diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index 0872e5b054..ef5e99e41b 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -54,7 +54,7 @@ A device account is an Exchange resource account that Surface Hub uses to displa
After you've created your device account, there are a couple of ways to verify that it's setup correctly.
- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide.
- Use the account with the [Lync Windows Store app](https://www.microsoft.com/en-us/store/p/lync/9wzdncrfhvhm). If Lync signs in successfully, then the device account will most likely work with Skype for Business on Surface Hub.
-
+
## Prepare for first-run program
There are a few more item to consider before you start the [first-run program](first-run-program-surface-hub.md).
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index b819adf9a0..3f1dad3d00 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -565,7 +565,7 @@ After you create the Windows Store for Business portal, configure it by using th
Now that you have created your Windows Store for Business portal, you’re ready to find, acquire, and distribute apps that you will add to your portal. You do this by using the Inventory page in Windows Store for Business.
-**Note** Your educational institution can now use a credit card or purchase order to pay for apps in Windows Store for Business.
+**Note** Your educational institution can now use a credit card to pay for apps in Windows Store for Business.
You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users.
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 788c6dd819..c4ecb5351d 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -18,6 +18,8 @@ author: jdeckerMS
Teachers and IT administrators can use the **Set up School PCs** app to quickly set up computers for students. A computer set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
+[Download the Set up School PCs app from the Windows Store](https://www.microsoft.com/store/apps/9nblggh4ls40)
+
## What does this app do?
diff --git a/mdop/agpm/choosing-which-version-of-agpm-to-install.md b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
index e047f05e63..e79ec15b6e 100644
--- a/mdop/agpm/choosing-which-version-of-agpm-to-install.md
+++ b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Choosing Which Version of AGPM to Install
-Each release of Microsoft Advanced Group Policy Management (AGPM) supports specific versions of the Windows operating system. We strongly recommend that you run the AGPM Client and AGPM Server on the same line of operating systems, for example, Windows 8.1 with Windows Server 2012 R2, Windows 8 with Windows Server 2012, and so on.
+Each release of Microsoft Advanced Group Policy Management (AGPM) supports specific versions of the Windows operating system. We strongly recommend that you run the AGPM Client and AGPM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
We recommend that you install the AGPM Server on the most recent version of the operating system in the domain. AGPM uses the Group Policy Management Console (GPMC) to back up and restore Group Policy Objects (GPOs). Because newer versions of the GPMC provide additional policy settings that are not available in earlier versions, you can manage more policy settings by using the most recent version of the operating system.
@@ -45,8 +45,8 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and
-Windows 10 |
-Windows 10 |
+Windows Server 2016 or Windows 10 |
+Windows Server 2016 or Windows 10 |
Supported |
@@ -55,19 +55,19 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and
Supported |
-Windows Server 2012 R2, Windows Server 2012, Windows 8.1, or Windows 8 |
-Windows Server 2012 or Windows 8 |
+Windows Server 2012 R2, Windows Server 2012, or Windows 8.1 |
+Windows Server 2012 or Windows 8.1 |
Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
Windows Server 2008 R2 or Windows 7 |
Windows Server 2008 R2 or Windows 7 |
-Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 or Windows 8 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Windows Server 2008 or Windows Vista with Service Pack 1 (SP1) |
-Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7 |
Windows Server 2008 or Windows Vista with SP1 |
@@ -77,7 +77,7 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and
Windows Server 2008 or Windows Vista with SP1 |
Windows Server 2008 or Windows Vista with SP1 |
-Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7 |
+Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7 |
@@ -113,29 +113,29 @@ Table 1 lists the operating systems on which you can install AGPM 4.0 SP2, and
Supported |
-Windows Server 2012 R2, Windows Server 2012, Windows 8.1, or Windows 8 |
-Windows Server 2012 or Windows 8 |
+Windows Server 2012 R2, Windows Server 2012, or Windows 8.1 |
+Windows Server 2012 or Windows 8.1 |
Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
Windows Server 2008 R2 or Windows 7 |
Windows Server 2008 R2 or Windows 7 |
-Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 or Windows 8 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Windows Server 2008 or Windows Vista with Service Pack 1 (SP1) |
-Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7 |
Windows Server 2008 or Windows Vista with SP1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Not supported |
Windows Server 2008 or Windows Vista with SP1 |
Windows Server 2008 or Windows Vista with SP1 |
-Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7 |
+Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7 |
@@ -164,29 +164,29 @@ Table 2 lists the operating systems on which you can install AGPM 4.0 SP1, and t
-Windows Server 2012 or Windows 8 |
-Windows Server 2012 or Windows 8 |
+Windows Server 2012 |
+Windows Server 2012 |
Supported |
Windows Server 2008 R2 or Windows 7 |
Windows Server 2008 R2 or Windows 7 |
-Supported, but cannot edit policy settings or preference items that exist only in Windows 8 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Windows Server 2008 or Windows Vista with SP1 |
-Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2, Windows 8, or Windows 7 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2, or Windows 7 |
Windows Server 2008 or Windows Vista with SP1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Supported |
Windows Server 2008 or Windows Vista with SP1 |
Windows Server 2008 or Windows Vista with SP1 |
-Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2, Windows 8, or Windows 7 |
+Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2, or Windows 7 |
diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md
index 7d17648258..cc29f75805 100644
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@@ -18,11 +18,11 @@ Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of th
## AGPM Version Information
-[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
+[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
-[AGPM 4.0 SP2](agpm-40-sp2-navengl.md) supports Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
+[AGPM 4.0 SP2](agpm-40-sp2-navengl.md) supports Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
-[AGPM 4.0 SP1](agpm-40-sp1-navengl.md) supports Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
+[AGPM 4.0 SP1](agpm-40-sp1-navengl.md) supports Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
[AGPM 4](agpm-4-navengl.md) supports Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1.
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
index ee8e39c778..bdc3444ecd 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
@@ -88,6 +88,10 @@ If a user who has the Editor role submits a request to deploy a GPO, and the use
**Workaround:** None.
+### Added mechanism to override AGPM default behavior of removing GPO permission changes
+
+As of HF02, AGPM has added a registry key to enable overriding the default AGPM GPO permission behavior. For more information, please see [Changes to Group Policy object permissions through AGPM are ignored](https://support.microsoft.com/kb/3174540)
+
## Related topics
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md
index e598c1a4b8..a6dc4a4984 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp3.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md
@@ -22,7 +22,7 @@ AGPM 4.0 SP3 supports the following features and functionality.
### Support for Windows 10
-AGPM 4.0 SP3 adds support for the Windows 10 operating systems.
+AGPM 4.0 SP3 adds support for the Windows 10 and Windows Server 2016 operating systems.
### Support for PowerShell
@@ -111,7 +111,7 @@ You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP3 without being pr
## Supported configurations
-AGPM 4.0 SP3 supports the configurations in the following table. Although AGPM supports mixed configurations, we strongly recommend that you run the AGPM Client and AGPM Server on the same operating system line—for example, Windows 10 only, Windows 8.1 with Windows Server 2012 R2, and so on.
+AGPM 4.0 SP3 supports the configurations in the following table. Although AGPM supports mixed configurations, we strongly recommend that you run the AGPM Client and AGPM Server on the same operating system line—for example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
**AGPM 4.0 SP3 supported operating systems and policy settings**
@@ -130,7 +130,7 @@ AGPM 4.0 SP3 supports the configurations in the following table. Although AGPM
-Windows 10 |
+Windows Server 2016 or Windows 10 |
Windows 10 |
Supported |
@@ -140,29 +140,29 @@ AGPM 4.0 SP3 supports the configurations in the following table. Although AGPM
Supported |
-Windows Server 2012 R2, Windows Server 2012, Windows 8.1, or Windows 8 |
-Windows Server 2012 or Windows 8 |
+Windows Server 2012 R2, Windows Server 2012, or Windows 8.1 |
+Windows Server 2012 |
Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
Windows Server 2008 R2 or Windows 7 |
Windows Server 2008 R2 or Windows 7 |
-Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 or Windows 8 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Windows Server 2008 or Windows Vista with Service Pack 1 (SP1) |
-Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7 |
+Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7 |
Windows Server 2008 or Windows Vista with SP1 |
-Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 |
+Windows Server 2012, Windows Server 2008 R2, or Windows 7 |
Not supported |
Windows Server 2008 or Windows Vista with SP1 |
Windows Server 2008 or Windows Vista with SP1 |
-Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7 |
+Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7 |
@@ -190,7 +190,7 @@ The following table describes the behavior of AGPM 4.0 SP3 Client and Server in
**Remote Server Administration Tools**
-**Windows 10**
+**Windows 10 or Windows Server 2016**
If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation.
diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md
index 9c74ff17a6..bdb0ee8304 100644
--- a/mdop/appv-v5/app-v-51-supported-configurations.md
+++ b/mdop/appv-v5/app-v-51-supported-configurations.md
@@ -58,16 +58,21 @@ Microsoft provides support for the current service pack and, in some cases, the
-Microsoft Windows Server 2012 R2 |
+Microsoft Windows Server 2016 |
|
64-bit |
-Microsoft Windows Server 2012 |
+Microsoft Windows Server 2012 R2 |
|
64-bit |
+Microsoft Windows Server 2012 |
+ |
+64-bit |
+
+
Microsoft Windows Server 2008 R2 |
SP1 |
64-bit |
@@ -147,16 +152,21 @@ The following table lists the operating systems that are supported for the App-V
-Microsoft Windows Server 2012 R2 |
+Microsoft Windows Server 2016 |
|
64-bit |
-Microsoft Windows Server 2012 |
+Microsoft Windows Server 2012 R2 |
|
64-bit |
+Microsoft Windows Server 2012 |
+ |
+64-bit |
+
+
Microsoft Windows Server 2008 R2 |
SP1 |
64-bit |
@@ -195,16 +205,21 @@ The following table lists the operating systems that are supported for the App-V
-Microsoft Windows Server 2012 R2 |
+Microsoft Windows Server 2016 |
|
64-bit |
-Microsoft Windows Server 2012 |
+Microsoft Windows Server 2012 R2 |
|
64-bit |
+Microsoft Windows Server 2012 |
+ |
+64-bit |
+
+
Microsoft Windows Server 2008 R2 |
SP1 |
64-bit |
@@ -267,6 +282,8 @@ The following table lists the SQL Server versions that are supported for the App
The following table lists the operating systems that are supported for the App-V 5.1 client installation.
+**Note:** With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
+
@@ -282,7 +299,7 @@ The following table lists the operating systems that are supported for the App-V
-Microsoft Windows 10 |
+Microsoft Windows 10 (pre-1607 version) |
|
32-bit or 64-bit |
@@ -292,11 +309,6 @@ The following table lists the operating systems that are supported for the App-V
32-bit or 64-bit |
-Microsoft Windows 8 |
- |
-32-bit or 64-bit |
-
-
Windows 7 |
SP1 |
32-bit or 64-bit |
@@ -344,16 +356,21 @@ The following table lists the operating systems that are supported for App-V 5.1
-Microsoft Windows Server 2012 R2 |
+Microsoft Windows Server 2016 |
|
64-bit |
-Microsoft Windows Server 2012 |
+Microsoft Windows Server 2012 R2 |
|
64-bit |
+Microsoft Windows Server 2012 |
+ |
+64-bit |
+
+
Microsoft Windows Server 2008 R2 |
SP1 |
64-bit |
@@ -393,32 +410,32 @@ The following table lists the operating systems that are supported for the App-V
-Microsoft Windows Server 2012 R2 |
+Microsoft Windows Server 2016 |
|
64-bit |
+Microsoft Windows Server 2012 R2 |
+ |
+64-bit |
+
+
Microsoft Windows Server 2012 |
|
64-bit |
-
+
Microsoft Windows Server 2008 R2 |
SP1 |
64-bit |
-
+
Microsoft Windows 10 |
|
32-bit and 64-bit |
-
-Microsoft Windows 8.1 |
- |
-32-bit and 64-bit |
-
-Microsoft Windows 8 |
+Microsoft Windows 8.1 |
|
32-bit and 64-bit |
diff --git a/mdop/appv-v5/release-notes-for-app-v-51.md b/mdop/appv-v5/release-notes-for-app-v-51.md
index 333b6f7931..f183670c1c 100644
--- a/mdop/appv-v5/release-notes-for-app-v-51.md
+++ b/mdop/appv-v5/release-notes-for-app-v-51.md
@@ -143,6 +143,44 @@ The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO
**Workaround**: Use a different filename
+## Intermittent "File Not Found" error when Mounting a Package
+
+
+Occassionally when mounting a package, a "File Not Found" (0x80070002) error is generated. Typically, this occurs when a folder in an App-V package contains many files ( i.e. 20K or more). This can cause streaming to take longer than expected and to time out which generates the "File Not Found" error.
