deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix: MD006/ul-start-left

Browse Source 
Consider starting bulleted lists at the beginning of the line
This commit is contained in:
Nick Schonning 2019-08-12 18:40:32 -04:00
parent 4f83bfdd46
commit 94e89df6b7
130 changed files with 998 additions and 1000 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
View File

@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
**To set up data collection using a domain allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important**<br>Wildcards, like \*.microsoft.com, arent supported.
**To set up data collection using a zone allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.

965
browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
View File

@ -1,482 +1,483 @@
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
author: dansimp
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
ms.reviewer:
audience: itpro manager: dansimp
ms.author: dansimp
title: Collect data using Enterprise Site Discovery
ms.sitesec: library
ms.date: 07/27/2017
---
# Collect data using Enterprise Site Discovery
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7 with Service Pack 1 (SP1)
Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
>**Upgrade Readiness and Windows upgrades**<br>
>You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
## Before you begin
Before you start, you need to make sure you have the following:
- Latest cumulative security update (for all supported versions of Internet Explorer):
1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
![microsoft security bulletin techcenter](images/securitybulletin-filter.png)
2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
![affected software section](images/affectedsoftware.png)
3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
- Configuration-related PowerShell scripts
- IETelemetry.mof file
- Sample System Center 2012 report templates
You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
## What data is collected?
Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
|Data point |IE11 |IE10 |IE9 |IE8 |Description |
|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. |
|Domain | X | X | X | X |Top-level domain of the browsed site. |
|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. |
|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. |
|Document mode reason | X | X | | |The reason why a document mode was set by IE. |
|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. |
|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. |
|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. |
|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. |
|Number of visits | X | X | X | X |Number of times a site has been visited. |
|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. |
>**Important**<br>By default, IE doesnt collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so theres no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
### Understanding the returned reason codes
The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
#### DocMode reason
The codes in this table can tell you what document mode was set by IE for a webpage.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
|Code |Description |
|-----|------------|
|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
|4 |Page is using an X-UA-compatible meta tag. |
|5 |Page is using an X-UA-compatible HTTP header. |
|6 |Page appears on an active **Compatibility View** list. |
|7 |Page is using native XML parsing. |
|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
|9 |Page state is set by the browser mode and the page's DOCTYPE.|
#### Browser state reason
The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
|Code |Description |
|-----|------------|
|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
|3 |Site appears on an active **Compatibility View** list, created by the user. |
|4 |Page is using an X-UA-compatible tag. |
|5 |Page state is set by the **Developer** toolbar. |
|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
|8 |Site appears on the **Quirks** list, created in Group Policy. |
|11 |Site is using the default browser. |
#### Zone
The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.<br>These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
|Code |Description |
|-----|------------|
|-1 |Internet Explorer is using an invalid zone. |
|0 |Internet Explorer is using the Local machine zone. |
|1 |Internet Explorer is using the Local intranet zone. |
|2 |Internet Explorer is using the Trusted sites zone. |
|3 |Internet Explorer is using the Internet zone. |
|4 |Internet Explorer is using the Restricted sites zone. |
## Where is the data stored and how do I collect it?
The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until its collected. To collect the files, we recommend:
- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
- **XML file**. Any agent that works with XML can be used.
## WMI Site Discovery suggestions
We recommend that you collect your data for at most a month at a time, to capture a users typical workflow. We dont recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computers hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorers performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, youll get about 150MB of data:<p>250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB
>**Important**<br>The data collection process is silent, so theres no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
## Getting ready to use Enterprise Site Discovery
Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
-OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
>**Important**<br>You must run this script if youre using WMI as your data output. It's not necessary if you're using XML as your data output.
**To set up Enterprise Site Discovery**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If youre sure, you can skip this section; otherwise, follow these steps:
**To set up your firewall**
1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
3. Restart your computer to start collecting your WMI data.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you dont want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
**To set up data collection using a domain allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important**<br>Wildcards, like \*.microsoft.com, arent supported.
**To set up data collection using a zone allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
## Use Group Policy to finish setting up Enterprise Site Discovery
You can use Group Policy to finish setting up Enterprise Site Discovery. If you dont want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
>**Note**<br> All of the Group Policy settings can be used individually or as a group.
**To set up Enterprise Site Discovery using Group Policy**
- Open your Group Policy editor, and go to these new settings:
|Setting name and location |Description |Options |
|---------------------------|-------------|---------|
|Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |<ul><li>**On.** Turns on WMI recording.</li><li>**Off.** Turns off WMI recording.</li></ul> |
|Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |<ul><li>**XML file path.** Including this turns on XML recording.</li><li>**Blank.** Turns off XML recording.</li></ul> |
|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:<p>0 Restricted Sites zone<br>0 Internet zone<br>0 Trusted Sites zone<br>0 Local Intranet zone<br>0 Local Machine zone<p>**Example 1:** Include only the Local Intranet zone<p>Binary representation: *00010*, based on:<p>0 Restricted Sites zone<br>0 Internet zone<br>0 Trusted Sites zone<br>1 Local Intranet zone<br>0 Local Machine zone<p>**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones<p>Binary representation: *10110*, based on:<p>1 Restricted Sites zone<br>0 Internet zone<br>1 Trusted Sites zone<br>1 Local Intranet zone<br>1 Local Machine zone |
|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
### Combining WMI and XML Group Policy settings
You can use both the WMI and XML settings individually or together:
**To turn off Enterprise Site Discovery**
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>Off</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>Blank</td>
</tr>
</table>
**Turn on WMI recording only**
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>On</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>Blank</td>
</tr>
</table>
**To turn on XML recording only**
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>Off</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>XML file path</td>
</tr>
</table>
<strong>To turn on both WMI and XML recording</strong>
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>On</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>XML file path</td>
</tr>
</table>
## Use Configuration Manager to collect your data
After youve collected your data, youll need to get the local files off of your employees computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
-OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while youre connected to your client devices.
**To collect your inventory**
1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png)
2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png)
4. Select the check boxes next to the following classes, and then click **OK**:
