deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 5269: Merge master to rs4

Browse Source
This commit is contained in:
Justin Hall 2018-01-12 02:12:58 +00:00
commit 935aa2ea9c
29 changed files with 928 additions and 1889 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -6,6 +6,11 @@
"redirect_document_id": true
},
{
"source_path": "devices/surface/surface-device-compatibility-with-windows-10-ltsb.md",
"redirect_url": "/devices/surface/surface-device-compatibility-with-windows-10-ltsc",
"redirect_document_id": true
},
{
"source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1709.md",
"redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields",
"redirect_document_id": true

10
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.date: 10/19/2017
ms.date: 01/10/2018
ms.localizationpriority: medium
---
@ -30,6 +30,14 @@ PowerShell scripts to help set up and manage your Microsoft Surface Hub.
- [Accepting external meeting requests](#accept-ext-meetings-cmdlet)
## Prerequisites
To successfully execute these PowerShell scripts, you will need to install the following prerequisites:
- [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950)
- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185)
- [Windows PowerShell Module for Skype for Business Online](https://www.microsoft.com/download/details.aspx?id=39366)
## <a href="" id="scripts-for-admins"></a>PowerShell scripts for Surface Hub administrators

8
devices/surface-hub/change-history-surface-hub.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.date: 11/15/2017
ms.date: 01/10/2018
ms.localizationpriority: medium
---
@ -16,6 +16,12 @@ ms.localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
## January 2018
New or changed topic | Description
--- | ---
[PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Added prerequisites for running the scripts
## November 2017
New or changed topic | Description

2
devices/surface/TOC.md
View File

@ -1,6 +1,6 @@
# [Surface](index.md)
## [Deploy Surface devices](deploy.md)
### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsb.md)
### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md)
#### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

10
devices/surface/change-history-for-surface.md
View File

@ -12,6 +12,14 @@ ms.date: 11/03/2017
This topic lists new and updated topics in the Surface documentation library.
## January 2018
|New or changed topic | Description |
| --- | --- |
|[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.45 information |
|[Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC)](surface-device-compatibility-with-windows-10-ltsc.md) | Updated Current Branch (CB) or Current Branch for Business (CBB) servicing options with Semi-Annual Channel (SAC) information |
|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | Added Surface Book 2, Surface Laptop, Surface Pro, Surface Pro with LTE Advanced, and Surface Pro information |
## December 2017
|New or changed topic | Description |
@ -49,7 +57,7 @@ New or changed topic | Description
|New or changed topic | Description |
| --- | --- |
|[Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsb.md) | New (supersedes [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md))|
|[Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md) | New (supersedes [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md))|
## January 2017

2
devices/surface/deploy.md
View File

@ -17,7 +17,7 @@ Get deployment guidance for your Surface devices including information about MDT
| Topic | Description |
| --- | --- |
| [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsb.md) | Find out about compatibility and limitations of Surface devices running Windows 10 Enterprise LTSB edition. |
| [Surface device compatibility with Windows 10 Long-Term Servicing Channel](surface-device-compatibility-with-windows-10-ltsc.md) | Find out about compatibility and limitations of Surface devices running Windows 10 Enterprise LTSB edition. |
| [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) | Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.|
| [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)| Find out how to perform a Windows 10 upgrade deployment to your Surface devices. |
| [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)| Walk through the process of customizing the Surface out-of-box experience for end users in your organization.|

2
devices/surface/ltsb-for-surface.md
View File

@ -12,7 +12,7 @@ ms.date: 04/25/2017
# Long-Term Servicing Branch (LTSB) for Surface devices
>[!WARNING]
>For updated information on this topic, see [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsb.md). For additional information on this update, see the [Documentation Updates for Surface and Windows 10 LTSB Compatibility](https://blogs.technet.microsoft.com/surface/2017/04/11/documentation-updates-for-surface-and-windows-10-ltsb-compatibility) post on the Surface Blog for IT Pros.
>For updated information on this topic, see [Surface device compatibility with Windows 10 Long-Term Servicing Channel](surface-device-compatibility-with-windows-10-ltsc.md). For additional information on this update, see the [Documentation Updates for Surface and Windows 10 LTSB Compatibility](https://blogs.technet.microsoft.com/surface/2017/04/11/documentation-updates-for-surface-and-windows-10-ltsb-compatibility) post on the Surface Blog for IT Pros.
General-purpose Surface devices running Long-Term Servicing Branch (LTSB) are not supported. As a general guideline, if a Surface device runs productivity software, such as Microsoft Office, it is a general-purpose device that does not qualify for LTSB and should instead run Current Branch (CB) or Current Branch for Business (CBB).

57
devices/surface/microsoft-surface-data-eraser.md
View File

@ -8,8 +8,9 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: miladCA
ms.date: 10/03/2017
author: brecords
ms.author: jdecker
ms.date: 01/03/2018
---
# Microsoft Surface Data Eraser
@ -24,26 +25,17 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
- Surface Studio
- Surface Pro
- Surface Laptop
- Surface Book
- Surface Pro 4
- Surface Pro 3
- Surface 3
- Surface 3 LTE
- Surface Pro 2
>[!NOTE]
>Surface Pro devices with 1 TB storage are not currently supported by Microsoft Surface Data Eraser.
* Surface Book 2
* Surface Pro with LTE Advanced (Model 1807)
* Surface Pro (Model 1796)
* Surface Laptop
* Surface Studio
* Surface Book
* Surface Pro 4
* Surface 3 LTE
* Surface 3
* Surface Pro 3
* Surface Pro 2
Some scenarios where Microsoft Surface Data Eraser can be helpful include:
@ -151,6 +143,20 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
### Version 3.2.45
This version of Microsoft Surface Data Eraser adds support for the following:
- Surface Book 2
- Surface Pro with LTE Advanced
- Surface Pro 1TB
>[!NOTE]
>Surface Data Eraser v3.2.45 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/en-us/help/4046105/surface-pro-model-1796-and-surface-laptop-1tb-display-two-drives) for more information.
### Version 3.2.36
This version of Microsoft Surface Data Eraser adds support for the following:
@ -161,10 +167,3 @@ This version of Microsoft Surface Data Eraser adds support for the following:
>[!NOTE]
>The Microsoft Surface Data Eraser USB drive creation tool is unable to run on Windows 10 S. To wipe a Surface Laptop running Windows 10 S, you must first create the Microsoft Surface Data Eraser USB drive on another computer with Windows 10 Pro or Windows 10 Enterprise.
 

