundleID</key>
<string>com.microsoft.wdav</string>
<key>FilterSockets</key>
@ -115,7 +115,7 @@ A web content filtering policy is needed to run the network extension. Add the f
<key>FilterDataProviderBundleIdentifier</key>
<string>com.microsoft.wdav.netext</string>
<key>FilterDataProviderDesignatedRequirement</key>
<string>identifier &quot;com.microsoft.wdav.netext&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
<string>identifier "com.microsoft.wdav.netext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
</dict>
</array>
</dict>
@ -125,8 +125,8 @@ A web content filtering policy is needed to run the network extension. Add the f
2. Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`:
```bash
$ plutil -lint com.apple.webcontent-filter.mobileconfig
com.apple.webcontent-filter.mobileconfig: OK
$ plutil -lint com.microsoft.network-extension.mobileconfig
com.microsoft.network-extension.mobileconfig: OK
```
3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMFs built-in certificate authority
@ -134,10 +134,10 @@ A web content filtering policy is needed to run the network extension. Add the f
4. After the certificate is created and installed to your device, run the following command from the Terminal:
```bash
$ security cms -S -N "<certificate name>" -i com.apple.webcontent-filter.mobileconfig -o com.apple.webcontent-filter.signed.mobileconfig
$ security cms -S -N "<certificate name>" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig
```
5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.apple.webcontent-filter.signed.mobileconfig` when prompted for the file.
5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file.
## Intune
@ -162,7 +162,7 @@ To approve the system extensions:
### Create and deploy the Custom Configuration Profile
The following configuration profile enables the web content filter and grants Full Disk Access to the Endpoint Security system extension.
The following configuration profile enables the network extension and grants Full Disk Access to the Endpoint Security system extension.
Save the following content to a file named **sysext.xml**:
@ -202,7 +202,7 @@ Save the following content to a file named **sysext.xml**:
<key>PayloadIdentifier</key>
<string>CEBF7A71-D9A1-48BD-8CCF-BD9D18EC155A</string>
<key>PayloadDisplayName</key>
<string>Approved Content Filter</string>
<string>Approved Network Extension</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
@ -212,7 +212,7 @@ Save the following content to a file named **sysext.xml**:
<key>FilterType</key>
<string>Plugin</string>
<key>UserDefinedName</key>
<string>Microsoft Defender ATP Content Filter</string>
<string>Microsoft Defender ATP Network Extension</string>
<key>PluginBundleID</key>
<string>com.microsoft.wdav</string>
<key>FilterSockets</key>
@ -265,10 +265,10 @@ Save the following content to a file named **sysext.xml**:
Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`:
```bash
$ plutil -lint sysext.xml
sysext.xml: OK
```
```bash
$ plutil -lint sysext.xml
sysext.xml: OK
```
To deploy this custom configuration profile:

26
windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
View File

@ -19,12 +19,30 @@ ms.topic: conceptual
# What's new in Microsoft Defender Advanced Threat Protection for Mac
> [!NOTE]
> In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions.
> [!IMPORTANT]
> In preparation for macOS 11 Big Sur, we are getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
>
> In the meantime, starting with macOS Catalina update 10.15.4, Apple introduced a user facing *Legacy System Extension* warning to signal applications that rely on kernel extensions.
> The update is applicable to devices running macOS version 10.15.4 or later.
>
> If you have previously allowed the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to allow the kernel extension, your users will be presented with the warning. To proactively silence the warning, you can still deploy a configuration to allow the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
> To ensure that the Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
>
> Timing:
> - Organizations that previously opted into Microsoft Defender ATP preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender ATP for Mac agent update **by August 10, 2020**.
> - Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready **by September 07, 2020**.
>
> Action is needed by IT administrator. Review the steps below and assess the impact on your organization:
>
> 1. Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version. <br/>
> Even though Microsoft Defender ATP for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender ATP for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
>
> 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
> 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
## 101.05.16
- Improvements to quick scan logic to significantly reduce the number of scanned files
- Added [autocompletion support](mac-resources.md#how-to-enable-autocompletion) for the command-line tool
- Bug fixes
## 101.03.12

