deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #9894 from MicrosoftDocs/main

Browse Source 
publish main to live 6/3/24 10:30 AM
This commit is contained in:
Jeff Borsecnik 2024-06-03 10:58:12 -07:00 committed by GitHub
commit 9117e8ad69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
45 changed files with 74 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
education/windows/federated-sign-in.md
View File

@ -1,7 +1,7 @@
---
title: Configure federated sign-in for Windows devices
description: Learn how federated sign-in in Windows works and how to configure it.
ms.date: 04/10/2024
ms.date: 06/03/2024
ms.topic: how-to
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@ -87,7 +87,7 @@ Review the following instructions to configure your devices using either Microso
|--|--|--|
| Education | Is Education Environment | Enabled |
| Federated Authentication | Enable Web Sign In For Primary User | Enabled |
| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>- `mobile-redirector.clever.com` |
| Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
@ -134,7 +134,7 @@ Review the following instructions to configure your shared devices using either
| Education | Is Education Environment | Enabled |
| SharedPC | Enable Shared PC Mode With OneDrive Sync | True |
| Authentication | Enable Web Sign In | Enabled |
| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>- `mobile-redirector.clever.com` |
| Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]

42
windows/configuration/start/layout.md
View File

@ -649,45 +649,3 @@ When you configure the Start layout with policy settings, you overwrite the enti
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
[PS-1]: /powershell/module/startlayout/export-startlayout
[WIN-1]: /windows/client-management/mdm/policy-csp-start
<!--
## Add image for secondary Microsoft Edge tiles
App tiles are the Start screen tiles that represent and launch an app. A tile that allows a user to go to a specific location in an app is a *secondary tile*. Some examples of secondary tiles include:
- Weather updates for a specific city in a weather app
- A summary of upcoming events in a calendar app
- Status and updates from an important contact in a social app
- A website in Microsoft Edge
By using the PowerShell cmdlet `export-StartLayoutEdgeAssets` and the policy setting `ImportEdgeAssets`, the tiles display the same as they did on the device from which you exported the Start layout.
[!INCLUDE [example-secondary-tiles](includes/example-secondary-tiles.md)]
## Export Start layout and assets
1. If you'd like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
- For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
- Open `C:\Users\<username>\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.
1. In Windows PowerShell, enter the following command:
```powershell
Export-StartLayoutEdgeAssets assets.xml
```
[!INCLUDE [example-assets](includes/example-assets.md)]
## Configure policy settings
Prepare the Start layout and Edge assets XML files
The `Export-StartLayout` and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
1. Copy the contents of layout.xml into an online tool that escapes characters.
1. Copy the contents of assets.xml into an online tool that escapes characters.
1. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project.
-->

2
windows/configuration/taskbar/includes/allow-widgets.md
View File

@ -15,4 +15,4 @@ This policy specifies whether the widgets feature is allowed on the device.
| | Path |
|--|--|
| **CSP** | `./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/`[AllowNewsAndInterests](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests) |
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Widgets** |
| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Widgets** |

4
windows/configuration/taskbar/includes/configure-start-layout.md
View File

@ -13,7 +13,7 @@ This policy setting lets you specify the applications pinned to the taskbar. The
| | Path |
|--|--|
| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
For more information, see [Customize the taskbar pinned applications](../pinned-apps.md).

2
windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md
View File

@ -18,4 +18,4 @@ This policy setting allows you to configure search on the taskbar.
| | Path |
|--|--|
| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Search/`[ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode) |
| **GPO** | **Computer Configuration** > **Windows Components** > **Search** |
| **GPO** | - **Computer Configuration** > **Windows Components** > **Search** |

2
windows/configuration/taskbar/includes/disable-editing-quick-settings.md
View File

@ -13,4 +13,4 @@ ms.topic: include
| | Path |
|--|--|
| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[DisableEditingQuickSettings](/windows/client-management/mdm/policy-csp-start#disableeditingquicksettings)|
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |
| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |

2
windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md
View File

@ -15,4 +15,4 @@ With this policy setting you control the pinning of items in Jump Lists.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md
View File

@ -15,4 +15,4 @@ This policy setting allows you to control pinning programs to the Taskbar.
| | Path |
|--|--|
| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#nopinningtotaskbar) |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md
View File

@ -15,4 +15,4 @@ This policy setting allows you to control pinning the Store app to the Taskbar.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md
View File

@ -12,4 +12,4 @@ This policy setting allows you to prevent taskbars from being displayed on more
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md
View File

@ -18,4 +18,4 @@ This policy setting allows you to control displaying or tracking items in Jump L
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