35
devices/surface/surface-device-compatibility-with-windows-10-ltsb.md → devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
View File

@ -1,20 +1,21 @@
---
title: Surface device compatibility with Windows 10 Long-Term Servicing Branch (Surface)
title: Surface device compatibility with Windows 10 Long-Term Servicing Channel (Surface)
description: Find out about compatibility and limitations of Surface devices running Windows 10 Enterprise LTSB edition.
keywords: ltsb, update, surface servicing options
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: DavbeaMSFT
ms.date: 10/16/2017
author: brecords
ms.author: jdecker
ms.date: 01/03/2018
---
# Surface device compatibility with Windows 10 Long-Term Servicing Branch (LTSB)
# Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC)
Surface devices are designed to provide best-in-class experiences in productivity and general-purpose scenarios. Regular updates enable Surface devices to bring to life new innovations and to evolve with the new capabilities delivered by Windows 10 Feature Updates. Feature Updates are available only in Windows 10 Pro or Windows 10 Enterprise editions that receive continuous updates through the Current Branch (CB) or Current Branch for Business (CBB) servicing options.
Surface devices are designed to provide best-in-class experiences in productivity and general-purpose scenarios. Regular updates enable Surface devices to bring to life new innovations and to evolve with the new capabilities delivered by Windows 10 Feature Updates. Feature Updates are available only in Windows 10 Pro or Windows 10 Enterprise editions that receive continuous updates through the Semi-Annual Channel (SAC).
In contrast to the CB and CBB servicing options, you cannot select the Long-Term Servicing Branch (LTSB) option in Windows 10 settings. To use the LTSB servicing option, you must install a separate edition of Windows 10 Enterprise, known as *Windows 10 Enterprise LTSB*. In addition to providing an extended servicing model, the Windows 10 Enterprise LTSB edition also provides an environment with several Windows components removed. The core Surface experiences that are impacted by LTSB include:
In contrast to the SAC servicing option, formerly known as the Current Branch (CB) or Current Branch for Business (CBB) servicing options, you cannot select the Long-Term Servicing Channel (LTSC) option in Windows 10 settings. To use the LTSC servicing option, you must install a separate edition of Windows 10 Enterprise, known as Windows 10 Enterprise LTSC, formerly known as Windows 10 Enterprise LTSB (Long-Term Servicing Branch. In addition to providing an extended servicing model, the Windows 10 Enterprise LTSC edition also provides an environment with several Windows components removed. The core Surface experiences that are impacted by LTSC include:
* Windows Feature Updates, including enhancements such as:
@ -27,15 +28,15 @@ In contrast to the CB and CBB servicing options, you cannot select the Long-Term
* Key touch-optimized in-box applications including Microsoft Edge, OneNote, Calendar, and Camera
The use of the Windows 10 Enterprise LTSB environment on Surface devices results in sub-optimal end-user experiences and you should avoid using it in environments where users want and expect a premium, up-to-date user experience.
The use of the Windows 10 Enterprise LTSC environment on Surface devices results in sub-optimal end-user experiences and you should avoid using it in environments where users want and expect a premium, up-to-date user experience.
The LTSB servicing option is designed for device types and scenarios where the key attribute is for features or functionality to never change. Examples include systems that power manufacturing or medical equipment, or embedded systems in kiosks, such as ATMs or airport ticketing systems.
The LTSC servicing option is designed for device types and scenarios where the key attribute is for features or functionality to never change. Examples include systems that power manufacturing or medical equipment, or embedded systems in kiosks, such as ATMs or airport ticketing systems.
>[!NOTE]
>For general information about Windows servicing branches, including LTSB, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/update/waas-overview#long-term-servicing-branch).
>For general information about Windows servicing branches, including LTSC, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/update/waas-overview#long-term-servicing-branch).
>[!NOTE]
>As a general guideline, devices that fulfill the following criteria are considered general-purpose devices and should be paired with Windows 10 Pro or Windows 10 Enterprise using the CB or CBB servicing option:
>As a general guideline, devices that fulfill the following criteria are considered general-purpose devices and should be paired with Windows 10 Pro or Windows 10 Enterprise using the Semi-Annual Channel servicing option:
* Devices that run productivity software such as Microsoft Office
@ -43,17 +44,17 @@ The LTSB servicing option is designed for device types and scenarios where the k
* Devices that are used for general Internet browsing (for example, research or access to social media)
Before you choose to use Windows 10 Enterprise LTSB edition on Surface devices, consider the following limitations:
Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices, consider the following limitations:
* Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSB.
* Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSC.
* If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSB, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSB, or to Windows 10 Pro or Enterprise with the CB or CBB servicing option.
* If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSC, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSC, or to Windows 10 Pro or Enterprise with the SAC servicing option.
* Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSB or Windows 10 Pro or Enterprise with the CB or CBB servicing option.
* Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise with the SAC servicing option.
>[!NOTE]
>Organizations that standardize on a specific version of Windows 10 Enterprise LTSB may be unable to adopt new generations of Surface hardware without also updating to a later version of Windows 10 Enterprise LTSB or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
>Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
Surface devices running Windows 10 Enterprise LTSB edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSB configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSB release or upgrade to a version of Windows 10 with support for the CB and CBB servicing options.
Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option.
Devices can be changed from Windows 10 Enterprise LTSB to a more recent version of Windows 10 Enterprise, with support for the CB and CBB servicing options, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt).
Devices can be changed from Windows 10 Enterprise LTSC to a more recent version of Windows 10 Enterprise, with support for the SAC servicing option, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt).

15
devices/surface/wake-on-lan-for-surface-devices.md
View File

@ -6,25 +6,30 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: jobotto
ms.date: 10/16/2017
author: brecords
ms.author: jdecker
ms.date: 01/03/2018
---
# Wake On LAN for Surface devices
Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as System Center Configuration Manager) automatically even if the devices are powered down. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using System Center Configuration Manager during a window in the middle of the night, when the office is empty.
Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as System Center Configuration Manager) automatically. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using System Center Configuration Manager during a window in the middle of the night, when the office is empty.
>[!NOTE]
>Surface devices must be connected to AC power to support WOL.
>Surface devices must be connected to AC power and in Connected Standby (Sleep) to support WOL. WOL is not possible from devices that are in hibernation or powered off.
## Supported devices
The following devices are supported for WOL:
* Surface Book 2
* Surface Pro with LTE Advanced (Model 1807)
* Surface Pro (Model 1796)
* Surface Laptop
* Surface Book
* Surface Pro 4
* Surface Pro 3
* Surface 3
* Surface Pro 3
* Surface Ethernet adapter
* Surface Dock
* Surface Docking Station for Surface Pro 3