528
windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
View File

@ -1,528 +0,0 @@
# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
## [Overview]()
### [Overview of Microsoft Defender ATP capabilities](overview.md)
### [Threat & Vulnerability Management]()
#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
#### [Exposure score](tvm-exposure-score.md)
#### [Configuration score](configuration-score.md)
#### [Security recommendation](tvm-security-recommendation.md)
#### [Remediation](tvm-remediation.md)
#### [Software inventory](tvm-software-inventory.md)
#### [Weaknesses](tvm-weaknesses.md)
#### [Scenarios](threat-and-vuln-mgt-scenarios.md)
### [Attack surface reduction]()
#### [Hardware-based isolation]()
##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
##### [Application isolation]()
###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
#### [Application control]()
##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection.md)
#### [Network protection](../windows-defender-exploit-guard/network-protection.md)
#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders.md)
#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction.md)
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)
### [Endpoint detection and response]()
#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
#### [Security operations dashboard](security-operations-dashboard.md)
#### [Incidents queue]()
##### [View and organize the Incidents queue](view-incidents-queue.md)
##### [Manage incidents](manage-incidents.md)
##### [Investigate incidents](investigate-incidents.md)
#### [Alerts queue]()
##### [View and organize the Alerts queue](alerts-queue.md)
##### [Manage alerts](manage-alerts.md)
##### [Investigate alerts](investigate-alerts.md)
##### [Investigate files](investigate-files.md)
##### [Investigate machines](investigate-machines.md)
##### [Investigate an IP address](investigate-ip.md)
##### [Investigate a domain](investigate-domain.md)
##### [Investigate a user account](investigate-user.md)
#### [Machines list]()
##### [View and organize the Machines list](machines-view-overview.md)
##### [Investigate machines]()
###### [Machine details](investigate-machines.md#machine-details)
###### [Response actions](investigate-machines.md#response-actions)
###### [Cards](investigate-machines.md#cards)
###### [Tabs](investigate-machines.md#tabs)
#### [Take response actions]()
##### [Take response actions on a machine]()
###### [Understand response actions](respond-machine-alerts.md)
###### [Manage tags](respond-machine-alerts.md#manage-tags)
###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
###### [Collect investigation package from machines](respond-machine-alerts.md#collect-investigation-package-from-machines)
###### [Run Microsoft Defender Antivirus scan on machines](respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines)
###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution)
###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
##### [Take response actions on a file]()
###### [Understand response actions](respond-file-alerts.md)
###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
###### [Deep analysis](respond-file-alerts.md#deep-analysis)
##### [Live response]()
###### [Investigate entities on machines](live-response.md)
###### [Live response command examples](live-response-command-examples.md)
### [Automated investigation and remediation]()
#### [Understand Automated investigations](automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Threat analytics](threat-analytics.md)
### [Microsoft Threat Experts](microsoft-threat-experts.md)
### [Advanced hunting]()
#### [Advanced hunting overview](advanced-hunting-overview.md)
#### [Query data using Advanced hunting]()
##### [Data querying basics](advanced-hunting-query-language.md)
##### [Advanced hunting reference](advanced-hunting-schema-reference.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
#### [Custom detections]()
##### [Understand custom detection rules](overview-custom-detections.md)
##### [Create custom detections rules](custom-detection-rules.md)
### [Management and APIs]()
#### [Overview of management and APIs](management-apis.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
#### [Microsoft Defender ATP APIs](apis-intro.md)
#### [Managed security service provider support](mssp-support.md)
### [Integrations]()
#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
#### [Conditional Access integration overview](conditional-access.md)
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
#### [Information protection in Windows overview]()
##### [Windows integration](information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
### [Microsoft Threat Experts](microsoft-threat-experts.md)
### [Portal overview](portal-overview.md)
## [Get started]()
### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
### [Preview features](preview.md)
### [Evaluation lab](evaluation-lab.md)
### [Minimum requirements](minimum-requirements.md)
### [Validate licensing and complete setup](licensing.md)
### [Data storage and privacy](data-storage-privacy.md)
### [Assign user access to the portal](assign-portal-access.md)
### [Evaluate Microsoft Defender ATP capabilities]()
#### [Evaluate attack surface reduction]()
##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Evaluate next generation protection](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md)
### [Access the Microsoft Defender Security Center Community Center](community.md)
## [Configure and manage capabilities]()
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
### [Hardware-based isolation]()
#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
#### [Application isolation]()
##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
#### [Device control]()
##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
##### [Device Guard]()
###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
###### [Memory integrity]()
####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
#### [Exploit protection]()
##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access]()
##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders.md)
##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders.md)
#### [Attack surface reduction controls]()
##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
