From b8e0fcb6678ee9923ae4b7a8a2f5148f1b444ff4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 22 Apr 2021 17:12:47 +0500 Subject: [PATCH 1/8] Update networkqospolicy-csp.md --- windows/client-management/mdm/networkqospolicy-csp.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 3c523ba304..10eec227f2 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 06/26/2017 +ms.date: 04/22/2021 ms.reviewer: manager: dansimp --- @@ -25,7 +25,11 @@ The following actions are supported: - Layer 3 tagging using a differentiated services code point (DSCP) value > [!NOTE] -> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004. +> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on following devices: +> - Azure AD Hybrid joined devices +> - Devices, that use both GPO and CSP at the same time +> +> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004. The following shows the NetworkQoSPolicy configuration service provider in tree format. ``` From b0bb3af919e262d611aa7ea10d2788aa70bda79d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Apr 2021 20:03:57 +0500 Subject: [PATCH 2/8] Update windows/client-management/mdm/networkqospolicy-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/networkqospolicy-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 10eec227f2..d5660d2036 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -25,7 +25,7 @@ The following actions are supported: - Layer 3 tagging using a differentiated services code point (DSCP) value > [!NOTE] -> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on following devices: +> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on the following devices: > - Azure AD Hybrid joined devices > - Devices, that use both GPO and CSP at the same time > From 828a14d89b3cbc7026392e4f82a0c2bc6852e732 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Apr 2021 20:04:04 +0500 Subject: [PATCH 3/8] Update windows/client-management/mdm/networkqospolicy-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/networkqospolicy-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index d5660d2036..3846e7ba07 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -26,7 +26,7 @@ The following actions are supported: > [!NOTE] > The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on the following devices: -> - Azure AD Hybrid joined devices +> - Azure AD Hybrid joined devices. > - Devices, that use both GPO and CSP at the same time > > The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004. From 6001966c83f20f78f168744fc8e2bc80d93feff4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Apr 2021 20:04:11 +0500 Subject: [PATCH 4/8] Update windows/client-management/mdm/networkqospolicy-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/networkqospolicy-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 3846e7ba07..f0fadc3fe5 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -27,7 +27,7 @@ The following actions are supported: > [!NOTE] > The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on the following devices: > - Azure AD Hybrid joined devices. -> - Devices, that use both GPO and CSP at the same time +> - Devices that use both GPO and CSP at the same time. > > The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004. From f9b36a8f76d263724c7d6b3bff194acfcea5cdc4 Mon Sep 17 00:00:00 2001 From: Mark Goodman <19527097+silvermarkg@users.noreply.github.com> Date: Thu, 29 Apr 2021 23:04:53 +0100 Subject: [PATCH 5/8] Policy GUID needs clarity I think this doc needs some clarity around the Policy GUID value as it is not clear not to include the curly brackets. Although this is shown in the image it can be quite small and difficult to see. I've added a note under the section but there might be a better approach. --- ...ndows-defender-application-control-policies-using-intune.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index e9fddbd043..7bbc0ca8ab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -68,6 +68,9 @@ The steps to use Intune's custom OMA-URI functionality are: > [!div class="mx-imgBorder"] > ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png) +> [!NOTE] +> For the _Policy GUID_ value do not include the curly brackets. + ### Remove WDAC policies on Windows 10 1903+ Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable WDAC enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This will prevent anything from being blocked and fully remove the WDAC policy on the next reboot. From d750a9e930c3e2d38cfe21e34b460877e71d112b Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 1 May 2021 01:23:51 +0500 Subject: [PATCH 6/8] Update in Formating Updated the formatting of note section. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6883 --- windows/client-management/mdm/device-update-management.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 00d784cb32..e2a6fc0027 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -69,7 +69,8 @@ Some important highlights: - The protocol allows the MDM to sync update metadata for a particular update by calling GetUpdateData. For more information, see [GetUpdateData](/openspecs/windows_protocols/ms-wsusss/c28ad30c-fa3f-4bc6-a747-788391d2d964) in MSDN. The LocURI to get the applicable updates with their revision Numbers is `./Vendor/MSFT/Update/InstallableUpdates?list=StructData`. Because not all updates are available via S2S sync, make sure you handle SOAP errors. - For mobile devices, you can either sync metadata for a particular update by calling GetUpdateData, or for a local on-premises solution, you can use WSUS and manually import the mobile updates from the Microsoft Update Catalog site. For more information, see [Process flow diagram and screenshots of server sync process](#process-flow-diagram-and-screenshots-of-server-sync-process). -> **Note**  On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, etc). Each time such a change is made that doesn’t affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number). +> [!NOTE] +> On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, etc). Each time such a change is made that doesn’t affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number). ## Examples of update metadata XML structure and element descriptions From ae5fec8a521b74f372b99e48746d50247653b306 Mon Sep 17 00:00:00 2001 From: Pedro Paulo Date: Sun, 2 May 2021 16:07:40 -0700 Subject: [PATCH 7/8] Update link to MSDN blog archive The old link is throwing 404. Change the link to point to the archived NDIS blog. --- .../smart-cards/smart-card-debugging-information.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index 1135c404d0..a084d3c132 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -57,7 +57,7 @@ To delete a container, type **certutil -delkey -csp "Microsoft Base Smart Card C ## Debugging and tracing using WPP -WPP simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](https://blogs.msdn.com/b/ndis/archive/2011/04/06/diagnostics-with-wpp.aspx). +WPP simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](/archive/blogs/ndis/diagnostics-with-wpp). ### Enable the trace @@ -247,4 +247,4 @@ For more information about CryptoAPI 2.0 Diagnostics, see [Troubleshooting an En ## See also -[Smart Card Technical Reference](smart-card-windows-smart-card-technical-reference.md) \ No newline at end of file +[Smart Card Technical Reference](smart-card-windows-smart-card-technical-reference.md) From bb05ffc1e264ef616a1a3b1a25cecfffbac61c41 Mon Sep 17 00:00:00 2001 From: Vitali Beniamino <38581963+vitalibeniamino@users.noreply.github.com> Date: Thu, 6 May 2021 11:34:53 +0200 Subject: [PATCH 8/8] Updated line 176 Header wasn't showing Put a new line before line 176 so that the header will be shown. mino --- windows/deployment/update/waas-manage-updates-wsus.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index ce105012f6..c41a64b71e 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -172,6 +172,7 @@ You can now see these computers in the **Ring 3 Broad IT** computer group. + ## Use Group Policy to populate deployment rings The WSUS Administration Console provides a friendly interface from which you can manage Windows 10 quality and feature updates. When you need to add many computers to their correct WSUS deployment ring, however, it can be time-consuming to do so manually in the WSUS Administration Console. For these cases, consider using Group Policy to target the correct computers, automatically adding them to the correct WSUS deployment ring based on an Active Directory security group. This process is called *client-side targeting*. Before enabling client-side targeting in Group Policy, you must configure WSUS to accept Group Policy computer assignment. @@ -357,4 +358,4 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +- [Manage device restarts after updates](waas-restart.md)