10
education/trial-in-a-box/educator-tib-get-started.md
View File

@ -107,7 +107,15 @@ Learn about Code Builder for Minecraft: Education Edition.
5. Double click on the world to launch it in Minecraft: Education Edition.
6. Once inside the world, click **Play** and use the guide to walk around and click on the different subject area examples to learn more about teaching and learning with Minecraft: Education Edition.
To visit a specific subject area section, right click on the button under the name of that subject area. Remember that the mouse works as your “eyes” in the game. Simply move your mouse around to look around the world. Use the Minecraft Controls key included below to walk forwards, backwards, left, and right in the game. Explore and have fun!
To visit a specific subject area section, right click on the button under the name of that subject area. Remember that the mouse works as your “eyes” in the game. Simply move your mouse around to look around the world.
* To move forward, use the W key.
* To move left, use the A key.
* To move right, The D key.
* And to move backward, use the S key.
* Want to get a birds eye view of the world? Double tap the space bar.
* To safely land, hold the shift key
To try more advanced movements or building within Minecraft, use the Minecraft Controls Diagram.
![Minecraft mouse and keyboard controls](images/mcee_keyboard_mouse_controls.png)

12
education/trial-in-a-box/index.md
View File

@ -42,7 +42,7 @@ Trial in a Box puts the Microsoft education technology into an easy package so y
**If you want to try the Educator Experience**
1. Turn on **Device A**.
2. Connect **Device A** to your school's Wi-Fi network.
2. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection.
3. Log in using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.
4. Click the Educator image or follow the instructions in [Get started for Educators](educator-tib-get-started.md).
@ -50,10 +50,12 @@ Trial in a Box puts the Microsoft education technology into an easy package so y
**If you want to try the IT Administrator Experience**
1. Turn on **Device A**.
2. Connect **Device A** to your school's Wi-Fi network.
3. Log in using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit.
4. Click the IT Administrator image or follow the instructions in [Get started for IT Admins](itadmin-tib-get-started.md).
1. Set up **Device A** first.  Setup **Device B** after you have completed setup of **Device A**.
2. Turn on **Device A**.
3. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection.
4. Log in using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit.
5. Please immediately register both devices with your hardware manufacturer to activate the manufacturer's warranty.
6. Click the IT Administrator image or follow the instructions in [Get started for IT Admins](itadmin-tib-get-started.md).
[![Get started for IT Admins](images/itadmin_rotated.png)](itadmin-tib-get-started.md)

3
education/trial-in-a-box/itadmin-tib-get-started.md
View File

@ -25,6 +25,8 @@ Hello, IT administrators! In this guide, we'll show you how to quickly and easil
1. [Log in with your IT admin credentials](#task1)
2. [Configure a new device with Set up School PCs](#task2)
3. [Go through Intune for Education express configuration](#task3)
> [!NOTE]
> It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
4. [Buy an app from Microsoft Store for Education and deploy it to devices in your tenant](#task4)
5. [Add new folders to all devices in your tenant](#task5)
@ -232,4 +234,5 @@ Looking for other IT admin tasks to try?
* [Try the BYOD scenario](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#connect-other-devices-to-your-cloud-infrastructure)
## Get more info
[Microsoft Education documentation and resources](https://docs.microsoft.com/education/)
[Microsoft Education Trial in a Box](index.md)

6
store-for-business/release-history-microsoft-store-business-education.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.date: 11/30/2017
ms.date: 1/8/2018
---
# Microsoft Store for Business and Education release history
@ -15,6 +15,10 @@ Microsoft Store for Business and Education regularly releases new and improved f
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
## November 2017
- **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
## October 2017
- Bug fixes and permformance improvements.

14
store-for-business/whats-new-microsoft-store-business-education.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.date: 11/30/2017
ms.date: 1/8/2018
---
# What's new in Microsoft Store for Business and Education
@ -15,11 +15,9 @@ Microsoft Store for Business and Education regularly releases new and improved f
## Latest updates for Store for Business and Education
**November 2017**
**December 2017**
| | |
|-----------------------|---------------------------------|
| ![Microsoft Store for Business Edcucation, Export users link.](images/msfb-wn-1711-export-user.png) |**Export list of Minecraft: Education Edition users**<br /><br />Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.<br /><br />**Applies to**:<br /> Microsoft Store for Education |
Weve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
<!---
Weve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
@ -32,8 +30,12 @@ Weve been working on bug fixes and performance improvements to provide you a
## Previous releases and updates
[November 2017](release-history-microsoft-store-business-education.md#november-2017)
- Export list of Minecraft: Education Edition users
- Bug fixes and performance improvements
[October 2017](release-history-microsoft-store-business-education.md#october-2017)
- Bug fixes and permformance improvements.
- Bug fixes and permformance improvements
[September 2017](release-history-microsoft-store-business-education.md#september-2017)
- Manage Windows device deployment with Windows AutoPilot Deployment

2
windows/access-protection/credential-guard/credential-guard-considerations.md
View File

@ -61,7 +61,7 @@ Since Credential Manager cannot decrypt saved Windows Credentials, they are dele
### Domain-joined devices automatically provisioned public key
Beginning with Windows 10 and Windows Server 2016, domain-devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](https://docs.microsoft.com/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
Since Credential Guard cannot decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it cannot authenticate with password until that policy disabled. For more information on Configuring device to only use public key, see [Domain-joined Device Public Key Authentication](https://docs.microsoft.com/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
Since Credential Guard cannot decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it cannot authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](https://docs.microsoft.com/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
Also if any access control checks including authentication policies require devices to have either the KEY TRUST IDENTITY (S-1-18-4) or FRESH PUBLIC KEY IDENTITY (S-1-18-3) well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](https://msdn.microsoft.com/en-us/library/cc980032.aspx).

1440
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

File diff suppressed because it is too large Load Diff

16
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -794,9 +794,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching" id="deliveryoptimization-doallowvpnpeercaching">DeliveryOptimization/DOAllowVPNPeerCaching</a>
</dd>
<dd>
<a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost" id="deliveryoptimization-docachehost">DeliveryOptimization/DOCacheHost</a>
</dd>
<dd>
<a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp" id="deliveryoptimization-dodelaybackgrounddownloadfromhttp">DeliveryOptimization/DODelayBackgroundDownloadFromHttp</a>
</dd>
@ -2482,6 +2479,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-search.md#search-allowcloudsearch" id="search-allowcloudsearch">Search/AllowCloudSearch</a>
</dd>
<dd>
<a href="./policy-csp-search.md#search-allowcortanainaad" id="search-allowcortanainaad">Search/AllowCortanaInAAD</a>
</dd>
<dd>
<a href="./policy-csp-search.md#search-allowindexingencryptedstoresoritems" id="search-allowindexingencryptedstoresoritems">Search/AllowIndexingEncryptedStoresOrItems</a>
</dd>
@ -2506,6 +2506,10 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-search.md#search-disableremovabledriveindexing" id="search-disableremovabledriveindexing">Search/DisableRemovableDriveIndexing</a>
</dd>
<dd>
<a href="./policy-csp-search.md#search-donotusewebresults" id="search-donotusewebresults">Search/DoNotUseWebResults</a>
</dd>
<dd>
<a href="./policy-csp-search.md#search-preventindexinglowdiskspacemb" id="search-preventindexinglowdiskspacemb">Search/PreventIndexingLowDiskSpaceMB</a>
</dd>
@ -2751,12 +2755,18 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disableenterpriseauthproxy" id="system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disableonedrivefilesync" id="system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disablesystemrestore" id="system-disablesystemrestore">System/DisableSystemRestore</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-feedbackhubalwayssavediagnosticslocally" id="system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics" id="system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>