### [Configure next generation protection]()
#### [Configure Microsoft Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md)
#### [Utilize Microsoft cloud-delivered protection]()
##### [Understand cloud-delivered protection](../microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
##### [Enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md)
##### [Specify the cloud-delivered protection level](../microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md)
##### [Configure and validate network connections](../microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md)
##### [Enable Block at first sight](../microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md)
##### [Configure the cloud block timeout period](../microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection]()
##### [Configuration overview](../microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md)
##### [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md)
##### [Enable and configure always-on protection and monitoring](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md)
#### [Antivirus on Windows Server 2016](../microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md)
#### [Antivirus compatibility]()
##### [Compatibility charts](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)
##### [Use limited periodic antivirus scanning](../microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md)
#### [Deploy, manage updates, and report on antivirus]()
##### [Using Microsoft Defender Antivirus](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md)
##### [Deploy and enable antivirus]()
###### [Preparing to deploy](../microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md)
###### [Deployment guide for VDI environments](../microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md)
##### [Report on antivirus protection]()
###### [Review protection status and aqlerts](../microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md)
###### [Troubleshoot antivirus reporting in Update Compliance](../microsoft-defender-antivirus/troubleshoot-reporting.md)
##### [Manage updates and apply baselines]()
###### [Learn about the different kinds of updates](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md)
###### [Manage protection and Security intelligence updates](../microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md)
###### [Manage when protection updates should be downloaded and applied](../microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md)
###### [Manage updates for endpoints that are out of date](../microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md)
###### [Manage event-based forced updates](../microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md)
###### [Manage updates for mobile devices and VMs](../microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)
#### [Customize, initiate, and review the results of scans and remediation]()
##### [Configuration overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
###### [Configure antivirus exclusions Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)
##### [Configure antivirus scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md)
##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md)
##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md)
##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md)
##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md)
##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md)
#### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
#### [Manage antivirus in your business]()
##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
##### [Use Group Policy settings to configure and manage antivirus](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
##### [Use PowerShell cmdlets to configure and manage antivirus](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
#### [Manage scans and remediation]()
##### [Management overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
###### [Configure antivirus exclusions on Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)
##### [Configure scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md)
##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md)
##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md)
##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md)
##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md)
##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
#### [Manage next generation protection in your business]()
##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
##### [Use Group Policy settings to manage next generation protection](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
##### [Use PowerShell cmdlets to manage next generation protection](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
### [Endpoint detection and response management and API support]()
#### [Onboard machines]()
##### [Onboarding overview](onboard-configure.md)
##### [Onboard previous versions of Windows](onboard-downlevel.md)
##### [Onboard Windows 10 machines]()
###### [Ways to onboard](configure-endpoints.md)
###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
###### [Onboard machines using Mobile Device Management tools]()
####### [Overview](configure-endpoints-mdm.md)
####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
###### [Onboard machines using a local script](configure-endpoints-script.md)
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
##### [Onboard servers](configure-server-endpoints.md)
##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
##### [Onboard machines without Internet access](onboard-offline-machines.md)
##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
##### [Run simulated attacks on machines](attack-simulations.md)
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
##### [Troubleshoot onboarding issues]()
###### [Troubleshooting basics](troubleshoot-onboarding.md)
###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
#### [Microsoft Defender ATP API]()
##### [Understand Microsoft Defender ATP APIs](use-apis.md)
##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
##### [Get started]()
###### [Introduction](apis-intro.md)
###### [Hello World](api-hello-world.md)
###### [Get access with application context](exposed-apis-create-app-webapp.md)
###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
###### [Get partner application access](microsoft-defender-atp/exposed-apis-create-app-partners.md)
##### [APIs]()
###### [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
###### [Common REST API error codes](common-errors.md)
###### [Advanced Hunting](run-advanced-query-api.md)
###### [Alert]()
####### [Methods, properties, and JSON representation](alerts.md)
####### [List alerts](get-alerts.md)
####### [Create alert](create-alert-by-reference.md)
####### [Update Alert](update-alert.md)
####### [Get alert information by ID](get-alert-info-by-id.md)
####### [Get alert related domains information](get-alert-related-domain-info.md)
####### [Get alert related file information](get-alert-related-files-info.md)
