deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

resolving conflicts

Browse Source
This commit is contained in:
Dani Halfin 2019-04-23 11:15:23 -07:00
commit 95768abe55
311 changed files with 1869 additions and 1497 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

397
.openpublishing.publish.config.json
View File

@ -2,46 +2,13 @@
"build_entry_point": "",
"docsets_to_publish": [
{
"docset_name": "bcs-VSTS",
"build_source_folder": "bcs",
"build_output_subfolder": "bcs-VSTS",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "education-VSTS",
"docset_name": "education",
"build_source_folder": "education",
"build_output_subfolder": "education-VSTS",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "eula-vsts",
"build_source_folder": "windows/eulas",
"build_output_subfolder": "eula-vsts",
"build_output_subfolder": "education",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": false,
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -51,44 +18,12 @@
"template_folder": "_themes"
},
{
"docset_name": "gdpr",
"build_source_folder": "gdpr",
"build_output_subfolder": "gdpr",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "internet-explorer-VSTS",
"build_source_folder": "browsers/internet-explorer",
"build_output_subfolder": "internet-explorer-VSTS",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "itpro-hololens-VSTS",
"docset_name": "hololens",
"build_source_folder": "devices/hololens",
"build_output_subfolder": "itpro-hololens-VSTS",
"build_output_subfolder": "hololens",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -96,35 +31,32 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "keep-secure-VSTS",
"docset_name": "internet-explorer",
"build_source_folder": "browsers/internet-explorer",
"build_output_subfolder": "internet-explorer",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "keep-secure",
"build_source_folder": "windows/keep-secure",
"build_output_subfolder": "keep-secure-VSTS",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "known-issues",
"build_source_folder": "windows/known-issues",
"build_output_subfolder": "known-issues",
"build_output_subfolder": "keep-secure",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": false,
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -134,11 +66,12 @@
"template_folder": "_themes"
},
{
"docset_name": "mdop-VSTS",
"docset_name": "mdop",
"build_source_folder": "mdop",
"build_output_subfolder": "mdop-VSTS",
"build_output_subfolder": "mdop",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -146,31 +79,12 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "microsoft-edge-VSTS",
"docset_name": "microsoft-edge",
"build_source_folder": "browsers/edge",
"build_output_subfolder": "microsoft-edge-VSTS",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "privacy",
"build_source_folder": "windows/privacy",
"build_output_subfolder": "privacy",
"build_output_subfolder": "microsoft-edge",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
@ -184,9 +98,9 @@
"template_folder": "_themes"
},
{
"docset_name": "security",
"build_source_folder": "windows/security",
"build_output_subfolder": "security",
"docset_name": "release-information",
"build_source_folder": "windows/release-information",
"build_output_subfolder": "release-information",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
@ -194,18 +108,18 @@
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content",
"LandingData": "Content"
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "smb-VSTS",
"docset_name": "smb",
"build_source_folder": "smb",
"build_output_subfolder": "smb-VSTS",
"build_output_subfolder": "smb",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -213,16 +127,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "store-for-business-VSTS",
"docset_name": "store-for-business",
"build_source_folder": "store-for-business",
"build_output_subfolder": "store-for-business-VSTS",
"build_output_subfolder": "store-for-business",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -230,33 +143,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "surface-hub-VSTS",
"build_source_folder": "devices/surface-hub",
"build_output_subfolder": "surface-hub-VSTS",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "surface-VSTS",
"docset_name": "surface",
"build_source_folder": "devices/surface",
"build_output_subfolder": "surface-VSTS",
"build_output_subfolder": "surface",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -264,16 +159,31 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-access-protection-VSTS",
"docset_name": "surface-hub",
"build_source_folder": "devices/surface-hub",
"build_output_subfolder": "surface-hub",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "win-access-protection",
"build_source_folder": "windows/access-protection",
"build_output_subfolder": "win-access-protection-VSTS",
"build_output_subfolder": "win-access-protection",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -281,16 +191,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-app-management-VSTS",