52
windows/client-management/mdm/policy-csp-deliveryoptimization.md
View File

@ -27,9 +27,6 @@ ms.date: 01/03/2018
<dd>
<a href="#deliveryoptimization-doallowvpnpeercaching">DeliveryOptimization/DOAllowVPNPeerCaching</a>
</dd>
<dd>
<a href="#deliveryoptimization-docachehost">DeliveryOptimization/DOCacheHost</a>
</dd>
<dd>
<a href="#deliveryoptimization-dodelaybackgrounddownloadfromhttp">DeliveryOptimization/DODelayBackgroundDownloadFromHttp</a>
</dd>
@ -199,55 +196,6 @@ The following list shows the supported values:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="deliveryoptimization-docachehost"></a>**DeliveryOptimization/DOCacheHost**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. TBD
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="deliveryoptimization-dodelaybackgrounddownloadfromhttp"></a>**DeliveryOptimization/DODelayBackgroundDownloadFromHttp**
<!--StartSKU-->

124
windows/client-management/mdm/policy-csp-search.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 12/14/2017
ms.date: 01/08/2018
---
# Policy CSP - Search
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -22,6 +24,9 @@ ms.date: 12/14/2017
<dd>
<a href="#search-allowcloudsearch">Search/AllowCloudSearch</a>
</dd>
<dd>
<a href="#search-allowcortanainaad">Search/AllowCortanaInAAD</a>
</dd>
<dd>
<a href="#search-allowindexingencryptedstoresoritems">Search/AllowIndexingEncryptedStoresOrItems</a>
</dd>
@ -46,6 +51,9 @@ ms.date: 12/14/2017
<dd>
<a href="#search-disableremovabledriveindexing">Search/DisableRemovableDriveIndexing</a>
</dd>
<dd>
<a href="#search-donotusewebresults">Search/DoNotUseWebResults</a>
</dd>
<dd>
<a href="#search-preventindexinglowdiskspacemb">Search/PreventIndexingLowDiskSpaceMB</a>
</dd>
@ -105,6 +113,61 @@ ms.date: 12/14/2017
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="search-allowcortanainaad"></a>**Search/AllowCortanaInAAD**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow..
<!--EndDescription-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Not allowed. The Cortana consent page will not appear in AAD OOBE during setup.
- 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**
<!--StartSKU-->
@ -460,6 +523,65 @@ The following list shows the supported values:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="search-donotusewebresults"></a>**Search/DoNotUseWebResults**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. Don't search the web or display web results in Search.
This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.
If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search.
<!--EndDescription-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - Not allowed. Queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
- 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**
<!--StartSKU-->

104
windows/client-management/mdm/policy-csp-system.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 12/14/2017
ms.date: 12/19/2017
---
# Policy CSP - System
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -46,12 +48,18 @@ ms.date: 12/14/2017
<dd>
<a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="#system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
<dd>
<a href="#system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
</dd>
<dd>
<a href="#system-disablesystemrestore">System/DisableSystemRestore</a>
</dd>
<dd>
<a href="#system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
</dd>
<dd>
<a href="#system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>
@ -603,6 +611,50 @@ ADMX Info:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-disableenterpriseauthproxy"></a>**System/DisableEnterpriseAuthProxy**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**
<!--StartSKU-->
@ -731,6 +783,56 @@ ADMX Info:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-feedbackhubalwayssavediagnosticslocally"></a>**System/FeedbackHubAlwaysSaveDiagnosticsLocally**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
<!--EndDescription-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - False. The Feedback Hub will not always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so.
- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
<!--StartSKU-->

1
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
New or changed topic | Description
--- | ---
[ConnectivityProfiles](wcd/wcd-connectivityprofiles.md) | Added settings for VPN **Native** and **Third Party** profile types.
[Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) | Clarified that the TopMFUApps elements in layoutmodification.xml are not supported in Windows 10, version 1709.
## November 2017

2
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -111,7 +111,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
>[!NOTE]
>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid applying AppLocker rules to devices running the multi-app kiosk configuration.
>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout).
- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).

26
windows/configuration/wcd/wcd-connectivityprofiles.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 09/06/2017
ms.date: 01/10/2018
---
# ConnectivityProfiles (Windows Configuration Designer reference)
@ -114,15 +114,33 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
| Setting | Description |
| --- | --- |
| **ProfileType** | Choose between **Native** and **Third Party** |
| RememberCredentials | Select whether credentials should be cached |
| AlwaysOn | Set to **True** to automatically connect the VPN at sign-in |
| LockDown | When set to **True**:</br>- Profile automatically becomes an "always on" profile</br>- VPN cannot be disconnected</br>-If the profile is not connected, the user has no network connectivity</br>- No other profiles can be connected or modified |
| ByPassForLocal | When set to **True**, requests to local resources on the same Wi-Fi neetwork as the VPN client can bypass VPN |
| DnsSuffix | Enter one or more comma-separated DNS suffixes. The first suffix listed is usedas the primary connection-specific DNS suffix for the VPN interface. The list is added to the SuffixSearchList. |
| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
| LockDown | When set to **True**:</br>- Profile automatically becomes an "always on" profile</br>- VPN cannot be disconnected</br>-If the profile is not connected, the user has no network connectivity</br>- No other profiles can be connected or modified |
| Proxy | Configure to **Automatic** or **Manual** |
| ProxyAutoConfigUrl | When **Proxy** is set to **Automatic**, enter the URL to automatically retrieve the proxy settings |
| ProxyServer | When **Proxy** is set to **Manual**, enter the proxy server address as a fully qualified hostname or enter `IP address:Port` |
| RememberCredentials | Select whether credentials should be cached |
| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
When **ProfileType** is set to **Native**, the following additional settings are available.
Setting | Description
--- | ---
AuthenticationUserMethod | When you set **NativeProtocolType** to **IKEv2**, choose between **EAP** and **MSChapv2**.
EAPConfiguration | When you set **AuthenticationUserMethod** to **EAP**, enter the HTML-encoded XML to configure EAP. For more information, see [EAP configuration](https://docs.microsoft.com/windows/client-management/mdm/eap-configuration).
NativeProtocolType | Choose between **PPTP**, **L2TP**, **IKEv2**, and **Automatic**.
RoutingPolicyType | Choose between **SplitTunnel**, in which traffic can go over any interface as determined by the networking stack, and **ForceTunnel**, in which all IP traffic must go over the VPN interface.
Server | Enter the public or routable IP address or DNS name for the VPN gateway. It can point to the exteranl IP of a gateway or a virtual IP for a server farm.
When **ProfileType** is set to **Third Party**, the following additional settings are available.
Setting | Description
--- |---
PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations as well as defaults.
PluginProfilePackageFamilyName | Choose between **Pulse Secure VPN**, **F5 VPN Client**, and **SonicWALL Mobile Connect**.
PluginProfileServerUrlList | Enter a comma-separated list of servers in URL, hostname, or IP format.
## WiFiSense