####### [Get alert related IPs information](get-alert-related-ip-info.md)
####### [Get alert related machine information](get-alert-related-machine-info.md)
####### [Get alert related user information](get-alert-related-user-info.md)
###### [Machine]()
####### [Methods and properties](machine.md)
####### [List machines](get-machines.md)
####### [Get machine by ID](get-machine-by-id.md)
####### [Get machine log on users](get-machine-log-on-users.md)
####### [Get machine related alerts](get-machine-related-alerts.md)
####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
####### [Find machines by IP](find-machines-by-ip.md)
###### [Machine Action]()
####### [Methods and properties](machineaction.md)
####### [List Machine Actions](get-machineactions-collection.md)
####### [Get Machine Action](get-machineaction-object.md)
####### [Collect investigation package](collect-investigation-package.md)
####### [Get investigation package SAS URI](get-package-sas-uri.md)
####### [Isolate machine](isolate-machine.md)
####### [Release machine from isolation](unisolate-machine.md)
####### [Restrict app execution](restrict-code-execution.md)
####### [Remove app restriction](unrestrict-code-execution.md)
####### [Run antivirus scan](run-av-scan.md)
####### [Offboard machine](offboard-machine-api.md)
####### [Stop and quarantine file](stop-and-quarantine-file.md)
###### [Automated Investigation]()
####### [Investigation methods and properties](microsoft-defender-atp/investigation.md)
####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md)
####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md)
####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md)
###### [Indicators]()
####### [Methods and properties](ti-indicator.md)
####### [Submit Indicator](post-ti-indicator.md)
####### [List Indicators](get-ti-indicators-collection.md)
####### [Delete Indicator](delete-ti-indicator-by-id.md)
###### [Domain]()
####### [Get domain related alerts](get-domain-related-alerts.md)
####### [Get domain related machines](get-domain-related-machines.md)
####### [Get domain statistics](get-domain-statistics.md)
###### [File]()
####### [Methods and properties](files.md)
####### [Get file information](get-file-information.md)
####### [Get file related alerts](get-file-related-alerts.md)
####### [Get file related machines](get-file-related-machines.md)
####### [Get file statistics](get-file-statistics.md)
###### [IP]()
####### [Get IP related alerts](get-ip-related-alerts.md)
####### [Get IP statistics](get-ip-statistics.md)
###### [User]()
####### [Methods](user.md)
####### [Get user related alerts](get-user-related-alerts.md)
####### [Get user related machines](get-user-related-machines.md)
##### [How to use APIs - Samples]()
###### [Microsoft Flow](api-microsoft-flow.md)
###### [Power BI](api-power-bi.md)
###### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
###### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
###### [Using OData Queries](exposed-apis-odata-samples.md)
#### [API for custom alerts]()
##### [Enable the custom threat intelligence application](enable-custom-ti.md)
##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
##### [Create custom threat intelligence alerts](custom-ti-api.md)
##### [PowerShell code examples](powershell-example-code.md)
##### [Python code examples](python-example-code.md)
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
#### [Pull Detections to your SIEM tools]()
##### [Learn about different ways to pull Detections](configure-siem.md)
##### [Enable SIEM integration](enable-siem-integration.md)
##### [Configure Splunk to pull Detections](configure-splunk.md)
##### [Configure HP ArcSight to pull Detections](configure-arcsight.md)
##### [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
##### [Pull Detections using SIEM REST API](pull-alerts-using-rest-api.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
#### [Reporting]()
##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
##### [Threat protection reports](threat-protection-reports.md)
##### [Machine health and compliance reports](machine-reports.md)
#### [Interoperability]()
##### [Partner applications](partner-applications.md)
#### [Manage machine configuration]()
##### [Ensure your machines are configured properly](configure-machines.md)
##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
#### [Role-based access control]()
##### [Manage portal access using RBAC]()
###### [Using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md)
###### [Create and manage machine groups]()
####### [Using machine groups](machine-groups.md)
####### [Create and manage machine tags](machine-tags.md)
#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
### [Configure Microsoft threat protection integration]()
#### [Configure Conditional Access](configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
#### [Configure information protection in Windows](information-protection-in-windows-config.md)
### [Configure portal settings]()
#### [Set up preferences](preferences-setup.md)
#### [General]()
##### [Update data retention settings](data-retention-settings.md)
##### [Configure alert notifications](configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
##### [Configure advanced features](advanced-features.md)
#### [Permissions]()
##### [Use basic permissions to access the portal](basic-permissions.md)
##### [Manage portal access using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md)
###### [Create and manage machine groups](machine-groups.md)
####### [Create and manage machine tags](machine-tags.md)
#### [APIs]()
##### [Enable Threat intel](enable-custom-ti.md)
##### [Enable SIEM integration](enable-siem-integration.md)
#### [Rules]()
##### [Manage suppression rules](manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
##### [Manage indicators](manage-indicators.md)
##### [Manage automation file uploads](manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
#### [Machine management]()
##### [Onboarding machines](onboard-configure.md)
##### [Offboarding machines](offboard-machines.md)
#### [Configure time zone settings](time-settings.md)
## [Troubleshoot Microsoft Defender ATP]()
### [Troubleshoot sensor state]()
#### [Check sensor state](check-sensor-status.md)
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
### [Troubleshoot service issues]()
#### [Troubleshooting issues](troubleshoot-mdatp.md)
#### [Check service health](service-status.md)
### [Troubleshoot attack surface reduction issues]()
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
### [Troubleshoot next generation protection issues](../microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md)