- IESystemInfo
- IEURLInfo
- IECountInfo
5. Click **OK** to close the default windows.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Collect your hardware inventory using the MOF Editor with a .MOF import file
You can collect your hardware inventory using the MOF Editor and a .MOF import file.
**To collect your inventory**
1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
3. Pick the inventory items to install, and then click **Import**.
4. Click **OK** to close the default windows.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you arent using this version of Configuration Manager, you wont want to use this option.
**To collect your inventory**
1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `<configmanager_install_location>\inboxes\clifiles.src\hinv` directory.
2. Add this text to the end of the file:
```
[SMS_Report (TRUE),
SMS_Group_Name ("IESystemInfo"),
SMS_Class_ID ("MICROSOFT|IESystemInfo|1.0"),
Namespace ("root\\\\cimv2\\\\IETelemetry") ]
Class IESystemInfo: SMS_Class_Template
{
[SMS_Report (TRUE), Key ]
String SystemKey;
[SMS_Report (TRUE) ]
String IEVer;
};
[SMS_Report (TRUE),
SMS_Group_Name ("IEURLInfo"),
SMS_Class_ID ("MICROSOFT|IEURLInfo|1.0"),
Namespace ("root\\\\cimv2\\\\IETelemetry") ]
Class IEURLInfo: SMS_Class_Template
{
[SMS_Report (TRUE), Key ]
String URL;
[SMS_Report (TRUE) ]
String Domain;
[SMS_Report (TRUE) ]
UInt32 DocMode;
[SMS_Report (TRUE) ]
UInt32 DocModeReason;
[SMS_Report (TRUE) ]
UInt32 Zone;
[SMS_Report (TRUE) ]
UInt32 BrowserStateReason;
[SMS_Report (TRUE) ]
String ActiveXGUID[];
[SMS_Report (TRUE) ]
UInt32 CrashCount;
[SMS_Report (TRUE) ]
UInt32 HangCount;
[SMS_Report (TRUE) ]
UInt32 NavigationFailureCount;
[SMS_Report (TRUE) ]
UInt32 NumberOfVisits;
[SMS_Report (TRUE) ]
UInt32 MostRecentNavigationFailure;
};
[SMS_Report (TRUE),
SMS_Group_Name ("IECountInfo"),
SMS_Class_ID ("MICROSOFT|IECountInfo|1.0"),
Namespace ("root\\\\cimv2\\\\IETelemetry") ]
Class IECountInfo: SMS_Class_Template
{
[SMS_Report (TRUE), Key ]
String CountKey;
[SMS_Report (TRUE) ]
UInt32 CrashCount;
[SMS_Report (TRUE) ]
UInt32 HangCount;
[SMS_Report (TRUE) ]
UInt32 NavigationFailureCount;
};
```
3. Save the file and close it to the same location.
Your environment is now ready to collect your hardware inventory and review the sample reports.
## View the sample reports with your collected data
The sample reports, **SCCM Report Sample ActiveX.rdl** and **SCCM Report Sample Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
### SCCM Report Sample ActiveX.rdl
Gives you a list of all of the ActiveX-related sites visited by the client computer.
![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png)
### SCCM Report Sample Site Discovery.rdl
Gives you a list of all of the sites visited by the client computer.
![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png)
## View the collected XML data
After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like:
``` xml
<IETelemetry>
<IECountInfo>
<CrashCount>[dword]</CrashCount>
<HangCount>[dword]</HangCount>
<NavigationFailureCount>[dword]</NavigationFailureCount>
</IECountInfo>
<IEURLInfo>
<URL>[string]</URL>
<ActiveXGUID>
<GUID>[guid]</GUID>
</ActiveXGUID>
<DocModeReason>[dword]</DocModeReason>
<DocMode>[dword]</DocMode>
<NumberOfVisits>[dword]</NumberOfVisits>
<BrowserStateReason>[dword]</BrowserStateReason>
<Zone>[dword]</Zone>
<CrashCount>[dword]</CrashCount>
<HangCount>[dword]</HangCount>
<NavigationFailureCount>[dword]</NavigationFailureCount>
<Domain>[string]</Domain>
<MostRecentNavigationFailure>[dword]</MostRecentNavigationFailure>
</IEURLInfo>
<IEURLInfo></IEURLInfo>
<IEURLInfo></IEURLInfo>
</IETelemetry>
```
You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list.
**To add your XML data to your Enterprise Mode site list**
1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png)
2. Go to your XML file to add the included sites to the tool, and then click **Open**.<br>Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesnt pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
3. Click **OK** to close the **Bulk add sites to the list** menu.
## Turn off data collection on your client devices
After youve collected your data, youll need to turn Enterprise Site Discovery off.
**To stop collecting data, using PowerShell**
- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 IEFeatureOff`.
>**Note**<br>Turning off data collection only disables the Enterprise Site Discovery feature all data already written to WMI stays on your employees computer.
**To stop collecting data, using Group Policy**
1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
### Delete already stored data from client computers
You can completely remove the data stored on your employees computers.
**To delete all existing data**
- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
- `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
- `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo`
- `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo`
- `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
## Related topics
* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
author: dansimp
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
title: Collect data using Enterprise Site Discovery
ms.sitesec: library
ms.date: 07/27/2017
---
# Collect data using Enterprise Site Discovery
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7 with Service Pack 1 (SP1)
Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
>**Upgrade Readiness and Windows upgrades**<br>
>You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
## Before you begin
Before you start, you need to make sure you have the following:
- Latest cumulative security update (for all supported versions of Internet Explorer):
1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
![microsoft security bulletin techcenter](images/securitybulletin-filter.png)
2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
![affected software section](images/affectedsoftware.png)
3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
- Configuration-related PowerShell scripts
- IETelemetry.mof file
- Sample System Center 2012 report templates
You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
## What data is collected?
Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
|Data point |IE11 |IE10 |IE9 |IE8 |Description |
|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. |
|Domain | X | X | X | X |Top-level domain of the browsed site. |
|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. |
|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. |
|Document mode reason | X | X | | |The reason why a document mode was set by IE. |
|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. |
|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. |
|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. |
|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. |
|Number of visits | X | X | X | X |Number of times a site has been visited. |
|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. |
>**Important**<br>By default, IE doesnt collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so theres no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
### Understanding the returned reason codes
The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
#### DocMode reason
The codes in this table can tell you what document mode was set by IE for a webpage.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
|Code |Description |
|-----|------------|
|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
|4 |Page is using an X-UA-compatible meta tag. |
|5 |Page is using an X-UA-compatible HTTP header. |
|6 |Page appears on an active **Compatibility View** list. |
|7 |Page is using native XML parsing. |
|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
|9 |Page state is set by the browser mode and the page's DOCTYPE.|
#### Browser state reason
The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
|Code |Description |
|-----|------------|
|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
|3 |Site appears on an active **Compatibility View** list, created by the user. |
|4 |Page is using an X-UA-compatible tag. |
|5 |Page state is set by the **Developer** toolbar. |
|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
|8 |Site appears on the **Quirks** list, created in Group Policy. |
|11 |Site is using the default browser. |
#### Zone
The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.<br>These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
|Code |Description |
|-----|------------|
|-1 |Internet Explorer is using an invalid zone. |
|0 |Internet Explorer is using the Local machine zone. |
|1 |Internet Explorer is using the Local intranet zone. |
|2 |Internet Explorer is using the Trusted sites zone. |
|3 |Internet Explorer is using the Internet zone. |
|4 |Internet Explorer is using the Restricted sites zone. |
## Where is the data stored and how do I collect it?
The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until its collected. To collect the files, we recommend:
- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
- **XML file**. Any agent that works with XML can be used.
## WMI Site Discovery suggestions
We recommend that you collect your data for at most a month at a time, to capture a users typical workflow. We dont recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computers hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorers performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, youll get about 150MB of data:<p>250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB
>**Important**<br>The data collection process is silent, so theres no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
## Getting ready to use Enterprise Site Discovery
Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
-OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
>**Important**<br>You must run this script if youre using WMI as your data output. It's not necessary if you're using XML as your data output.
**To set up Enterprise Site Discovery**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If youre sure, you can skip this section; otherwise, follow these steps:
**To set up your firewall**
1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
3. Restart your computer to start collecting your WMI data.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you dont want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
**To set up data collection using a domain allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important**<br>Wildcards, like \*.microsoft.com, arent supported.
**To set up data collection using a zone allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
## Use Group Policy to finish setting up Enterprise Site Discovery
You can use Group Policy to finish setting up Enterprise Site Discovery. If you dont want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
>**Note**<br> All of the Group Policy settings can be used individually or as a group.
**To set up Enterprise Site Discovery using Group Policy**
- Open your Group Policy editor, and go to these new settings:
|Setting name and location |Description |Options |
|---------------------------|-------------|---------|
|Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |<ul><li>**On.** Turns on WMI recording.</li><li>**Off.** Turns off WMI recording.</li></ul> |
|Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |<ul><li>**XML file path.** Including this turns on XML recording.</li><li>**Blank.** Turns off XML recording.</li></ul> |
|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:<p>0 Restricted Sites zone<br>0 Internet zone<br>0 Trusted Sites zone<br>0 Local Intranet zone<br>0 Local Machine zone<p>**Example 1:** Include only the Local Intranet zone<p>Binary representation: *00010*, based on:<p>0 Restricted Sites zone<br>0 Internet zone<br>0 Trusted Sites zone<br>1 Local Intranet zone<br>0 Local Machine zone<p>**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones<p>Binary representation: *10110*, based on:<p>1 Restricted Sites zone<br>0 Internet zone<br>1 Trusted Sites zone<br>1 Local Intranet zone<br>1 Local Machine zone |
|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
### Combining WMI and XML Group Policy settings
You can use both the WMI and XML settings individually or together:
**To turn off Enterprise Site Discovery**
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>Off</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>Blank</td>
</tr>
</table>
**Turn on WMI recording only**
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>On</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>Blank</td>
</tr>
</table>
**To turn on XML recording only**
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>Off</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>XML file path</td>
</tr>
</table>
<strong>To turn on both WMI and XML recording</strong>
<table>
<tr>
<th>Setting name</th>
<th>Option</th>
</tr>
<tr>
<td>Turn on Site Discovery WMI output</td>
<td>On</td>
</tr>
<tr>
<td>Turn on Site Discovery XML output</td>
<td>XML file path</td>
</tr>
</table>
## Use Configuration Manager to collect your data
After youve collected your data, youll need to get the local files off of your employees computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
-OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while youre connected to your client devices.
**To collect your inventory**
1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png)
2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png)
4. Select the check boxes next to the following classes, and then click **OK**:
- IESystemInfo
- IEURLInfo
- IECountInfo
5. Click **OK** to close the default windows.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Collect your hardware inventory using the MOF Editor with a .MOF import file
You can collect your hardware inventory using the MOF Editor and a .MOF import file.
**To collect your inventory**
1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
3. Pick the inventory items to install, and then click **Import**.
4. Click **OK** to close the default windows.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you arent using this version of Configuration Manager, you wont want to use this option.
**To collect your inventory**
1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `<configmanager_install_location>\inboxes\clifiles.src\hinv` directory.
2. Add this text to the end of the file:
```
[SMS_Report (TRUE),
SMS_Group_Name ("IESystemInfo"),
SMS_Class_ID ("MICROSOFT|IESystemInfo|1.0"),
Namespace ("root\\\\cimv2\\\\IETelemetry") ]
Class IESystemInfo: SMS_Class_Template
{
[SMS_Report (TRUE), Key ]
String SystemKey;
[SMS_Report (TRUE) ]
String IEVer;
};
[SMS_Report (TRUE),
SMS_Group_Name ("IEURLInfo"),
SMS_Class_ID ("MICROSOFT|IEURLInfo|1.0"),
Namespace ("root\\\\cimv2\\\\IETelemetry") ]
Class IEURLInfo: SMS_Class_Template
{
[SMS_Report (TRUE), Key ]
String URL;
[SMS_Report (TRUE) ]
String Domain;
[SMS_Report (TRUE) ]
UInt32 DocMode;
[SMS_Report (TRUE) ]
UInt32 DocModeReason;
[SMS_Report (TRUE) ]
UInt32 Zone;
[SMS_Report (TRUE) ]
UInt32 BrowserStateReason;
[SMS_Report (TRUE) ]
String ActiveXGUID[];
[SMS_Report (TRUE) ]
UInt32 CrashCount;
[SMS_Report (TRUE) ]
UInt32 HangCount;
[SMS_Report (TRUE) ]
UInt32 NavigationFailureCount;
[SMS_Report (TRUE) ]
UInt32 NumberOfVisits;
[SMS_Report (TRUE) ]
UInt32 MostRecentNavigationFailure;
};
[SMS_Report (TRUE),
SMS_Group_Name ("IECountInfo"),
SMS_Class_ID ("MICROSOFT|IECountInfo|1.0"),
Namespace ("root\\\\cimv2\\\\IETelemetry") ]
Class IECountInfo: SMS_Class_Template
{
[SMS_Report (TRUE), Key ]
String CountKey;
[SMS_Report (TRUE) ]
UInt32 CrashCount;
[SMS_Report (TRUE) ]
UInt32 HangCount;
[SMS_Report (TRUE) ]
UInt32 NavigationFailureCount;
};
```
3. Save the file and close it to the same location.
Your environment is now ready to collect your hardware inventory and review the sample reports.
## View the sample reports with your collected data
The sample reports, **SCCM Report Sample ActiveX.rdl** and **SCCM Report Sample Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
### SCCM Report Sample ActiveX.rdl
Gives you a list of all of the ActiveX-related sites visited by the client computer.
![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png)
### SCCM Report Sample Site Discovery.rdl
Gives you a list of all of the sites visited by the client computer.
![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png)
## View the collected XML data
After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like:
``` xml
<IETelemetry>
<IECountInfo>
<CrashCount>[dword]</CrashCount>
<HangCount>[dword]</HangCount>
<NavigationFailureCount>[dword]</NavigationFailureCount>
</IECountInfo>
<IEURLInfo>
<URL>[string]</URL>
<ActiveXGUID>
<GUID>[guid]</GUID>
</ActiveXGUID>
<DocModeReason>[dword]</DocModeReason>
<DocMode>[dword]</DocMode>
<NumberOfVisits>[dword]</NumberOfVisits>
<BrowserStateReason>[dword]</BrowserStateReason>
<Zone>[dword]</Zone>
<CrashCount>[dword]</CrashCount>
<HangCount>[dword]</HangCount>
<NavigationFailureCount>[dword]</NavigationFailureCount>
<Domain>[string]</Domain>
<MostRecentNavigationFailure>[dword]</MostRecentNavigationFailure>
</IEURLInfo>
<IEURLInfo></IEURLInfo>
<IEURLInfo></IEURLInfo>
</IETelemetry>
```
You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list.
**To add your XML data to your Enterprise Mode site list**
1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png)
2. Go to your XML file to add the included sites to the tool, and then click **Open**.<br>Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesnt pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
3. Click **OK** to close the **Bulk add sites to the list** menu.
## Turn off data collection on your client devices
After youve collected your data, youll need to turn Enterprise Site Discovery off.
**To stop collecting data, using PowerShell**
- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 IEFeatureOff`.
>**Note**<br>Turning off data collection only disables the Enterprise Site Discovery feature all data already written to WMI stays on your employees computer.
**To stop collecting data, using Group Policy**
1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
### Delete already stored data from client computers
You can completely remove the data stored on your employees computers.
**To delete all existing data**
- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
- `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
- `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo`
- `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo`
- `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
## Related topics
* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)