4
windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.date: 10/16/2017
ms.date: 01/11/2018
ms.localizationpriority: high
---
@ -571,7 +571,7 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
800040005 - 0x20007
80040005 - 0x20007
</table>

157
windows/deployment/windows-10-deployment-scenarios.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.date: 12/18/2017
ms.date: 01/10/2018
author: greg-lindsay
---
@ -16,62 +16,40 @@ author: greg-lindsay
**Applies to**
- Windows 10
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task.
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following tables summarize different Windows 10 deployment options and requirements.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
- Modern deployment methods are recommended unless you have a specific need to use a different procedure.
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
- Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.<br>&nbsp;
| Scenario | Description | More information |
| :---: | :---: | :---: |
| [Windows AutoPilot](#windows-autopilot) | Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured. |[Overview of Windows AutoPilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-autopilot) |
| [In-place upgrade](#in-place-upgrade) | Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old. |[Perform an in-place upgrade to Windows 10 with MDT](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit)<br>[Perform an in-place upgrade to Windows 10 using Configuration Manager](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager) |
| [Subscription Activation](#windows-10-subscription-activation) | Switch from Windows 10 Pro to Enterprise when a subscribed user signs in. |[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) |
| [AAD / MDM](#dynamic-provisioning) | The device is automatically joined to AAD and configured by MDM. |[Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm) |
| [Provisioning packages](#dynamic-provisioning) | Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices. |[Configure devices without MDM](https://docs.microsoft.com/windows/configuration/configure-devices-without-mdm) |
| [Bare metal](#new-computer) | Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt)<br>[Install a new version of Windows on a new computer with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal) |
| [Refresh](#computer-refresh) | Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. |[Refresh a Windows 7 computer with Windows 10](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10)<br>[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager) |
| [Replace](#computer-replace) | Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device. |[Replace a Windows 7 computer with a Windows 10 computer](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer)<br>[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager) |
<table border="1">
<tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Scenario</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Description</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>More information</b></td></tr>
<tr><td align='center' valign='middle' style='width:16%; border:1;' rowspan="2">Modern</td>
<td align="center">
OS requirements:
<br>&nbsp;
<table border="1" align='left'>
<tr style="text-align:center;">
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Category</b>
</td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Scenario</b>
</td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Windows 10 1703 or later</b>
</td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Windows 7 up to Windows 10 1607</b>
</td>
</tr>
<tr>
<td align="center" valign="middle" style="width:16%; border:1;" rowspan="2">
Modern
[Windows AutoPilot](#windows-autopilot)</td>
<td align="center" style="width:16%; border:1;">
Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured.
</td>
<td align="center" style="width:16%; border:1;">
Windows AutoPilot
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
</td>
<td align="center" style="width:16%; border:1;">
X
<a href="https://docs.microsoft.com/en-us/windows/deployment/windows-10-autopilot">Overview of Windows AutoPilot</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
In-place upgrade
[In-place upgrade](#in-place-upgrade)
</td>
<td align="center" style="width:16%; border:1;">
Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
@ -79,91 +57,99 @@ OS requirements:
Dynamic
</td>
<td align="center" style="width:16%; border:1;">
Subscription Activation
[Subscription Activation](#windows-10-subscription-activation)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.
</td>
<td align="center" style="width:16%; border:1;">
X
<a href="https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation">Windows 10 Subscription Activation</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
AAD / MDM
[AAD / MDM](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
The device is automatically joined to AAD and configured by MDM.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm">Azure Active Directory integration with MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
Provisioning packages
[Provisioning packages](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/configuration/configure-devices-without-mdm">Configure devices without MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;" rowspan="3">
Traditional
</td>
<td align="center" style="width:16%; border:1;">
Bare metal
<td align="center" style="width:16%; border:1;">
[Bare metal](#new-computer)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Deploy a new device, or wipe an existing device and deploy with a fresh image.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with System Center Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
Refresh
[Refresh](#computer-refresh)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
Replace
[Replace](#computer-replace)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
</table>
<br>&nbsp;
>[!NOTE]
>There is no pre-existing OS in the Windows AutoPilot or bare metal scenarios, so apps and settings are not migrated. In all other scenarios the existing apps and user settings are typically migrated to the new operating system.
## Windows AutoPilot
>[!IMPORTANT]
>The Windows AutoPilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.<br>
>Except for clean install scenarios such as traditional bare metal and Windows AutoPilot, all the methods described can optionally migrate apps and settings to the new OS.
## Modern deployment methods
Modern deployment methods embrace both traditional on-prem and cloud services to deliver a simple, streamlined, cost effective deployment experience.
### Windows AutoPilot
Windows AutoPilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows AutoPilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device after just a few clicks. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
For more information about Windows AutoPilot, see [Overview of Windows AutoPilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows AutoPilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
## Windows 10 Subscription Activation
Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation).
## In-place upgrade
### In-place upgrade
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
@ -188,26 +174,27 @@ There are some situations where you cannot use in-place upgrade; in these situat
- Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
## Dynamic provisioning
For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image, because this was often faster and easier than leveraging the preinstalled version. But this is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it is now possible to avoid this.
The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
- Changing the Windows edition with a single reboot. For organizations that have Software Assurance for Windows, it is easy to change a device from Windows 10 Pro to Windows 10 Enterprise, just by specifying an appropriate product or setup key. When the device restarts, all of the Windows 10 Enterprise features will be enabled.
### Windows 10 Subscription Activation<A ID="windows-10-subscription-activation"></A>
- Configuring the device with VPN and Wi-Fi connections that may be needed to gain access to organization resources.
- Installation of additional apps needed for organization functions.
- Configuration of common Windows settings to ensure compliance with organization policies.
- Enrollment of the device in a mobile device management (MDM) solution, such as Microsoft Intune.
Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation).
There are two primary dynamic provisioning scenarios:
- **Azure Active Directory (Azure AD) Join with automatic mobile device management (MDM) enrollment.** In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed.
### Azure Active Directory (AAD) join with automatic mobile device management (MDM) enrollment
- **Provisioning package configuration.** Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Azure Active Directory integration with MDM](https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
Either way, these scenarios can be used to enable “choose your own device” (CYOD) programs where the organizations users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
### Provisioning package configuration
Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
These scenarios can be used to enable “choose your own device” (CYOD) programs where the organizations users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
While the initial Windows 10 release includes a variety of provisioning settings and deployment mechanisms, these will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for additional features through the Windows Feedback app or through their Microsoft Support contacts.
@ -226,7 +213,8 @@ The traditional deployment scenario can be divided into different sub-scenarios.
- **Computer replace.** A replacement of the old machine with a new machine (with user-state migration and an optional full WIM image backup).
### New computer
This scenario occurs when you have a blank machine you need to deploy, or an existing machine you want to wipe and redeploy without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). You can also generate a full offline media that includes all the files needed for a client deployment, allowing you to deploy without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
Also called a "bare metal" deployment. This scenario occurs when you have a blank machine you need to deploy, or an existing machine you want to wipe and redeploy without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). You can also generate a full offline media that includes all the files needed for a client deployment, allowing you to deploy without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
The deployment process for the new machine scenario is as follows:
@ -241,6 +229,7 @@ The deployment process for the new machine scenario is as follows:
After taking these steps, the computer is ready for use.
### Computer refresh
A refresh is sometimes called wipe-and-load. The process is normally initiated in the running operating system. User data and settings are backed up and restored later as part of the deployment process. The target can be the same as for the new computer scenario.
The deployment process for the wipe-and-load scenario is as follows:
@ -260,6 +249,7 @@ The deployment process for the wipe-and-load scenario is as follows:
After taking these steps, the machine is ready for use.
### Computer replace
A computer replace is similar to the refresh scenario. However, since we are replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
The deployment process for the replace scenario is as follows:
@ -271,6 +261,7 @@ The deployment process for the replace scenario is as follows:
**Note**<br>In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
## Related topics
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)

