deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into lsaldanha-5475844

Browse Source
This commit is contained in:
Daniel Simpson
2021-10-14 15:45:19 -07:00
committed by GitHub
parent f59712b5b5 cdd7b8489d
commit 9496caadc0
30 changed files with 353 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/administrative-tools-in-windows-10.md
View File

@ -18,9 +18,9 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 11
- Windows 10
- Windows 11
Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.

2
windows/client-management/advanced-troubleshooting-802-authentication.md
View File

@ -21,7 +21,7 @@ This article includes general troubleshooting for 802.1X wireless and wired clie
## Scenarios
This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 11 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
## Known issues

3
windows/client-management/advanced-troubleshooting-boot-problems.md
View File

@ -31,8 +31,7 @@ There are several reasons why a Windows-based computer may have problems during
**1. PreBoot**
The PCs firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot
Manager.
The PCs firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
**2. Windows Boot Manager**

3
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -21,7 +21,8 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 11
- Windows 11
From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).

4
windows/client-management/group-policies-for-enterprise-and-education-editions.md
View File

@ -16,9 +16,9 @@ ms.topic: troubleshooting
# Group Policy settings that apply only to Windows 10 Enterprise and Education Editions
**Applies to**
- Windows 10
- Windows 11
- Windows 10
- Windows 11
In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education.

22
windows/client-management/manage-corporate-devices.md
View File

@ -1,5 +1,5 @@
---
title: Manage corporate devices (Windows)
title: Manage corporate devices
description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
ms.reviewer:
@ -30,13 +30,13 @@ You can use the same management tools to manage all device types running Windows
| Topic | Description |
| --- | --- |
| [Manage Windows 10 in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment |
| [Manage Windows 10 (and Windows 11) in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Strategies for deploying and managing Windows 10 (and Windows 11), including deploying Windows 10 (and Windows 11) in a mixed environment |
| [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) | How to use Remote Desktop Connection to connect to an Azure AD-joined PC |
| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions) | Options to manage user experiences to provide a consistent and predictable experience for employees |
| [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
| [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
| [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start |
| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 or Windows 11 in their organizations |
| [Manage Windows 10 (and Windows 11) and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions) | Options to manage user experiences to provide a consistent and predictable experience for employees |
| [New policies for Windows 10 (and Windows 11)](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
| [Group Policies that apply only to Windows Enterprise and Windows Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 (and Windows 11) in their organizations |
## Learn more
@ -47,13 +47,13 @@ You can use the same management tools to manage all device types running Windows
[Microsoft Intune End User Enrollment Guide](/samples/browse/?redirectedfrom=TechNet-Gallery)
[Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
[Azure AD Join on Windows 10 (and Windows 11) devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
[Azure AD support for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=615765)
[Azure AD support for Windows 10 (and Windows 11)](https://go.microsoft.com/fwlink/p/?LinkID=615765)
[Windows 10 and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
[How to manage Windows 10 devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
[How to manage Windows 10 (and Windows 11) devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
[Using Intune alone and with Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=613207)

1
windows/client-management/manage-device-installation-with-group-policy.md
View File

@ -14,7 +14,6 @@ ms.topic: article
# Manage Device Installation with Group Policy
**Applies to**
- Windows 10

6
windows/client-management/manage-settings-app-with-group-policy.md
View File

@ -14,11 +14,11 @@ ms.topic: article
# Manage the Settings app with Group Policy
**Applies to**
- Windows 10, Windows Server 2016
- Windows 11
- Windows 10
- Windows 11
- Windows Server 2016
You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update.

6
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -5,8 +5,8 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/02/2021
author: dansimp
ms.date: 10/14/2021
ms.reviewer:
manager: dansimp
---
@ -214,7 +214,7 @@ Requirements:
If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
6. Wait for the SYSVOL DFSR replication to be completed and then restart the Domain Controller for the policy to be available.
6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
This procedure will work for any future version as well.