5
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
View File

@ -75,6 +75,9 @@ The two large numbers at the top of the page show the number of new vulnerabilit
![Event timeline page](images/tvm-event-timeline-overview-mixed-type.png)
>[!NOTE]
>New configuration assessments are coming soon.
### Columns
- **Date**: month, day, year
@ -114,7 +117,7 @@ To open a software page, select an event > select the hyperlinked software name
A full page will appear with all the details of a specific software. Mouse over the graph to see the timeline of events for that specific software.
![Software page with an Event timeline graph](images/tvm-event-timeline-software.png)
![Software page with an Event timeline graph](images/tvm-event-timeline-software2.png)
You can also navigate to the event timeline tab to view all the events related to that software, along with security recommendations, discovered vulnerabilities, installed machines, and version distribution.

50
windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
View File

@ -28,12 +28,10 @@ ms.topic: troubleshooting
You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues.
This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the devices.
## Troubleshoot issues with onboarding tools
If you have completed the onboarding process and don't see devices in the [Devices list](investigate-machines.md) after an hour, it might indicate an onboarding or connectivity problem.
### Troubleshoot onboarding when deploying with Group Policy
Deployment with Group Policy is done by running the onboarding script on the devices. The Group Policy console does not indicate if the deployment has succeeded or not.
@ -42,7 +40,6 @@ If you have completed the onboarding process and don't see devices in the [Devic
If the script completes successfully, see [Troubleshoot onboarding issues on the devices](#troubleshoot-onboarding-issues-on-the-device) for additional errors that might occur.
### Troubleshoot onboarding issues when deploying with Microsoft Endpoint Configuration Manager
When onboarding devices using the following versions of Configuration Manager:
@ -57,10 +54,10 @@ If the deployment fails, you can check the output of the script on the devices.
If the onboarding completed successfully but the devices are not showing up in the **Devices list** after an hour, see [Troubleshoot onboarding issues on the device](#troubleshoot-onboarding-issues-on-the-device) for additional errors that might occur.
### Troubleshoot onboarding when deploying with a script
**Check the result of the script on the device:**
1. Click **Start**, type **Event Viewer**, and press **Enter**.
2. Go to **Windows Logs** > **Application**.
@ -68,6 +65,7 @@ If the onboarding completed successfully but the devices are not showing up in t
3. Look for an event from **WDATPOnboarding** event source.
If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
> [!NOTE]
> The following event IDs are specific to the onboarding script only.
@ -82,7 +80,6 @@ Event ID | Error Type | Resolution steps
`40` | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md).
`65` | Insufficient privileges| Run the script again with administrator privileges.
### Troubleshoot onboarding issues using Microsoft Intune
You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
@ -97,7 +94,7 @@ Use the following tables to understand the possible causes of issues while onboa
If none of the event logs and troubleshooting steps work, download the Local script from the **Device management** section of the portal, and run it in an elevated command prompt.
**Microsoft Intune error codes and OMA-URIs**:
#### Microsoft Intune error codes and OMA-URIs
Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
:---:|:---|:---|:---|:---
@ -107,8 +104,7 @@ Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause a
| | | | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently supported platforms:<br> Enterprise, Education, and Professional.<br> Server is not supported.
0x87D101A9 | -2016345687 |SyncML(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.<br><br> Currently supported platforms:<br> Enterprise, Education, and Professional.
**Known issues with non-compliance**
#### Known issues with non-compliance
The following table provides information on issues with non-compliance and how you can address the issues.
@ -118,8 +114,7 @@ Case | Symptoms | Possible cause and troubleshooting steps
`2` | Device is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the device as non-compliant by SenseIsRunning when DM session occurs on system start. <br><br> **Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
`3` | Device is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same device at same time.
**Mobile Device Management (MDM) event logs**
#### Mobile Device Management (MDM) event logs
View the MDM event logs to troubleshoot issues that might arise during onboarding:
@ -131,17 +126,16 @@ ID | Severity | Event description | Troubleshooting steps
:---|:---|:---|:---
1819 | Error | Microsoft Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
## Troubleshoot onboarding issues on the device
If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent:
If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent.
- [View agent onboarding errors in the device event log](#view-agent-onboarding-errors-in-the-device-event-log)
- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