16
windows/deployment/windows-autopilot/TOC.md
View File

@ -1,8 +1,8 @@
# [Overview of Windows AutoPilot](windows-10-autopilot.md)
## [The Windows AutoPilot Deployment Program in Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
## [The Windows AutoPilot Deployment Program in Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
## [The Windows AutoPilot Deployment Program in Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
## [The Windows AutoPilot Deployment Program in Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
## [Demo the Windows AutoPilot Deployment Program on a Virtual Machine](windows-10-autopilot-demo-vm.md)
# [Overview of Windows AutoPilot](windows-10-autopilot.md)
## [The Windows AutoPilot Deployment Program in Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
## [The Windows AutoPilot Deployment Program in Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
## [The Windows AutoPilot Deployment Program in Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
## [The Windows AutoPilot Deployment Program in Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
## [Demo the Windows AutoPilot Deployment Program on a Virtual Machine](windows-10-autopilot-demo-vm.md)

416
windows/deployment/windows-autopilot/windows-10-autopilot-demo-vm.md
View File

@ -1,209 +1,209 @@
---
title: Demo the Windows AutoPilot Deployment Program on a Virtual Machine
description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows AutoPilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/21/2017
---
# Demo the Windows AutoPilot Deployment Program on a Virtual Machine
**Applies to**
- Windows 10
In this topic you'll learn how to set-up a Windows AutoPilot deployment for a Virtual Machine using Hyper-V.
## Prerequisites
These are the thing you'll need on your device to get started:
* Installation media for the latest version of Windows 10 Professional or Enterprise (ISO file)
* Internet access (see [Network connectivity requirements](windows-10-autopilot.md#network-connectivity-requirements))
* Hypervisor needs to be unoccupied, or used by Hyper-V, as we will be using Hyper-V to create the Virtual Machine
See additional prerequisites in the [Windows AutoPilot overview topic](windows-10-autopilot.md#prerequisites).
## Create your Virtual Machine
### Enable Hyper-V
The first thing to do, is to enable the Hyper-V feature on your device.
>[!IMPORTANT]
>If you already have Hyper-V enabled, skip this step.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
```
You will be prompted to restart your device, so save all your work and restart it before you continue.
### Create and start your demo Virtual Machine
Now that Hyper-V is enabled, proceed to create your Virtual Machine.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
New-VMSwitch -Name AutoPilotExternal -NetAdapterName <Name of Network Adapter with internet access> -AllowManagementOS $true
New-VM -Name WindowsAutoPilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutoPilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutoPilotExternal
Add-VMDvdDrive -Path <Path to Windows 10 ISO> -VMName WindowsAutoPilot
Start-VM -VMName WindowsAutoPilot
```
>[!IMPORTANT]
>Make sure to replace <*Name of Network Adapter with internet access*> and <*Path to Windows 10 ISO*> with the appropriate values.
>Additionally, note that all Virtual Machine related data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the above.
### Install Windows 10
Now that the Virtual Machine was created and started, open **Hyper-V Manager** and connect to the **WindowsAutoPilot** Virtual Machine.
Make sure the Virtual Machine booted from the installation media you've provided and complete the Windows installation process.
Once the installation is complete, create a checkpoint. You will create multiple checkpoints throughout this process, which you can later use to go through the process again.
To create the checkpoint, open a PowerShell prompt **as an administrator** and run the following:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "Finished Windows install"
```
## Capture your Virtual Machine's hardware ID
On the newly created Virtual Machine, open a PowerShell prompt **as an administrator** and run the following:
```powershell
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
```
>[!NOTE]
>Accept all prompts while running the above cmdlets.
### Mount the Virtual Hard Drive (VHD)
To gain access to the AutoPilotHWID.csv that contains the hardware ID, stop the Virtual Machine to unlock the Virtual Hard Drive.
To do that, on your device (**not** on the Virtual Machine), open a PowerShell prompt **as an administrator** and run the following:
```powershell
Stop-VM -VMName WindowsAutoPilot
```
Once the Virtual Machine has stopped, create a checkpoint:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "HWID captured"
```
With the checkpoint created, continue to mount the VHD:
```powershell
Mount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
```
Once mounted, navigate to the new drive and copy **AutoPilotHWID.csv** to a location on your device.
Before you proceed, unmount the VHD to unlock it and start the Virtual Machine:
```powershell
Dismount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
Start-VM -VMName WindowsAutoPilot
```
## Reset Virtual Machine back to Out-Of-Box-Experience (OOBE)
With the hardware ID captured, prepare your Virtual Machine for Windows AutoPilot deployment by resetting it back to OOBE.
On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**.
Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**.
![Reset this PC final prompt](images/autopilot-reset-prompt.jpg)
Resetting your Virtual Machine can take a while. Proceed to the next steps while your Virtual Machine is resetting.
![Reset this PC screen capture](images/autopilot-reset-progress.jpg)
## Configure company branding
>[!IMPORTANT]
>If you already have company branding configured in Azure Active Directory, you can skip this step.
Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding).
>[!IMPORTANT]
>Make sure to sign-in with a Global Administrator account.
Click on **Configure** and configure any type of company branding you'd like to see during the OOBE.
![Configure button in Company branding](images/autopilot-aad-configure.jpg)
Once finished, click **Save**.
>[!NOTE]
>Changes to company branding can take up to 30 minutes to apply.
## Configure Microsoft Intune auto-enrollment
>[!IMPORTANT]
>If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
Navigate to [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**.
For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**.
![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.jpg)
## Register your Virtual Machine to your organization
Navigate to [Microsoft Store for Business device management](https://businessstore.microsoft.com/en-us/manage/devices). Click on **Add devices** and select the **AutoPilotHWID.csv** you've saved earlier. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your Virtual Machine added.
![Add devices through Microsoft Store for Business](images/autopilot-devices-add.jpg)
## Create and assign a Windows AutoPilot deployment profile
Navigate to [Windows enrollment in Microsoft Intune](https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/OverviewBlade/windowsEnrollment).
Make sure to sync the device you've just registered, by clicking on **Devices** under **Windows Autopilot Deployment Program (Preview)** and selecting **Sync**. Wait a few moments before refreshing to see your Virtual Machine added.
![Microsoft Intune sync Windows devices](images/autopilot-intune-sync.jpg)
### Create a Windows AutoPilot deployment profile
Click on **Deployment profiles** under **Windows Autopilot Deployment Program (Preview)** and select **Create profile**.
![Microsoft Intune create deployment profile](images/autopilot-intune-profile-add.jpg)
In the **Create profile** blade, set the name to **AutoPilot Intune Demo**, click on **Out-of-box experience (OOBE)** and configure the following:
| Setting name | Value |
|---|---|
|Privacy Settings|Hide|
|End user license agreement (EULA)|Hide|
|User account type|Standard|
Click on **Save** and **Create**.
![Create a new deployment profile in Microsoft Intune](images/autopilot-intune-profile-configure.jpg)
### Assign a Windows AutoPilot deployment profile
With the deployment profile created, go back to **Devices** under **Windows Autopilot Deployment Program (Preview)** and select your Virtual Machine. Click on **Assign profile** and in the **Assign Profile** blade select **AutoPilot Intune Demo** under the **AutoPilot profile**. Click on **Assign**.