6
windows/client-management/mdm/index.md
View File

@ -1,6 +1,6 @@
---
title: Mobile device management
description: Windows 10 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
MS-HAID:
- 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
- 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
@ -15,9 +15,9 @@ author: dansimp
# Mobile device management
Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users privacy on their personal devices. A built-in management component can communicate with the management server.
Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users privacy on their personal devices. A built-in management component can communicate with the management server.
There are two parts to the Windows 10 management component:
There are two parts to the Windows management component:
- The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.

13
windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
View File

@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 10/08/2020
ms.date: 10/11/2021
---
# Policies in Policy CSP supported by HoloLens 2
@ -51,6 +51,7 @@ ms.date: 10/08/2020
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>10</sup>
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
@ -101,7 +102,13 @@ ms.date: 10/08/2020
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) <sup>9</sup>
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) <sup>10</sup>
- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) <sup>10</sup>
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) <sup>10</sup>
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) <sup>10</sup>
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) <sup>10</sup>
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) <sup>10</sup>
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@ -109,7 +116,10 @@ ms.date: 10/08/2020
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) <sup>10</sup>
- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) <sup>10</sup>
- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) <sup>10</sup>
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>
@ -125,6 +135,7 @@ Footnotes:
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
## Related topics

84
windows/client-management/mdm/policy-csp-mixedreality.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/06/2020
ms.date: 10/12/2021
ms.reviewer:
manager: dansimp
---
@ -23,6 +23,9 @@ manager: dansimp
<dd>
<a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
</dd>
<dd>
<a href="#mixedreality-autologonuser">MixedReality/AutoLogonUser</a>
</dd>
<dd>
<a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
</dd>
@ -50,28 +53,28 @@ manager: dansimp
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>✔️</td>
</tr>
</table>
Steps to use this policy correctly:
1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s).
1. Create a custom OMA URI-based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s).
1. Create a custom OMA URI-based device configuration that sets this policy value to chosen number of days (> 0) and assign it to HoloLens devices.
1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
1. The value can be between min / max allowed.
1. Enroll HoloLens devices and verify both configurations get applied to the device.
1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point here is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
> [!NOTE]
> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
@ -79,6 +82,50 @@ Steps to use this policy correctly:
<!--/SupportedSKUs-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-autologonuser"></a>**MixedReality/AutoLogonUser**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td>✔️</td>
</tr>
</table>
<!--/Description-->
This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up login.
When the policy is set to a non-empty value, it specifies the email address of the auto log on user. The specified user must logon to the device at least once to enable autologon.
The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
<!--SupportedValues-->
String value
- User with the same email address will have autologon enabled.
On a device where this policy is configured, the user specified in the policy will need to log on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log on as a different user, the policy must first be disabled.
> [!NOTE]
>
> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
> - Auto-logon is only supported for MSA and AAD users.
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
@ -114,15 +161,15 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>✔️</td>
</tr>
</table>
@ -167,15 +214,15 @@ The following list shows the supported values:
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>✔️</td>
</tr>
</table>
@ -221,15 +268,15 @@ The following list shows the supported values:
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>✔️</td>
</tr>
</table>
@ -274,15 +321,15 @@ The following list shows the supported values:
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>✔️</td>
</tr>
</table>
@ -317,4 +364,3 @@ The following list shows the supported values:
<hr/>
<!--/Policies-->

10
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -5,8 +5,8 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 07/07/2020
author: dansimp
ms.date: 10/11/2021
ms.reviewer:
manager: dansimp
---
@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values:
- 0 - Disable Microsoft Defender Application Guard
- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004)
- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004)
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
@ -279,7 +279,7 @@ Value type is integer. Supported operation is Get.
- Bit 6 - Set to 1 when system reboot is required.
<a href="" id="platformstatus"></a>**PlatformStatus**
Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device.
Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device.
Value type is integer. Supported operation is Get.

2
windows/client-management/troubleshoot-tcpip-port-exhaust.md
View File

@ -195,5 +195,5 @@ goto loop
## Useful links
- [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status
- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11)
- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10, and Windows 11)