- [Ensure the device has an Internet connection](#ensure-the-device-has-an-internet-connection)
- [Ensure that Microsoft Defender Antivirus is not disabled by a policy](#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)
### View agent onboarding errors in the device event log
1. Click **Start**, type **Event Viewer**, and press **Enter**.
@ -181,19 +175,18 @@ Event ID | Message | Resolution steps
`68` | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 | Identify what is causing changes in start type. Fix mentioned service start type.
`69` | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists.
<br>
<br />
There are additional components on the device that the Microsoft Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
<span id="ensure-the-diagnostics-service-is-enabled" />
### Ensure the diagnostic data service is enabled
If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the device. The service might have been disabled by other programs or user configuration changes.
First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
### Ensure the service is set to start
**Use the command line to check the Windows 10 diagnostic data service startup type**:
@ -216,7 +209,6 @@ First, you should check that the service is set to start automatically when Wind
If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
1. Open an elevated command-line prompt on the device:
@ -255,14 +247,18 @@ To ensure that sensor has service connectivity, follow the steps described in th
If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) topic.
### Ensure that Microsoft Defender Antivirus is not disabled by a policy
> [!IMPORTANT]
> The following only applies to devices that have **not** yet received the August 2020 (version 4.18.2007.8) update to Microsoft Defender Antivirus.
>
> The update ensures that Microsoft Defender Antivirus cannot be turned off on client devices via system policy.
**Problem**: The Microsoft Defender ATP service does not start after onboarding.
**Symptom**: Onboarding successfully completes, but you see error 577 or error 1058 when trying to start the service.
**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not turned off by a system policy.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
@ -273,17 +269,19 @@ If the verification fails and your environment is using a proxy to connect to th
- `<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>`
- `<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiVirus"/></Key>`
> [!IMPORTANT]
> The `disableAntiSpyware` setting is discontinued and will be ignored on all client devices, as of the August 2020 (version 4.18.2007.8) update to Microsoft Defender Antivirus.
- After clearing the policy, run the onboarding steps again.
- You can also check the following registry key values to verify that the policy is disabled:
1. Open the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.
2. Ensure that the value `DisableAntiSpyware` is not present.
- You can also check the previous registry key values to verify that the policy is disabled, by opening the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.
![Image of registry key for Microsoft Defender Antivirus](images/atp-disableantispyware-regkey.png)
> [!NOTE]
> In addition, you must ensure that wdfilter.sys and wdboot.sys are set to their default start values of "0".
>
> - `<Key Path="SYSTEM\CurrentControlSet\Services\WdBoot"><KeyValue Value="0" ValueKind="DWord" Name="Start"/></Key>`
> - `<Key Path="SYSTEM\CurrentControlSet\Services\WdFilter"><KeyValue Value="0" ValueKind="DWord" Name="Start"/></Key>`
@ -295,6 +293,7 @@ If you encounter issues while onboarding a server, go through the following veri
- [Ensure that the server proxy and Internet connectivity settings are configured properly](configure-server-endpoints.md#server-proxy)
You might also need to check the following:
- Check that there is a Microsoft Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
![Image of process view with Microsoft Defender Advanced Threat Protection Service running](images/atp-task-manager.png)
@ -311,12 +310,12 @@ You might also need to check the following:
- Check to see that devices are reflected in the **Devices list** in the portal.
## Confirming onboarding of newly built devices
There may be instances when onboarding is deployed on a newly built device but not completed.
The steps below provide guidance for the following scenario:
- Onboarding package is deployed to newly built devices
- Sensor does not start because the Out-of-box experience (OOBE) or first user logon has not been completed
- Device is turned off or restarted before the end user performs a first logon
@ -325,7 +324,6 @@ The steps below provide guidance for the following scenario:
> [!NOTE]
> The following steps are only relevant when using Microsoft Endpoint Configuration Manager. For more details about onboarding using Microsoft Endpoint Configuration Manager, see [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection).
1. Create an application in Microsoft Endpoint Configuration Manager.
![Image of Microsoft Endpoint Configuration Manager configuration](images/mecm-1.png)
@ -444,8 +442,8 @@ The steps below provide guidance for the following scenario:
![Image of Microsoft Endpoint Configuration Manager configuration](images/mecm-30.png)
## Related topics
- [Troubleshoot Microsoft Defender ATP](troubleshoot-mdatp.md)
- [Onboard devices](onboard-configure.md)
- [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md)