![Assign AutoPilot Profile in Microsoft Intune](images/autopilot-intune-profile-assign.jpg)
Wait a few minutes for all changes to apply.
## See Windows AutoPilot in action
By now, your Virtual Machine should be back to OOBE. Make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding)
, otherwise those changes might not show up.
Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
![OOBE sign-in page](images/autopilot-oobe.jpg)
Windows AutoPilot will now take over to automatically join your Virtual Machine into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
---
title: Demo the Windows AutoPilot Deployment Program on a Virtual Machine
description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows AutoPilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/21/2017
---
# Demo the Windows AutoPilot Deployment Program on a Virtual Machine
**Applies to**
- Windows 10
In this topic you'll learn how to set-up a Windows AutoPilot deployment for a Virtual Machine using Hyper-V.
## Prerequisites
These are the thing you'll need on your device to get started:
* Installation media for the latest version of Windows 10 Professional or Enterprise (ISO file)
* Internet access (see [Network connectivity requirements](windows-10-autopilot.md#network-connectivity-requirements))
* Hypervisor needs to be unoccupied, or used by Hyper-V, as we will be using Hyper-V to create the Virtual Machine
See additional prerequisites in the [Windows AutoPilot overview topic](windows-10-autopilot.md#prerequisites).
## Create your Virtual Machine
### Enable Hyper-V
The first thing to do, is to enable the Hyper-V feature on your device.
>[!IMPORTANT]
>If you already have Hyper-V enabled, skip this step.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
```
You will be prompted to restart your device, so save all your work and restart it before you continue.
### Create and start your demo Virtual Machine
Now that Hyper-V is enabled, proceed to create your Virtual Machine.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
New-VMSwitch -Name AutoPilotExternal -NetAdapterName <Name of Network Adapter with internet access> -AllowManagementOS $true
New-VM -Name WindowsAutoPilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutoPilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutoPilotExternal
Add-VMDvdDrive -Path <Path to Windows 10 ISO> -VMName WindowsAutoPilot
Start-VM -VMName WindowsAutoPilot
```
>[!IMPORTANT]
>Make sure to replace <*Name of Network Adapter with internet access*> and <*Path to Windows 10 ISO*> with the appropriate values.
>Additionally, note that all Virtual Machine related data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the above.
### Install Windows 10
Now that the Virtual Machine was created and started, open **Hyper-V Manager** and connect to the **WindowsAutoPilot** Virtual Machine.
Make sure the Virtual Machine booted from the installation media you've provided and complete the Windows installation process.
Once the installation is complete, create a checkpoint. You will create multiple checkpoints throughout this process, which you can later use to go through the process again.
To create the checkpoint, open a PowerShell prompt **as an administrator** and run the following:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "Finished Windows install"
```
## Capture your Virtual Machine's hardware ID
On the newly created Virtual Machine, open a PowerShell prompt **as an administrator** and run the following:
```powershell
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
```
>[!NOTE]
>Accept all prompts while running the above cmdlets.
### Mount the Virtual Hard Drive (VHD)
To gain access to the AutoPilotHWID.csv that contains the hardware ID, stop the Virtual Machine to unlock the Virtual Hard Drive.
To do that, on your device (**not** on the Virtual Machine), open a PowerShell prompt **as an administrator** and run the following:
```powershell
Stop-VM -VMName WindowsAutoPilot
```
Once the Virtual Machine has stopped, create a checkpoint:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "HWID captured"
```
With the checkpoint created, continue to mount the VHD:
```powershell
Mount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
```
Once mounted, navigate to the new drive and copy **AutoPilotHWID.csv** to a location on your device.
Before you proceed, unmount the VHD to unlock it and start the Virtual Machine:
```powershell
Dismount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
Start-VM -VMName WindowsAutoPilot
```
## Reset Virtual Machine back to Out-Of-Box-Experience (OOBE)
With the hardware ID captured, prepare your Virtual Machine for Windows AutoPilot deployment by resetting it back to OOBE.
On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**.
Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**.
![Reset this PC final prompt](images/autopilot-reset-prompt.jpg)
Resetting your Virtual Machine can take a while. Proceed to the next steps while your Virtual Machine is resetting.
![Reset this PC screen capture](images/autopilot-reset-progress.jpg)
## Configure company branding
>[!IMPORTANT]
>If you already have company branding configured in Azure Active Directory, you can skip this step.
Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding).
>[!IMPORTANT]
>Make sure to sign-in with a Global Administrator account.
Click on **Configure** and configure any type of company branding you'd like to see during the OOBE.
![Configure button in Company branding](images/autopilot-aad-configure.jpg)
Once finished, click **Save**.
>[!NOTE]
>Changes to company branding can take up to 30 minutes to apply.
## Configure Microsoft Intune auto-enrollment
>[!IMPORTANT]
>If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
Navigate to [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**.
For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**.
![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.jpg)
## Register your Virtual Machine to your organization
Navigate to [Microsoft Store for Business device management](https://businessstore.microsoft.com/en-us/manage/devices). Click on **Add devices** and select the **AutoPilotHWID.csv** you've saved earlier. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your Virtual Machine added.
![Add devices through Microsoft Store for Business](images/autopilot-devices-add.jpg)
## Create and assign a Windows AutoPilot deployment profile
Navigate to [Windows enrollment in Microsoft Intune](https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/OverviewBlade/windowsEnrollment).
Make sure to sync the device you've just registered, by clicking on **Devices** under **Windows Autopilot Deployment Program (Preview)** and selecting **Sync**. Wait a few moments before refreshing to see your Virtual Machine added.
![Microsoft Intune sync Windows devices](images/autopilot-intune-sync.jpg)
### Create a Windows AutoPilot deployment profile
Click on **Deployment profiles** under **Windows Autopilot Deployment Program (Preview)** and select **Create profile**.
![Microsoft Intune create deployment profile](images/autopilot-intune-profile-add.jpg)
In the **Create profile** blade, set the name to **AutoPilot Intune Demo**, click on **Out-of-box experience (OOBE)** and configure the following:
| Setting name | Value |
|---|---|
|Privacy Settings|Hide|
|End user license agreement (EULA)|Hide|
|User account type|Standard|
Click on **Save** and **Create**.
![Create a new deployment profile in Microsoft Intune](images/autopilot-intune-profile-configure.jpg)
### Assign a Windows AutoPilot deployment profile
With the deployment profile created, go back to **Devices** under **Windows Autopilot Deployment Program (Preview)** and select your Virtual Machine. Click on **Assign profile** and in the **Assign Profile** blade select **AutoPilot Intune Demo** under the **AutoPilot profile**. Click on **Assign**.
![Assign AutoPilot Profile in Microsoft Intune](images/autopilot-intune-profile-assign.jpg)
Wait a few minutes for all changes to apply.
## See Windows AutoPilot in action
By now, your Virtual Machine should be back to OOBE. Make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding)
, otherwise those changes might not show up.
Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
![OOBE sign-in page](images/autopilot-oobe.jpg)
Windows AutoPilot will now take over to automatically join your Virtual Machine into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
Missing something in this topic? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-autopilot-demo-vm.md).