+
+**Workaround**: Starting with HF06, a new registry key has been introduced to enable extending this time-out period.
+
+
+
+
+
+
+
+
+| Path |
+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Streaming |
+
+
+| Setting |
+StreamResponseWaitTimeout |
+
+
+| DataType |
+DWORD |
+
+
+| Units |
+Seconds |
+
+
+| Default |
+5
+**Note**: this value is the default if the registry key is not defined or a value <=5 is specified.
+ |
+
+
+
+
## Got a suggestion for App-V?
diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md
index 96df87e28a..c6886e1c65 100644
--- a/mdop/mbam-v25/about-mbam-25-sp1.md
+++ b/mdop/mbam-v25/about-mbam-25-sp1.md
@@ -88,7 +88,7 @@ For a list of all languages supported for client and server in MBAM 2.5 and MBAM
### Support for Windows 10
-MBAM 2.5 SP1 adds support for Windows 10, in addition to the same software that is supported in earlier versions of MBAM.
+MBAM 2.5 SP1 adds support for Windows 10 and Windows Server 2016, in addition to the same software that is supported in earlier versions of MBAM.
Windows 10 is supported in both MBAM 2.5 and MBAM 2.5 SP1.
@@ -217,6 +217,7 @@ After installation, the service will now set the MBAM agent service to use delay
The compliance calculation logic for "Locked Fixed Data" volumes has been changed to report the volumes as "Compliant," but with a Protector State and Encryption State of "Unknown" and with a Compliance Status Detail of "Volume is locked". Previously, locked volumes were reported as “Non-Compliant”, a Protector State of "Encrypted", an Encryption State of "Unknown", and a Compliance Status Detail of "An unknown error".
+
## How to Get MDOP Technologies
diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index ae4aa4c63c..bae880c439 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -137,6 +137,8 @@ The following tables show the languages that are supported for the MBAM Client (
### MBAM Server operating system requirements
+We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
+
The following table lists the operating systems that are supported for the MBAM Server installation.
@@ -156,21 +158,27 @@ The following table lists the operating systems that are supported for the MBAM
-Windows Server 2008 R2 |
-Standard, Enterprise, or Datacenter |
-SP1 |
+Windows Server 2016 |
+Standard or Datacenter |
+ |
64-bit |
+Windows Server 2012 R2 |
+Standard or Datacenter |
+ |
+64-bit |
+
+
Windows Server 2012 |
Standard or Datacenter |
|
64-bit |
-Windows Server 2012 R2 |
-Standard or Datacenter |
- |
+Windows Server 2008 R2 |
+Standard, Enterprise, or Datacenter |
+SP1 |
64-bit |
@@ -441,6 +449,8 @@ The following table lists the server processor, RAM, and disk space requirements
### Client operating system requirements
+We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on.
+
The following table lists the operating systems that are supported for MBAM Client installation. The same requirements apply to the Stand-alone and the Configuration Manager Integration topologies.
@@ -472,20 +482,14 @@ The following table lists the operating systems that are supported for MBAM Clie
32-bit or 64-bit |
-Windows 8 |
-Enterprise |
- |
-32-bit or 64-bit |
-
-
Windows 7 |
Enterprise or Ultimate |
SP1 |
32-bit or 64-bit |
-
+
Windows To Go |
-Windows 8, Windows 8.1, and Windows 10 Enterprise |
+Windows 8.1 and Windows 10 Enterprise |
|
32-bit or 64-bit |
@@ -532,30 +536,24 @@ The following table lists the operating systems that are supported for MBAM Grou
32-bit or 64-bit |
-Windows 8 |
-Enterprise, or Pro |
- |
-32-bit or 64-bit |
-
-
Windows 7 |
Enterprise, or Ultimate |
SP1 |
32-bit or 64-bit |
-
+
Windows Server 2012 R2 |
Standard or Datacenter |
|
64-bit |
-
+
Windows Server 2012 |
Standard or Datacenter |
|
64-bit |
-
+
Windows Server 2008 R2 |
Standard, Enterprise, or Datacenter |
SP1 |
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
index 7a1f4ce2ae..d8e92abf32 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
@@ -118,6 +118,13 @@ If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an "Acc
**Workaround:** If the "Access Denied" error message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled.
+### Support for Bitlocker XTS-AES encryption algorithm
+Bitlocker added support for the XTS-AES encryption algorithm in Windows 10, version 1511. As of HF02, MBAM now supports this Bitlocker option.