8
devices/hololens/hololens-requirements.md
View File

@ -37,10 +37,10 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
- TTLS-TLS
### Device management
- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4)
- Wi-Fi network
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4)
- Wi-Fi network
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
### Upgrade to Windows Holographic for Business
- HoloLens Enterprise license XML file

4
devices/surface/assettag.md
View File

@ -20,9 +20,9 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices.
## System requirements
- Surface Pro 3 or later
- Surface Pro 3 or later
- UEFI firmware version 3.9.150.0 or later
- UEFI firmware version 3.9.150.0 or later
## Using Surface Asset Tag

26
devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
View File

@ -59,14 +59,14 @@ instant on/instant off functionality typical of smartphones. S0ix, also
known as Deepest Runtime Idle Platform State (DRIPS), is the default
power mode for Surface devices. Modern standby has two modes:
- **Connected standby.** The default mode for up-to-the minute
delivery of emails, messaging, and cloud-synced data, connected
standby keeps Wi-Fi on and maintains network connectivity.
- **Connected standby.** The default mode for up-to-the minute
delivery of emails, messaging, and cloud-synced data, connected
standby keeps Wi-Fi on and maintains network connectivity.
- **Disconnected standby.** An optional mode for extended battery
life, disconnected standby delivers the same instant-on experience
and saves power by turning off Wi-Fi, Bluetooth, and related network
connectivity.
- **Disconnected standby.** An optional mode for extended battery
life, disconnected standby delivers the same instant-on experience
and saves power by turning off Wi-Fi, Bluetooth, and related network
connectivity.
To learn more about modern standby, refer to the [Microsoft Hardware Dev
Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources).
@ -76,13 +76,13 @@ Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/mo
Surface integrates the following features designed to help users
optimize the power management experience:
- [Singular power plan](#singular-power-plan)
- [Singular power plan](#singular-power-plan)
- [Simplified power settings user
interface](#simplified-power-settings-user-interface)
- [Simplified power settings user
interface](#simplified-power-settings-user-interface)
- [Windows performance power
slider](#windows-performance-power-slider)
- [Windows performance power
slider](#windows-performance-power-slider)
### Singular power plan
@ -171,4 +171,4 @@ To learn more, see:
- [Battery
saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver)
- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