4
windows/configuration/taskbar/includes/hide-recent-jumplists.md
View File

@ -19,5 +19,5 @@ Prevents the operating system and installed programs from creating and displayin
| | Path |
|--|--|
| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|
| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|

2
windows/configuration/taskbar/includes/hide-the-notification-area.md
View File

@ -12,4 +12,4 @@ This setting affects the notification area (previously called the "system tray")
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

4
windows/configuration/taskbar/includes/hide-the-taskview-button.md
View File

@ -11,5 +11,5 @@ This policy setting allows you to hide the TaskView button. If you enable this p
| | Path |
|--|--|
| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/lock-all-taskbar-settings.md
View File

@ -15,4 +15,4 @@ With this policy setting you lock all taskbar settings.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/lock-the-taskbar.md
View File

@ -12,4 +12,4 @@ This setting affects the taskbar, which is used to switch between running applic
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md
View File

@ -15,4 +15,4 @@ With this policy setting you prevent changes to taskbar and Start settings.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md
View File

@ -15,4 +15,4 @@ Taskbar grouping consolidates similar applications when there's no room on the t
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md
View File

@ -15,4 +15,4 @@ With this policy setting you prevent users from adding or removing toolbars.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md
View File

@ -15,4 +15,4 @@ With this policy setting you prevent users from moving taskbar to another screen
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md
View File

@ -15,4 +15,4 @@ With this policy setting you prevent users from rearranging toolbars.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md
View File

@ -15,4 +15,4 @@ With this policy setting you prevent users from resizing the taskbar.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md
View File

@ -17,4 +17,4 @@ This policy setting doesn't prevent users from using other methods to issue the
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md
View File

@ -13,4 +13,4 @@ ms.topic: include
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-notifications-and-action-center.md
View File

@ -17,4 +17,4 @@ The notification area is located at the far right end of the taskbar, and includ
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md
View File

@ -15,4 +15,4 @@ This policy setting allows you to remove pinned programs from the taskbar.
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-quick-settings.md
View File

@ -17,4 +17,4 @@ If this setting is enabled, Quick Settings isn't displayed in the Quick Settings
| | Path |
|--|--|
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[DisableControlCenter](/windows/client-management/mdm/policy-csp-start#disablecontrolcenter) |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-the-battery-meter.md
View File

@ -15,4 +15,4 @@ With this policy setting you can remove the battery meter from the system contro
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-the-meet-now-icon.md
View File

@ -15,4 +15,4 @@ With this policy setting allows you can remove the Meet Now icon from the system
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-the-networking-icon.md
View File

@ -15,4 +15,4 @@ With this policy setting you can remove the networking icon from the system cont
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md
View File

@ -12,4 +12,4 @@ With this policy allows you can remove the People Bar from the taskbar and disab
| | Path |
|--|--|
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[HidePeopleBar](/windows/client-management/mdm/policy-csp-start#hidepeoplebar) |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/remove-the-volume-control-icon.md
View File

@ -15,4 +15,4 @@ With this policy setting you can remove the volume control icon from the system
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/show-additional-calendar.md
View File

@ -19,4 +19,4 @@ By default, the calendar is set according to the locale of the operating system,
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/simplify-quick-settings-layout.md
View File

@ -13,4 +13,4 @@ ms.topic: include
| | Path |
|--|--|
| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[SimplifyQuickSettings](/windows/client-management/mdm/policy-csp-start#simplifyquicksettings) |
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md
View File

@ -15,4 +15,4 @@ With this policy setting you can turn off automatic promotion of notification ic
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

2
windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md
View File

@ -18,4 +18,4 @@ This setting determines whether the items are always expanded or always collapse
| | Path |
|--|--|
| **CSP** | Not available. |
| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

4
windows/configuration/taskbar/pinned-apps.md
View File

@ -231,3 +231,7 @@ If you apply the taskbar configuration to a clean install or an update, users ca
Learn more about the options available to configure Start menu settings using the Configuration Service Provider (CSP) and Group Policy (GPO):
- [Taskbar policy settings](policy-settings.md)
---
[WIN-1]: /windows/client-management/mdm/policy-csp-start
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10

7
windows/deployment/do/waas-delivery-optimization-faq.yml
View File

@ -77,11 +77,12 @@ sections:
questions:
- question: Which ports does Delivery Optimization use?
answer: |
Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable).
Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
If you set the "Download Mode" policy to "Group (2)" or "Internet (3)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
Delivery Optimization also communicates with its cloud service by using HTTPS over port 443.
- question: What are the requirements if I use a proxy?
answer: |
For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).