3
windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
View File

@ -26,6 +26,9 @@ ms.topic: article
Before you begin, ensure that you meet the following operating system or platform requisites for threat and vulnerability management so the activities in your devices are properly accounted for.
>[!NOTE]
>Operating systems supported by Microsoft Defender ATP are not necessarily supported by threat and vulnerability management (like MacOS and Linux).
Operating system | Security assessment support
:---|:---
Windows 7 | Operating System (OS) vulnerabilities

26
windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
View File

@ -24,38 +24,38 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns.
Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs that are associated with the category. For any category that's not blocked, they are automatically audited i.e. your users will be able to access the URLs without disruption and you will continue to gather access statistics to help create a more custom policy decision. If an element on the page youre viewing is making calls to a resource which is blocked, your users will see a block notification.
You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs that are associated with the category. For any category that's not blocked, they are automatically audited. That means your users will be able to access the URLs without disruption, and you will continue to gather access statistics to help create a more custom policy decision. If an element on the page youre viewing is making calls to a resource that is blocked, your users will see a block notification.
Web content filtering is available on the major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Chrome and Firefox). See the prerequisites section for more information about browser support.
Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome and Firefox). For more information about browser support, see the prerequisites section.
To summarize the benefits:
Summarizing the benefits:
- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away
- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
- You can access web reports in the same central location, with visibility over actual blocks and web usage
- Users are prevented from accessing websites in blocked categories, whether they're browsing on-premises or away
- Conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
- Access web reports in the same central location, with visibility over actual blocks and web usage
## User experience
The blocking experience for Chrome/Firefox is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection.
For a more user-friendly in-browser experience, consider using Edge.
For a more user-friendly in-browser experience, consider using Microsoft Edge.
## Prerequisites
Before trying out this feature, make sure you have the following:
- Windows 10 Enterprise E5 license
- Windows 10 Enterprise E5 license OR Microsoft 365 E3 + Microsoft 365 E5 Security add-on.
- Access to Microsoft Defender Security Center portal
- Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
Note that if SmartScreen is not turned on, Network Protection will take over the blocking.
If Windows Defender SmartScreen is not turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device.
## Data handling
For this feature, we will follow whichever region you have elected to use as part of your [Microsoft Defender ATP data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
## Turn on web content filtering
From the left-hand navigation menu, select **Settings > General > Advanced Features**. Scroll down until you see the entry for **Web content filtering**. Switch the toggle to **On** and **Save preferences**.
@ -119,11 +119,11 @@ You can access the **Report details** for each card by selecting a table row or
Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item.
## Errors and issues
### Limitations and known issues in this preview
- Only Edge is supported if your device's OS configuraiton is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices which is responsible for securing traffic across Chrome/Firefox.
- Only Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across Chrome/Firefox.
- Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices in the interim before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts.

61
windows/security/threat-protection/security-compliance-toolkit-10.md
View File

@ -27,6 +27,7 @@ The SCT enables administrators to effectively manage their enterprises Group
The Security Compliance Toolkit consists of:
- Windows 10 security baselines
- Windows 10 Version 2004 (May 2020 Update)
- Windows 10 Version 1909 (November 2019 Update)
- Windows 10 Version 1903 (May 2019 Update)
- Windows 10 Version 1809 (October 2018 Update)
@ -80,63 +81,3 @@ It can export local policy to a GPO backup.
It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file.
Documentation for the LGPO tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/lgpo-exe-local-group-policy-object-utility-v1-0/ba-p/701045) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
## List of PowerShell scripts
This list of PowerShell script names, divided into categories by the name of the ZIP file containing those scripts, is based on the download page content listing of the full package download (12 files).
1. **Windows 10 Version 1909 and Windows Server Version 1909 Security Baseline.zip**
- Baseline-ADImport.ps1
- Baseline-LocalInstall.ps1
- Remove-EPBaselineSettings.ps1
- MapGuidsToGpoNames.ps1
2. **LGPO.zip**
- (none)
3. **Microsoft Edge v80.zip**
- Baseline-ADImport.ps1
- Baseline-LocalInstall.ps1
- MapGuidsToGpoNames.ps1
4. **Office365-ProPlus-Sept2019-FINAL.zip**
- Baseline-ADImport.ps1
- Baseline-LocalInstall.ps1
- MapGuidsToGpoNames.ps1
5. **PolicyAnalyzer.zip**
- Merge-PolicyRules.ps1
- Split-PolicyRules.ps1
6. **Windows 10 Version 1507 Security Baseline.zip**
- (none)
7. **Windows 10 Version 1607 and Windows Server 2016 Security Baseline.zip**
- MapGuidsToGpoNames.ps1
8. **Windows 10 Version 1709 Security Baseline.zip**
- MapGuidsToGpoNames.ps1
9. **Windows 10 Version 1803 Security Baseline.zip**
- MapGuidsToGpoNames.ps1
10. **Windows 10 Version 1809 and Windows Server 2019 Security Baseline.zip**
- BaselineLocalInstall.ps1
- MapGuidsToGpoNames.ps1
11. **Windows 10 Version 1903 and Windows Server Version 1903 Security Baseline - Sept2019Update.zip**
- Baseline-ADImport.ps1
- Baseline-LocalInstall.ps1
- MapGuidsToGpoNames.ps1
12. **Windows Server 2012 R2 Security Baseline.zip**
- (none)