"docset_name": "win-app-management",
"build_source_folder": "windows/application-management",
"build_output_subfolder": "win-app-management-VSTS",
"build_output_subfolder": "win-app-management",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -298,16 +207,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-client-management-VSTS",
"docset_name": "win-client-management",
"build_source_folder": "windows/client-management",
"build_output_subfolder": "win-client-management-VSTS",
"build_output_subfolder": "win-client-management",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -315,16 +223,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-configuration-VSTS",
"docset_name": "win-configuration",
"build_source_folder": "windows/configuration",
"build_output_subfolder": "win-configuration-VSTS",
"build_output_subfolder": "win-configuration",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -332,16 +239,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-development-VSTS",
"docset_name": "win-deployment",
"build_source_folder": "windows/deployment",
"build_output_subfolder": "win-development-VSTS",
"build_output_subfolder": "win-deployment",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -349,16 +255,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-device-security-VSTS",
"docset_name": "win-device-security",
"build_source_folder": "windows/device-security",
"build_output_subfolder": "win-device-security-VSTS",
"build_output_subfolder": "win-device-security",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -366,16 +271,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "windows-configure-VSTS",
"docset_name": "windows-configure",
"build_source_folder": "windows/configure",
"build_output_subfolder": "windows-configure-VSTS",
"build_output_subfolder": "windows-configure",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -383,16 +287,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "windows-deploy-VSTS",
"docset_name": "windows-deploy",
"build_source_folder": "windows/deploy",
"build_output_subfolder": "windows-deploy-VSTS",
"build_output_subfolder": "windows-deploy",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -400,16 +303,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "windows-hub-VSTS",
"docset_name": "windows-hub",
"build_source_folder": "windows/hub",
"build_output_subfolder": "windows-hub-VSTS",
"build_output_subfolder": "windows-hub",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -417,16 +319,31 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "windows-manage-VSTS",
"docset_name": "windows-known-issues",
"build_source_folder": "windows/known-issues",
"build_output_subfolder": "windows-known-issues",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "windows-manage",
"build_source_folder": "windows/manage",
"build_output_subfolder": "windows-manage-VSTS",
"build_output_subfolder": "windows-manage",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -434,16 +351,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "windows-plan-VSTS",
"docset_name": "windows-plan",
"build_source_folder": "windows/plan",
"build_output_subfolder": "windows-plan-VSTS",
"build_output_subfolder": "windows-plan",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -451,16 +367,47 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "windows-update-VSTS",
"docset_name": "windows-privacy",
"build_source_folder": "windows/privacy",
"build_output_subfolder": "windows-privacy",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "windows-security",
"build_source_folder": "windows/security",
"build_output_subfolder": "windows-security",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes"
},
{
"docset_name": "windows-update",
"build_source_folder": "windows/update",
"build_output_subfolder": "windows-update-VSTS",
"build_output_subfolder": "windows-update",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -468,16 +415,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-threat-protection-VSTS",
"docset_name": "win-threat-protection",
"build_source_folder": "windows/threat-protection",
"build_output_subfolder": "win-threat-protection-VSTS",
"build_output_subfolder": "win-threat-protection",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -485,16 +431,15 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
},
{
"docset_name": "win-whats-new-VSTS",
"docset_name": "win-whats-new",
"build_source_folder": "windows/whats-new",
"build_output_subfolder": "win-whats-new-VSTS",
"build_output_subfolder": "win-whats-new",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
@ -502,9 +447,7 @@
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
"template_folder": "_themes"
}
],
"notification_subscribers": [
@ -544,10 +487,6 @@
"master": [
"Publish",
"Pdf"
],
"atp-api-danm": [
"Publish",
"Pdf"
]
},
"need_generate_pdf_url_template": true,