266
windows/deployment/windows-autopilot/windows-10-autopilot.md
View File

@ -1,133 +1,133 @@
---
title: Overview of Windows AutoPilot
description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/13/2017
---
# Overview of Windows AutoPilot
**Applies to**
- Windows 10
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
## Windows AutoPilot Scenarios
### Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows AutoPilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
#### The Windows AutoPilot Deployment Program experience
The Windows AutoPilot Deployment Program enables you to:
* Automatically join devices to Azure Active Directory (Azure AD)
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
##### Prerequisites
* [Devices must be registered to the organization](#device-registration-and-oobe-customization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
* [Network connectivity to cloud services used by Windows AutoPilot](#network-connectivity-requirements)
* Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
* Devices must have access to the internet
* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* [Users must be allowed to join devices into Azure AD](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal)
* Microsoft Intune or other MDM services to manage your devices
The end-user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
* Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
</br>
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/4K4hC5NchbE" frameborder="0" allowfullscreen></iframe>
#### Device registration and OOBE customization
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
Once devices are registered, these are the OOBE customization options available for Windows 10, starting with version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
* Skipping EULA (*staring with Windows 10, version 1709*)
* Preventing the account used to set-up the device from getting local administrator permissions
For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
* [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
* [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
* [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
* [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
##### Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory), to configure these settings.
##### Configure MDM auto-enrollment in Microsoft Intune
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Microsoft Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
#### Network connectivity requirements
The Windows AutoPilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
* https://go.microsoft.com
* https://login.microsoftonline.com
* https://login.live.com
* https://account.live.com
* https://signup.live.com
* https://licensing.mp.microsoft.com
* https://licensing.md.mp.microsoft.com
* ctldl.windowsupdate.com
* download.windowsupdate.com
>[!NOTE]
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/en-us/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-auto-pilot.md).
---
title: Overview of Windows AutoPilot
description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/13/2017
---
# Overview of Windows AutoPilot
**Applies to**
- Windows 10
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
## Windows AutoPilot Scenarios
### Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows AutoPilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
#### The Windows AutoPilot Deployment Program experience
The Windows AutoPilot Deployment Program enables you to:
* Automatically join devices to Azure Active Directory (Azure AD)
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
##### Prerequisites
* [Devices must be registered to the organization](#device-registration-and-oobe-customization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
* [Network connectivity to cloud services used by Windows AutoPilot](#network-connectivity-requirements)
* Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
* Devices must have access to the internet
* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* [Users must be allowed to join devices into Azure AD](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal)
* Microsoft Intune or other MDM services to manage your devices
The end-user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
* Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
</br>
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/4K4hC5NchbE" frameborder="0" allowfullscreen></iframe>
#### Device registration and OOBE customization
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
Once devices are registered, these are the OOBE customization options available for Windows 10, starting with version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
* Skipping EULA (*staring with Windows 10, version 1709*)
* Preventing the account used to set-up the device from getting local administrator permissions
For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
* [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
* [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
* [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
* [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
##### Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory), to configure these settings.
##### Configure MDM auto-enrollment in Microsoft Intune
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Microsoft Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
#### Network connectivity requirements
The Windows AutoPilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
* https://go.microsoft.com
* https://login.microsoftonline.com
* https://login.live.com
* https://account.live.com
* https://signup.live.com
* https://licensing.mp.microsoft.com
* https://licensing.md.mp.microsoft.com
* ctldl.windowsupdate.com
* download.windowsupdate.com
>[!NOTE]
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/en-us/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-auto-pilot.md).