4
windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
View File

@ -56,7 +56,9 @@ Additionally, if a data drive is password-protected, it can be accessed by a FIP
### Best practices
There are no best practices for this setting. Our previous guidance had recommended a setting of **Enabled**, primarily to align with US Federal government recommendations. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend this setting be **Not Defined**, meaning that we leave the decision to customers. For a deeper explanation, see [Why Were Not Recommending “FIPS Mode” Anymore](https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/).
We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode.
For a complete list of Microsoft-recommended configuration settings, see [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines). For more information about Windows and FIPS 140-2, see [FIPS 140 Validation](https://docs.microsoft.com/windows/security/threat-protection/fips-140-validation).
### Location

20
windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
View File

@ -22,7 +22,7 @@ ms.date: 06/13/2018
**Applies to:**
- Windows 10
- Windows Server 2016 and above
- Windows Server 2019
Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Windows Defender Application Control (WDAC).
This is especially true for enterprises with large, ever changing software catalogs.
@ -36,7 +36,7 @@ A managed installer uses a new rule collection in AppLocker to specify one or mo
Specifying an executable as a managed installer will cause Windows to tag files that are written from the executables process (or processes it launches) as having originated from a trusted installation authority. The Managed Installer rule collection is currently supported for AppLocker rules in Group Policy and in Configuration Manager, but not in the AppLocker CSP for OMA-URI policies.
Once the IT administrator adds the Allow: Managed Installer option to a WDAC policy, the WDAC component will subsequently check for the presence of the origin information when evaluating other application execution control rules specified in the policy.
If there are no deny rules present for the file, it will be authorized based on the managed installer origin information.+
If there are no deny rules present for the file, it will be authorized based on the managed installer origin information.
Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be deployed through a managed installer.
Examples of WDAC policies available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies help authorize Windows OS components, WHQL signed drivers and all Store apps.
@ -46,9 +46,9 @@ Examples of WDAC policies available in C:\Windows\schemas\CodeIntegrity\ExampleP
Setting up managed installer tracking and application execution enforcement requires applying both an AppLocker and WDAC policy with specific rules and options enabled.
There are three primary steps to keep in mind:
- Specify managed installers using the Managed Installer rule collection in AppLocker policy
- Enable service enforcement in AppLocker policy
- Enable the managed installer option in a WDAC policy
- Specify managed installers by using the Managed Installer rule collection in AppLocker policy.
- Enable service enforcement in AppLocker policy.
- Enable the managed installer option in a WDAC policy.
### Specify managed installers using the Managed Installer rule collection in AppLocker policy
@ -60,7 +60,7 @@ For more information about creating an AppLocker policy that includes a managed
As mentioned above, the AppLocker CSP for OMA-URI policies does not currently support the Managed Installer rule collection or the Service Enforcement rule extensions mentioned below.
```code
```xml
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
<FilePublisherRule Id="6cc9a840-b0fd-4f86-aca7-8424a22b4b93" Name="CMM - CCMEXEC.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
@ -82,10 +82,10 @@ As mentioned above, the AppLocker CSP for OMA-URI policies does not currently su
## Enable service enforcement in AppLocker policy
Since many installation processes rely on services, it is typically necessary to enable tracking of services.
Correct tracking of services requires the presence of at least one rule in the rule collection a simple audit only rule will suffice.
Correct tracking of services requires the presence of at least one rule in the rule collection a simple audit only rule will suffice.
For example:
```code
```xml
<RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
<FilePathRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Dummy Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
@ -124,7 +124,7 @@ In order to enable trust for the binaries laid down by managed installers, the E
This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption).
An example of the managed installer option being set in policy is shown below.
```code
```xml
<Rules>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
@ -149,7 +149,7 @@ An example of the managed installer option being set in policy is shown below.
To enable the managed installer, you need to set the AppLocker filter driver to autostart and start it.
Run the following command as an Administrator:
```code
```console
appidtel.exe start [-mionly]
```