+
+### Self-Service Portal automatically adds "-" on Key ID entry
+As of HF02, the MBAM Self-Service Portal automatically adds the '-' on Key ID entry.
+**Note:** The Server has to be reconfigured for the Javascript to take effect.
+
## Got a suggestion for MBAM?
diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 8d1cde1de9..893c06b098 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -9,6 +9,7 @@
#### [Prepare your environment](upgrade-analytics-prepare-your-environment.md)
#### [Resolve application and driver issues](upgrade-analytics-resolve-issues.md)
#### [Deploy Windows](upgrade-analytics-deploy-windows.md)
+#### [Review site discovery](upgrade-analytics-review-site-discovery.md)
### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
diff --git a/windows/deploy/images/upgrade-analytics-create-iedataoptin.png b/windows/deploy/images/upgrade-analytics-create-iedataoptin.png
index 5d0daa534c..60f5ccbc90 100644
Binary files a/windows/deploy/images/upgrade-analytics-create-iedataoptin.png and b/windows/deploy/images/upgrade-analytics-create-iedataoptin.png differ
diff --git a/windows/deploy/images/upgrade-analytics-site-domain-detail.png b/windows/deploy/images/upgrade-analytics-site-domain-detail.png
index 8aa081b840..15a7ee20c4 100644
Binary files a/windows/deploy/images/upgrade-analytics-site-domain-detail.png and b/windows/deploy/images/upgrade-analytics-site-domain-detail.png differ
diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
index 637b6aaaca..546035f735 100644
--- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
+++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
@@ -92,9 +92,10 @@ By default MDT stores the log files locally on the client. In order to capture a
1. On MDT01, log on as **CONTOSO\\Administrator**.
2. Create and share the **E:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt:
+
``` syntax
New-Item -Path E:\Logs -ItemType directory
- New-SmbShare ?Name Logs$ ?Path E:\Logs -ChangeAccess EVERYONE
+ New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)'
```
diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md
index d80f83c9d3..070a9e137c 100644
--- a/windows/deploy/upgrade-analytics-get-started.md
+++ b/windows/deploy/upgrade-analytics-get-started.md
@@ -95,10 +95,15 @@ The compatibility update KB scans your computers and enables application usage t
| **Operating System** | **KBs** |
|----------------------|-----------------------------------------------------------------------------|
| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)
Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2976978 must be installed before you can download and install KB3150513. |
-| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2976978 must be installed before you can download and install KB3150513. |
+| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2952664 must be installed before you can download and install KB3150513. |
IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
+| **Site discovery** | **KB** |
+|----------------------|-----------------------------------------------------------------------------|
+| [Review site discovery](upgrade-analytics-review-site-discovery.md) | [KB 3170106](https://support.microsoft.com/en-us/kb/3170106)
Site discovery requires July 2016 security update for Internet Explorer. |
+
+
### Automate data collection
To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
@@ -151,9 +156,19 @@ To run the Upgrade Analytics deployment script:
3. For troubleshooting, set isVerboseLogging to $true to generate log information that can help with diagnosing issues. By default, isVerboseLogging is set to $false. Ensure the Diagnostics folder is installed in the same directory as the script to use this mode.
-4. Notify users if they need to restart their computers. By default, this is set to off.
+4. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
-5. After you finish editing the parameters in RunConfig.bat, run the script as an administrator.
+ > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+ >
+ > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+ >
+ > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+ >
+ > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+5. Notify users if they need to restart their computers. By default, this is set to off.
+
+6. After you finish editing the parameters in RunConfig.bat, run the script as an administrator.