10
devices/surface/microsoft-surface-brightness-control.md
View File

@ -25,16 +25,16 @@ designed to help reduce thermal load and lower the overall carbon
footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
includes the following configuration options:
- Period of inactivity before dimming the display.
- Period of inactivity before dimming the display.
- Brightness level when dimmed.
- Brightness level when dimmed.
- Maximum brightness level when in use.
- Maximum brightness level when in use.
**To run Surface Brightness Control:**
- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
will begin working immediately.
- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
will begin working immediately.
## Configuring Surface Brightness Control

20
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -100,25 +100,25 @@ The following steps show you how to create a deployment share for Windows 10 tha
7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
- Download of Windows ADK
- Download of Windows ADK
- Installation of Windows ADK
- Installation of Windows ADK
- Download of MDT
- Download of MDT
- Installation of MDT
- Installation of MDT
- Download of Surface apps and drivers
- Download of Surface apps and drivers
- Creation of the deployment share
- Creation of the deployment share
- Import of Windows installation files into the deployment share
- Import of Windows installation files into the deployment share
- Import of the apps and drivers into the deployment share
- Import of the apps and drivers into the deployment share
- Creation of rules and task sequences for Windows deployment
- Creation of rules and task sequences for Windows deployment
![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window")
![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window")
*Figure 5. The Installation Progress window*

6
education/windows/set-up-windows-10.md
View File

@ -20,9 +20,9 @@ manager: dansimp
- Windows 10
You have two tools to choose from to set up PCs for your classroom:
* Set up School PCs
* Windows Configuration Designer
* Set up School PCs
* Windows Configuration Designer
Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account).
You can use the following diagram to compare the tools.

8
mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md
View File

@ -79,13 +79,13 @@ Click **Next**.
10. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. If you want to customize any of the items in the following list, select **Customize**.
- Edit the file type associations associated with an application.
- Edit the file type associations associated with an application.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Specify the operating systems that can run this package.
- Specify the operating systems that can run this package.
Click **Next**.
Click **Next**.
11. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application that you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. Under the application, select **Shortcuts** to review the shortcut information associated with an application. In the **Location** pane, you can review the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**.

8
mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md
View File

@ -69,13 +69,13 @@ Click **Next**.
11. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 15 of this procedure. If you want to customize any of the items in the following list, select **Customize**.
- Edit the file type associations and the icons associated with an application.
- Edit the file type associations and the icons associated with an application.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Specify the operating systems that can run this package.
- Specify the operating systems that can run this package.
Click **Next**.
Click **Next**.
12. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) and shortcut locations that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. To review the shortcut information associated with an application, under the application, select **Shortcuts**, and in the **Location** pane, you can edit the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**.