20
.openpublishing.redirection.json
View File

@ -6,21 +6,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-security-baselines.md",
"redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md",
"redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/get-support-for-security-baselines.md",
"redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np",
"redirect_document_id": true
@ -13959,5 +13944,10 @@
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
"redirect_document_id": true
},
]
}

3
browsers/edge/docfx.json
View File

@ -24,7 +24,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.microsoft-edge"
"depot_name": "Win.microsoft-edge",
"folder_relative_path_in_docset": "./"
}
}
},

3
browsers/internet-explorer/docfx.json
View File

@ -27,7 +27,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.internet-explorer"
"depot_name": "Win.internet-explorer",
"folder_relative_path_in_docset": "./"
}
}
},

2
devices/hololens/TOC.md
View File

@ -12,6 +12,6 @@
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
## [Restart, reset, or recover HoloLens 2](hololens-recovery.md)
## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
## [How HoloLens stores data for spaces](hololens-spaces.md)
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

2
devices/hololens/change-history-hololens.md
View File

@ -19,7 +19,7 @@ This topic lists new and updated topics in the [Microsoft HoloLens documentation
New or changed topic | Description
--- | ---
[Restart, reset, or recover HoloLens 2](hololens-recovery.md) | New
[Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) | New
## November 2018

3
devices/hololens/docfx.json
View File

@ -40,7 +40,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.itpro-hololens"
"depot_name": "Win.itpro-hololens",
"folder_relative_path_in_docset": "./"
}
}
},

6
devices/hololens/hololens-recovery.md
View File

@ -1,5 +1,5 @@
---
title: Restart, reset, or recover HoloLens 2
title: Restore HoloLens 2 using Advanced Recovery Companion
description: How to use Advanced Recovery Companion to flash an image to HoloLens 2.
ms.prod: hololens
ms.sitesec: library
@ -9,7 +9,7 @@ ms.topic: article
ms.localizationpriority: medium
---
# Restart, reset, or recover HoloLens 2
# Restore HoloLens 2 using Advanced Recovery Companion
>[!TIP]
>If you're having issues with HoloLens (the first device released), see [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens). Advanced Recovery Companion is only supported for HoloLens 2.
@ -49,7 +49,7 @@ To reset your HoloLens 2, go to **Settings > Update > Reset** and select **Reset
If the device is still having a problem after reset, you can use Advanced Recovery Companion to flash the device with a new image.
1. On your computer, get [Advanced Recovery Companion](need store link) from Microsoft Store.
1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store.
2. Connect HoloLens 2 to your computer.
3. Start Advanced Recovery Companion.
4. On the **Welcome** page, select your device.

1
devices/surface-hub/TOC.md
View File

@ -41,6 +41,7 @@
### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md)
### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md)
### [Using a room control system](use-room-control-system-with-surface-hub.md)
### [Implement Quality of Service on Surface Hub](surface-hub-qos.md)
### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md)
### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md)
## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)

7
devices/surface-hub/admin-group-management-for-surface-hub.md
View File

@ -64,8 +64,11 @@ Surface Hubs use Azure AD join to:
- Grant admin rights to the appropriate users in your Azure AD tenant.
- Backup the device's BitLocker recovery key by storing it under the account that was used to Azure AD join the device. See [Save your BitLocker key](save-bitlocker-key-surface-hub.md) for details.
> [!IMPORTANT]
> Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD.
### Automatic enrollment via Azure Active Directory join
Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory.
For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
### Which should I choose?

1
devices/surface-hub/change-history-surface-hub.md
View File

@ -22,6 +22,7 @@ New or changed topic | Description
[Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
[Technical information for 84” Microsoft Surface Hub ](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | New; previously available for download only
[Implement Quality of Service on Surface Hub](surface-hub-qos.md) | New
## July 2018

3
devices/surface-hub/docfx.json
View File

@ -29,7 +29,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface-hub"
"depot_name": "Win.surface-hub",
"folder_relative_path_in_docset": "./"
}
}
},

BIN
devices/surface-hub/images/qos-create.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
devices/surface-hub/images/qos-setting.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