12
windows/deployment/do/waas-delivery-optimization-monitor.md
View File

@ -88,12 +88,12 @@ For details, see [Windows Update for Business Delivery Optimization Report](/win
| CpuUsagePct | Average CPU usage by the Delivery Optimization process |
| MemUsageKB | Amount of committed memory currently used by the Delivery Optimization process |
| NumberOfPeers | Total number of peers found across all files currently in the cache |
| CacheHostConnections | Number of cache host server connections |
| CdnConnections | Number of CDN server connections |
| LanConnections | Number of peer connections over LAN |
| LinkLocalConnections | Number of peer connections over Link Local |
| GroupConnections | Number of peer connections over Group |
| InternetConnections | Number of peer connections over Internet |
| CacheHostConnections | Number of connections to Microsoft Connected Cache servers |
| CdnConnections | Number of connections to CDN servers |
| LanConnections | Number of connections to LAN peers |
| LinkLocalConnections | Number of connections to Link Local peers |
| GroupConnections | Number of connections to Group peers|
| InternetConnections | Number of connections to Internet peers |
| DownlinkBps | Average download bandwidth usage currently seen across all network adapters |
| DownlinkUsageBps | Average bandwidth currently used by Delivery Optimization for downloads |
| UplinkBps | Average upload bandwidth usage currently seen across all network adapters |

2
windows/deployment/do/waas-delivery-optimization-reference.md
View File

@ -42,7 +42,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
| [Minimum disk size allowed to use peer caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | Default value is 32 GB. |
| [Max cache age](#max-cache-age) | DOMaxCacheAge | 1511 | Default value is 259,200 seconds (three days). |
| [Max cache size](#max-cache-size) | DOMaxCacheSize | 1511 | Default value is 20%. |
| [Absolute max cache size (in GBs)](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | Default is not configured.|
| [Absolute max cache size (in GBs)](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | Default isn't configured.|
| [Modify cache drive](#modify-cache-drive) | DOModifyCacheDrive | 1607 | Default to the operating system drive through the %SYSTEMDRIVE% environment variable. |
| [Minimum peer caching content file size](#minimum-peer-caching-content-file-size) | DOMinFileSizeToCache | 1703 | Default file size is 50 MB. |
| [Monthly upload data cap](#monthly-upload-data-cap) | DOMonthlyUploadDataCap | 1607 | Default value is 20 GB. |

7
windows/deployment/do/whats-new-do.md
View File

@ -35,10 +35,11 @@ There are two different versions:
### General
[Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the two switches:
[Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the available switches:
- -p2p: Provides output specific to P2P settings, efficiency, and errors.
- -mcc: Provides output specific to MCC settings and verifies the client can access the cache server.
- -HealthCheck: Provides an overall check of the device setup to ensure Delivery Optimization communication is possible on the device.
- -P2P: Provides output specific to P2P settings, efficiency, and errors.
- -MCC: Provides output specific to MCC settings and verifies the client can access the cache server.
### Windows 11 22H2

4
windows/deployment/update/includes/wufb-deployment-limitations.md
View File

@ -10,4 +10,6 @@ ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
Windows Update for Business deployment service is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business deployment service doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business deployment service is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DoD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.

2
windows/deployment/update/wufb-wsus.md
View File

@ -46,7 +46,7 @@ To help you better understand the scan source policy, see the default scan behav
- On Windows 10: All of your updates will come from WSUS.
- On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy.
- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
- If you configure a WSUS server and deferral policies on Windows 10: All of your updates will come from Windows Update unless you specify the scan source policy or have disabled dual scan.
- If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.
> [!TIP]

10
windows/whats-new/deprecated-features-resources.md
View File

@ -1,7 +1,7 @@
---
title: Resources for deprecated features in the Windows client
description: Resources and details for deprecated features in the Windows client.
ms.date: 03/25/2024
ms.date: 06/03/2024
ms.service: windows-client
ms.subservice: itpro-fundamentals
ms.localizationpriority: medium
@ -21,6 +21,14 @@ appliesto:
This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
## NTLM
Customers concerned about NTLM usage in their environments are encouraged to utilize [NTLM auditing](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain) to [investigate how NTLM is being used](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191).
In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance).
Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm).
## WordPad
WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal:

3
windows/whats-new/deprecated-features.md
View File

@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
ms.date: 05/30/2024
ms.date: 06/03/2024
ms.service: windows-client
ms.subservice: itpro-fundamentals
ms.localizationpriority: medium
@ -47,6 +47,7 @@ The features in this article are no longer being actively developed, and might b
| Feature | Details and mitigation | Deprecation announced |
|---|---|---|
| NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see[Resources for deprecated features](deprecated-features-resources.md). | June 2024 |
| Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 |
| NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|