4
mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md
View File

@ -43,9 +43,7 @@ You must configure the package converter to always save the package ingredients
Import-Module AppVPkgConverter
```
3.
The following cmdlets are available:
3. The following cmdlets are available:
- Test-AppvLegacyPackage This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.

12
mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md
View File

@ -143,11 +143,11 @@ Click **Next**.
11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Specify the operating systems that can run this package.
- Specify the operating systems that can run this package.
Click **Next**.
Click **Next**.
12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
@ -234,11 +234,11 @@ Click **Next**.
10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
- Optimize how the package will run across a slow or unreliable network.
- Optimize how the package will run across a slow or unreliable network.
- Specify the operating systems that can run this package.
- Specify the operating systems that can run this package.
Click **Next**.
Click **Next**.
11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.

12
mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
View File

@ -128,11 +128,11 @@ Click **Next**.
11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
- Specify the operating systems that can run this package.
- Specify the operating systems that can run this package.
Click **Next**.
Click **Next**.
12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
@ -210,11 +210,11 @@ On the computer that runs the sequencer, click **All Programs**, and then Click
10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
- Optimize how the package will run across a slow or unreliable network.
- Optimize how the package will run across a slow or unreliable network.
- Specify the operating systems that can run this package.
- Specify the operating systems that can run this package.
Click **Next**.
Click **Next**.
11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.

8
mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md
View File

@ -90,13 +90,13 @@ If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the rep
10. Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running, but the page does not display any metadata.
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMAdministrationService/AdministrationService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMAdministrationService/AdministrationService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMUserSupportService/UserSupportService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMUserSupportService/UserSupportService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMComplianceStatusService/StatusReportingService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMComplianceStatusService/StatusReportingService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMRecoveryAndHardwareService/CoreService.svc
- http(s)://&lt; *MBAMAdministrationServerName*&gt;:&lt;*port*&gt;/MBAMRecoveryAndHardwareService/CoreService.svc
## Validating the MBAM Server deployment with the Configuration Manager Integration topology

12
store-for-business/manage-orders-microsoft-store-for-business.md
View File

@ -42,14 +42,14 @@ Refunds work a little differently for free apps, and apps that have a price. In
**Refunds for free apps**
For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory.
For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory.
**Refunds for apps that have a price**
**Refunds for apps that have a price**
There are a few requirements for apps that have a price:
- **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30.
- **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization.
- **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory.
There are a few requirements for apps that have a price:
- **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30.
- **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization.
- **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory.
**To refund an order**

12
windows/application-management/app-v/appv-capacity-planning.md
View File

@ -128,9 +128,9 @@ Computers running the App-V client connect to the App-V publishing server to sen
> [!IMPORTANT]
> The following list displays the main factors to consider when setting up the App-V publishing server:
> * The number of clients connecting simultaneously to a single publishing server.
> * The number of packages in each refresh.
> * The available network bandwidth in your environment between the client and the App-V publishing server.
> * The number of clients connecting simultaneously to a single publishing server.
> * The number of packages in each refresh.
> * The available network bandwidth in your environment between the client and the App-V publishing server.
|Scenario|Summary|
|---|---|
@ -153,9 +153,9 @@ Computers running the App-V client stream the virtual application package from t
> [!IMPORTANT]
> The following list identifies the main factors to consider when setting up the App-V streaming server:
> * The number of clients streaming application packages simultaneously from a single streaming server.
> * The size of the package being streamed.
> * The available network bandwidth in your environment between the client and the streaming server.
> * The number of clients streaming application packages simultaneously from a single streaming server.
> * The size of the package being streamed.
> * The available network bandwidth in your environment between the client and the streaming server.
|Scenario|Summary|
|---|---|

6
windows/client-management/mdm/networkqospolicy-csp.md
View File

@ -49,9 +49,9 @@ The following diagram shows the NetworkQoSPolicy configuration service provider
<p style="margin-left: 20px">Valid values are:
- 0 (default) - Both TCP and UDP
- 1 - TCP
- 2 - UDP
- 0 (default) - Both TCP and UDP
- 1 - TCP
- 2 - UDP
<p style="margin-left: 20px">The data type is int.

10
windows/client-management/mdm/policy-csp-applicationmanagement.md
View File

@ -478,11 +478,11 @@ An XML blob that specifies the application restrictions company want to put to t
>
> Here's additional guidance for the upgrade process:
>
> - Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
> - Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher if you are using it.
> - In the SyncML, you must use lowercase product ID.
> - Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
> - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents).
> - Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
> - Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher if you are using it.
> - In the SyncML, you must use lowercase product ID.
> - Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
> - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents).
An application that is running may not be immediately terminated.

4
windows/client-management/mdm/policy-csp-taskmanager.md
View File

@ -70,8 +70,8 @@ manager: dansimp
This setting determines whether non-administrators can use Task Manager to end tasks.
Value type is integer. Supported values:
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
- 1 - Enabled (default). Users can perform EndTask in TaskManager.
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
- 1 - Enabled (default). Users can perform EndTask in TaskManager.
<!--/Description-->
<!--SupportedValues-->

6
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -30,9 +30,9 @@ Interior node. Supported operation is Get.
<a href="" id="allowwindowsdefenderapplicationguard"></a>**Settings/AllowWindowsDefenderApplicationGuard**
Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

8
windows/configuration/start-layout-troubleshoot.md
View File

@ -233,10 +233,10 @@ XML files can and should be tested locally on a Hyper-V or other virtual machine
- User-initiated changes to the start layout are not roamed.
Specifically, behaviors include
- Applications (apps or icons) pinned to the start menu are missing.
- Entire tile window disappears.
- The start button fails to respond.
- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
- Applications (apps or icons) pinned to the start menu are missing.
- Entire tile window disappears.
- The start button fails to respond.
- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
![Example of a working layout](images/start-ts-3.png)

2
windows/configuration/wcd/wcd-messaging.md
View File

@ -357,4 +357,4 @@ For networks that require non-standard handling of single-segment incoming MMS W
## Related topics
- [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms)
- [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms)

72
windows/deployment/upgrade/setupdiag.md
View File

@ -319,54 +319,54 @@ Each rule name and its associated unique rule identifier are listed with a descr
## Release notes
06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.
- All date and time outputs are updated to localized format per user request.
- Added setup Operation and Phase information to /verbose log.
- Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below).
- Performance improvement in searching setupact.logs to determine correct log to parse.
- Added SetupDiag version number to text report (xml and json always had it).
- Added "no match" reports for xml and json per user request.
- Formatted Json output for easy readability.
- Performance improvements when searching for setup logs; this should be much faster now.
- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
- The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
- This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so its always up to date.
- This registry key also gets deleted when a new update instance is invoked.
- For an example, see [Sample registry key](#sample-registry-key).
- All date and time outputs are updated to localized format per user request.
- Added setup Operation and Phase information to /verbose log.
- Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below).
- Performance improvement in searching setupact.logs to determine correct log to parse.
- Added SetupDiag version number to text report (xml and json always had it).
- Added "no match" reports for xml and json per user request.
- Formatted Json output for easy readability.
- Performance improvements when searching for setup logs; this should be much faster now.
- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
- The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
- This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so its always up to date.
- This registry key also gets deleted when a new update instance is invoked.
- For an example, see [Sample registry key](#sample-registry-key).
05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
- This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset).
- This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset).
12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
- The FindDownlevelFailure rule is up to 10x faster.
- New rules have been added to analyze failures upgrading to Windows 10 version 1809.
- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
- Some functional and output improvements were made for several rules.
- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
- The FindDownlevelFailure rule is up to 10x faster.
- New rules have been added to analyze failures upgrading to Windows 10 version 1809.
- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
- Some functional and output improvements were made for several rules.
07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
- New feature: Ability to output logs in JSON and XML format.
- Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