## Seeing data from computers in Upgrade Analytics
diff --git a/windows/deploy/upgrade-analytics-review-site-discovery.md b/windows/deploy/upgrade-analytics-review-site-discovery.md
index 044a36c1cb..33b5bdac0e 100644
--- a/windows/deploy/upgrade-analytics-review-site-discovery.md
+++ b/windows/deploy/upgrade-analytics-review-site-discovery.md
@@ -7,9 +7,9 @@ author: Justinha
# Review site discovery
-This section of the Upgrade Analytics workflow provides an inventory of web sites that are being used by client computers that run Internet Explorer on Windows 8.1 and Windows 7 in your environment. This inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. Data from Edge browser is not collected.
+This section of the Upgrade Analytics workflow provides an inventory of web sites that are being used by client computers that run Internet Explorer on Windows 8.1 and Windows 7 in your environment. This inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. Data from Microsoft Edge is not collected.
-> Note: After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the user. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
+> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
## Install prerequisite security update for Internet Explorer
@@ -29,13 +29,13 @@ Ensure the following prerequisites are met before using site discovery:
Values:
- 0 – Internet Explorer data collection is disabled
-
- 1 – Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones
-
- 2 – Data collection is enabled for sites in the Internet + Restricted sites zones
-
- 3 – Data collection is enabled for all sites
+ > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+ >
+ > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+ >
+ > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+ >
+ > *IEOptInLevel = 3 Data collection is enabled for all sites*
For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx).
diff --git a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
index 0f14199f76..4045eb3913 100644
--- a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
+++ b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
@@ -23,4 +23,6 @@ The Upgrade Analytics workflow gives you compatibility and usage information abo
3. [Identifying computers that are upgrade ready](upgrade-analytics-deploy-windows.md)
+4. [Review site discovery](upgrade-analytics-review-site-discovery.md)
+
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 6dc8ea8b8c..db02131f0c 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -20,7 +20,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. |
|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. |
| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs |
-| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate |
+| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq example and added a new Windows PowerShell example for creating a self-signed certificate |
## August 2016
|New or changed topic | Description |
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 4d3345f8a1..7a77dece05 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -20,6 +20,7 @@ localizationpriority: high
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
diff --git a/windows/manage/lock-down-windows-10-to-specific-apps.md b/windows/manage/lock-down-windows-10-to-specific-apps.md
index a585ae2a4f..8ab992a6f0 100644
--- a/windows/manage/lock-down-windows-10-to-specific-apps.md
+++ b/windows/manage/lock-down-windows-10-to-specific-apps.md
@@ -18,6 +18,8 @@ localizationpriority: high
- Windows 10
+>For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](../keep-secure/applocker-overview.md). AppLocker rules specify which apps are allowed to run on the device.
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 83ea150608..42d9d21bc2 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -270,11 +270,11 @@ Fonts that are included in Windows but that are not stored on the local device c
If you're running Windows 10, version 1607 or Windows Server 2016, disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** > **Fonts** > **Enable Font Providers**.
+If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
+
> [!NOTE]
> After you apply this policy, you must restart the device for it to take effect.
-If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
-
### 6. Insider Preview builds
diff --git a/windows/manage/mandatory-user-profile.md b/windows/manage/mandatory-user-profile.md
index 5a19dddc3e..698093e9a1 100644
--- a/windows/manage/mandatory-user-profile.md
+++ b/windows/manage/mandatory-user-profile.md
@@ -18,7 +18,7 @@ author: jdeckerMS
> [!NOTE]
> When a mandatory profile is applied to a PC running Windows 10, version 1511, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update.
-A mandatory user profile is a roaming user profile that has been pre-configured by an administrators to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
+A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles.
diff --git a/windows/manage/stop-employees-from-using-the-windows-store.md b/windows/manage/stop-employees-from-using-the-windows-store.md
index c95b8cddad..8f2d26753c 100644
--- a/windows/manage/stop-employees-from-using-the-windows-store.md
+++ b/windows/manage/stop-employees-from-using-the-windows-store.md
@@ -18,7 +18,9 @@ localizationpriority: high
- Windows 10
- Windows 10 Mobile
-IT Pros can configure access to Windows Store for client computers in their organization. For some organizations, business policies require blocking access to Windows Store.
+>For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
+IT pros can configure access to Windows Store for client computers in their organization. For some organizations, business policies require blocking access to Windows Store.
## Options to configure access to Windows Store