- If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
- New feature: Ability to output logs in JSON and XML format.
- Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
- If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
- Fixed a bug in device install failure detection in online mode.
- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
- Fixed a bug in device install failure detection in online mode.
- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center.
- A performance enhancment has been added to result in faster rule processing.
- Rules output now includes links to support articles, if applicable.
- SetupDiag now provides the path and name of files that it is processing.
- You can now run SetupDiag by simply clicking on it and then examining the output log file.
- An output log file is now always created, whether or not a rule was matched.
- A performance enhancment has been added to result in faster rule processing.
- Rules output now includes links to support articles, if applicable.
- SetupDiag now provides the path and name of files that it is processing.
- You can now run SetupDiag by simply clicking on it and then examining the output log file.
- An output log file is now always created, whether or not a rule was matched.
03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.

14
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -84,13 +84,13 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
- [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service).
- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
- [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service).
Additionally, the following are also recommended (but not required):
- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).

26
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -1049,11 +1049,11 @@ To turn off dictation of your voice, speaking to Cortana and other apps, and to
If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models:
- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
-or-
- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
@ -1415,11 +1415,11 @@ In the **Inking & Typing** area you can configure the functionality as such:
To turn off Inking & Typing data collection (note: there is no Group Policy for this setting):
- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off**
- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off**
-or-
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
### <a href="" id="bkmk-act-history"></a>18.22 Activity History
@ -1484,29 +1484,29 @@ To turn this Off in the UI:
Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
**For Windows 10:**
**For Windows 10:**
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
-or-
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
**For Windows Server 2019 or later:**
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
-or-
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
**For Windows Server 2016:**
- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
>[!NOTE]
>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
>The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
>[!NOTE]
>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
>The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
### <a href="" id="bkmk-storage-health"></a>20. Storage health

2
windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
View File

@ -71,7 +71,7 @@ Azure AD Join is intended for organizations that desire to be cloud-first or clo
[Join Type](#join-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined)
### More information
- [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction).
- [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction).
[Return to Top](hello-how-it-works-technology.md)
## Azure AD Registered

14
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
View File

@ -309,13 +309,13 @@ Sign-in a workstation with access equivalent to a _domain user_.
![Intune Windows Hello for Business policy settings](images/aadj/IntuneWHFBPolicy-01.png)
11. Select the appropriate configuration for the following settings.
* **Lowercase letters in PIN**
* **Uppercase letters in PIN**
* **Special characters in PIN**
* **PIN expiration (days)**
* **Remember PIN history**
> [!NOTE]
> The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
* **Lowercase letters in PIN**
* **Uppercase letters in PIN**
* **Special characters in PIN**
* **PIN expiration (days)**
* **Remember PIN history**
> [!NOTE]
> The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
12. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**.
13. Select **No** to **Allow phone sign-in**. This feature has been deprecated.

6
windows/security/identity-protection/hello-for-business/passwordless-strategy.md
View File

@ -34,9 +34,9 @@ With Windows Hello for Business and passwords coexisting in your environment, th
### 3. Transition into a passwordless deployment
Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where:
- the users never type their password
- the users never change their password
- the users do not know their password
- the users never type their password
- the users never change their password
- the users do not know their password
In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.

6
windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
View File

@ -24,11 +24,11 @@ The Windows 10 operating system improves most existing security features in the
**See also:**
- [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
- [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
- [TPM Fundamentals](tpm-fundamentals.md)
- [TPM Fundamentals](tpm-fundamentals.md)
- [TPM Recommendations](tpm-recommendations.md)
- [TPM Recommendations](tpm-recommendations.md)
## TPM Overview

40
windows/security/threat-protection/fips-140-validation.md
View File

@ -18,14 +18,14 @@ ms.reviewer:
On this page
- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo)
- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd)
- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd)
- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve)
- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac)
- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac)
- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac)
- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg)
- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo)
- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd)
- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd)
- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve)
- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac)
- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac)
- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac)
- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg)
Updated: March 2018
@ -103,12 +103,12 @@ Rather than validate individual components and products, Microsoft chooses to va
The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules:
- Schannel Security Package
- Remote Desktop Protocol (RDP) Client
- Encrypting File System (EFS)
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
- BitLocker® Drive Full-volume Encryption
- IPsec Settings of Windows Firewall
- Schannel Security Package
- Remote Desktop Protocol (RDP) Client
- Encrypting File System (EFS)
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
- BitLocker® Drive Full-volume Encryption
- IPsec Settings of Windows Firewall
## Information for System Integrators
@ -145,12 +145,12 @@ While there are alternative methods for setting the FIPS local/group security po
The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy.
- Schannel Security Package
- Remote Desktop Protocol (RDP) Client
- Encrypting File System (EFS)
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
- BitLocker® Drive Full-volume Encryption
- IPsec Settings of Windows Firewall
- Schannel Security Package
- Remote Desktop Protocol (RDP) Client
- Encrypting File System (EFS)
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
- BitLocker® Drive Full-volume Encryption
- IPsec Settings of Windows Firewall
#### Effects of Setting FIPS Local/Group Security Policy Flag

4
windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
View File

@ -143,8 +143,8 @@ For more information, see [Create rules for alert notifications](configure-email
These check boxes must be checked:
- **Include organization name** - The customer name will be added to email notifications
- **Include tenant-specific portal link** - Alert link URL will have tenant specific parameter (tid=target_tenant_id) that allows direct access to target tenant portal
- **Include organization name** - The customer name will be added to email notifications
- **Include tenant-specific portal link** - Alert link URL will have tenant specific parameter (tid=target_tenant_id) that allows direct access to target tenant portal
## Fetch alerts from MSSP customer's tenant into the SIEM system

14
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -36,17 +36,17 @@ The embedded Microsoft Defender ATP sensor runs in system context using the Loca
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) Internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
- Auto-discovery methods:
- Transparent proxy
- Web Proxy Auto-discovery Protocol (WPAD)
- Auto-discovery methods:
- Transparent proxy
- Web Proxy Auto-discovery Protocol (WPAD)
> [!NOTE]
> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
- Manual static proxy configuration:
- Registry based configuration
- WinHTTP configured using netsh command Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
- Manual static proxy configuration:
- Registry based configuration
- WinHTTP configured using netsh command Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
@ -182,4 +182,4 @@ However, if the connectivity check results indicate a failure, an HTTP error is
## Related topics
- [Onboard Windows 10 machines](configure-endpoints.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)

22
windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
View File

@ -49,19 +49,19 @@ When you add a machine to your environment, Microsoft Defender ATP sets up a wel
The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side.
The following security components are pre-configured in the test machines:
The following security components are pre-configured in the test machines:
- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)
- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus)
- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)
- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)
- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus)
- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)
- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
>[!NOTE]
> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
>[!NOTE]
> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md).

6
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
View File

@ -26,9 +26,9 @@ ms.date: 09/24/2018
Full scenario using multiple APIs from Microsoft Defender ATP.
In this section we share PowerShell samples to
- Retrieve a token
- Use token to retrieve the latest alerts in Microsoft Defender ATP
- For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL.
- Retrieve a token
- Use token to retrieve the latest alerts in Microsoft Defender ATP
- For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL.
>**Prerequisite**: You first need to [create an app](apis-intro.md).

4
windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
View File

@ -53,8 +53,8 @@ Do you expect a machine to be in Active status? [Open a support ticket](ht
## Misconfigured machines
Misconfigured machines can further be classified to:
- Impaired communications
- No sensor data
- Impaired communications
- No sensor data
### Impaired communications
This status indicates that there's limited communication between the machine and the service.

12
windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
View File

@ -32,13 +32,13 @@ ms.topic: conceptual
Follow the corresponding instructions depending on your preferred deployment method.
## Offboard Windows 10 machines
- [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script)
- [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy)
- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
- [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script)
- [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy)
- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
## Offboard Servers
- [Offboard servers](configure-server-endpoints.md#offboard-servers)
- [Offboard servers](configure-server-endpoints.md#offboard-servers)
## Offboard non-Windows machines
- [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines)
- [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines)

6
windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
View File

@ -44,9 +44,9 @@ In the context of Microsoft Defender ATP, alert definitions are containers for I
Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender ATP console.
Here is an example of an IOC:
- Type: Sha1
- Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56
- Action: Equals
- Type: Sha1
- Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56
- Action: Equals
IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.

6
windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
View File

@ -296,9 +296,9 @@ You might also need to check the following:
## Licensing requirements
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
- Windows 10 Education E5
- Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
- Windows 10 Enterprise E5
- Windows 10 Education E5
- Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).

2
windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
View File

@ -191,7 +191,7 @@ This setting will prevent a scan from occurring after receiving an update. You c
### Enable headless UI mode
- Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users.
- Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users.

4
windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Add rules for packaged apps to existing AppLocker rule-set
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).

4
windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 02/28/2019
# Administer AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker architecture and components
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professional describes AppLockers basic architecture and its major components.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker functions
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
View File

@ -20,8 +20,8 @@ ms.date: 10/16/2017
# AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
View File

@ -21,8 +21,8 @@ ms.date: 09/21/2017
# AppLocker deployment guide
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker design guide
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker policy use scenarios
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker processes and interactions
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker settings
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional lists the settings used by AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# AppLocker technical reference
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This overview topic for IT professionals provides links to the topics in the technical reference.
AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.

4
windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
View File

@ -20,8 +20,8 @@ ms.date: 06/08/2018
# Configure an AppLocker policy for audit only
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Configure an AppLocker policy for enforce rules
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.

4
windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Add exceptions for an AppLocker rule
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.

4
windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Configure the AppLocker reference device
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.

4
windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
View File

@ -20,8 +20,8 @@ ms.date: 04/02/2018
# Configure the Application Identity service
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create a rule for packaged apps
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create a rule that uses a file hash condition
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create a rule that uses a path condition
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals shows how to create an AppLocker rule with a path condition.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create a rule that uses a publisher condition
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create AppLocker default rules
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create a list of apps deployed to each business group
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create Your AppLocker policies
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.

4
windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Create Your AppLocker rules
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.

4
windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
View File

@ -20,8 +20,8 @@ ms.date: 08/02/2018
# Delete an AppLocker rule
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to delete an AppLocker rule.

4
windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Deploy AppLocker policies by using the enforce rules setting
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.

4
windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Deploy the AppLocker policy into production
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.

4
windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Determine the Group Policy structure and rule enforcement
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This overview topic describes the process to follow when you are planning to deploy AppLocker rules.

4
windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Determine which apps are digitally signed on a reference device
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.

4
windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Determine your application control objectives
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Display a custom URL message when users try to run a blocked app
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.

4
windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# DLL rules in AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic describes the file formats and available default rules for the DLL rule collection.

4
windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Document the Group Policy structure and AppLocker rule enforcement
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Document your app list
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Document your AppLocker rules
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.

4
windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Edit an AppLocker policy
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps required to modify an AppLocker policy.

4
windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Edit AppLocker rules
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Enable the DLL rule collection
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Enforce AppLocker rules
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes how to enforce application control rules by using AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Executable rules in AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic describes the file formats and available default rules for the executable rule collection.

4
windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Export an AppLocker policy from a GPO
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.

4
windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Export an AppLocker policy to an XML file
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.

4
windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# How AppLocker works
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Import an AppLocker policy from another computer
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes how to import an AppLocker policy.

4
windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Import an AppLocker policy into a GPO
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).

4
windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Maintain AppLocker policies
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic describes how to maintain rules within AppLocker policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Manage packaged apps with AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.

4
windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Merge AppLocker policies by using Set-ApplockerPolicy
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.

4
windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Merge AppLocker policies manually
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).

4
windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Monitor app usage with AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.

4
windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Optimize AppLocker performance
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes how to optimize AppLocker policy enforcement.

4
windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 10/13/2017
# Packaged apps and packaged app installer rules in AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic explains the AppLocker rule collection for packaged app installers and packaged apps.

4
windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Plan for AppLocker policy management
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Refresh an AppLocker policy
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to force an update for an AppLocker policy.

4
windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Requirements for deploying AppLocker policies
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.

4
windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Requirements to use AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.

4
windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Run the Automatically Generate Rules wizard
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.

4
windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Script rules in AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic describes the file formats and available default rules for the script rule collection.

4
windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Security considerations for AppLocker
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Select the types of rules to create
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic lists resources you can use when selecting your application control policy rules by using AppLocker.

4
windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
View File

@ -20,8 +20,8 @@ ms.date: 09/21/2017
# Test an AppLocker policy by using Test-AppLockerPolicy
**Applies to**
- Windows 10
- Windows Server
- Windows 10
- Windows Server
This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.

Some files were not shown because too many files have changed in this diff Show More