51
devices/surface-hub/surface-hub-qos.md Normal file
View File

@ -0,0 +1,51 @@
---
title: Implement Quality of Service on Surface Hub
description: Learn how to configure QoS on Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.localizationpriority: medium
---
# Implement Quality of Service (QoS) on Surface Hub
Quality of Service (QoS) is a combination of network technologies that allows the administrators to optimize the experience of real time audio/video and application sharing communications.
Configuring [QoS for Skype for Business](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp) on the Surface Hub can be done using your [mobile device management (MDM) provider](manage-settings-with-mdm-for-surface-hub.md) or through a [provisioning package](provisioning-packages-for-surface-hub.md).
This procedure explains how to configure QoS for Surface Hub using Microsoft Intune.
1. In Intune, [create a custom policy](https://docs.microsoft.com/intune/custom-settings-configure).
![Screenshot of custom policy creation dialog in Intune](images/qos-create.png)
2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), data type, OMA-URI, and value.
![Screenshot of a blank OMA-URI setting dialog box](images/qos-setting.png)
3. Add the following custom OMA-URI settings:
Name | Data type | OMA-URI<br>./Device/Vendor/MSFT/NetworkQoSPolicy | Value
--- | --- | --- | ---
Audio Source Port | String | /HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator
Audio DSCP | Integer | /HubAudio/DSCPAction | 46
Video Source Port | String | /HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator
Video DSCP | Integer | /HubVideo/DSCPAction | 34
Audio Process Name | String | /HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe
Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe
>[!IMPORTANT]
>Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be `./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition`.
4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm)
>[!WARNING]
>Currently, you cannot configure the setting **IPProtocolMatchCondition** in the [NetworkQoSPolicy CSP](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). If this setting is configured, the policy will fail to apply.

3
devices/surface/docfx.json
View File

@ -26,7 +26,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface"
"depot_name": "Win.surface",
"folder_relative_path_in_docset": "./"
}
}
},

3
education/docfx.json
View File

@ -26,7 +26,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.education"
"depot_name": "Win.education",
"folder_relative_path_in_docset": "./"
}
}
},

3
mdop/docfx.json
View File

@ -27,7 +27,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.mdop"
"depot_name": "Win.mdop",
"folder_relative_path_in_docset": "./"
}
}
},

3
smb/docfx.json
View File

@ -36,7 +36,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "TechNet.smb"
"depot_name": "TechNet.smb",
"folder_relative_path_in_docset": "./"
}
}
},

9
store-for-business/distribute-offline-apps.md
View File

@ -63,9 +63,12 @@ There are several items to download or create for offline-licensed apps. The app
**To download an offline-licensed app**
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click **Manage**, and then choose **Apps & software**.
3. Refine results by **License type** to show apps with offline licenses.
4. Find the app you want to download, click the ellipses under **Actions**, and then choose **Download for offline use**.
2. Click **Manage**.
3. Under **Shopping Experience**, set **Show offline apps** to **On**.
4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click **Get the app**, which will add the app to your inventory.
5. Click **Manage**. You now have access to download the appx bundle package metadata and license file.
6. Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
- **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional.
- **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required.
- **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required.

3
store-for-business/docfx.json
View File

@ -43,7 +43,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.store-for-business"
"depot_name": "MSDN.store-for-business",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/access-protection/docfx.json
View File

@ -38,7 +38,8 @@
"ms.author": "justinha",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-access-protection"
"depot_name": "MSDN.win-access-protection",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/application-management/docfx.json
View File

@ -41,7 +41,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-app-management"
"depot_name": "MSDN.win-app-management",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/client-management/docfx.json
View File

@ -40,7 +40,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-client-management"
"depot_name": "MSDN.win-client-management",
"folder_relative_path_in_docset": "./"
}
}
},

2
windows/client-management/mdm/bitlocker-csp.md
View File

@ -429,7 +429,7 @@ The following diagram shows the BitLocker configuration service provider in tree
<p style="margin-left: 20px">The possible values for 'xx' are:</p>
- 0 = Empty
- 1 = Use default recovery message and URL.
- 1 = Use default recovery message and URL (in this case you don't need to specify a value for "RecoveryMessage_Input" or "RecoveryUrl_Input").
- 2 = Custom recovery message is set.
- 3 = Custom recovery URL is set.
- 'yy' = string of max length 900.

6
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -338,7 +338,7 @@ Delete a provider
</SyncML>
```
<a href="" id="etwlog-collectors-collectorname-providers-provderguid-tracelevel"></a>**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/TraceLevel**
<a href="" id="etwlog-collectors-collectorname-providers-providerguid-tracelevel"></a>**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel**
Specifies the level of detail included in the trace log.
The data type is an integer.
@ -407,7 +407,7 @@ Set provider **TraceLevel**
</SyncML>
```
<a href="" id="etwlog-collectors-collectorname-providers-provderguid-keywords"></a>**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/Keywords**
<a href="" id="etwlog-collectors-collectorname-providers-providerguid-keywords"></a>**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords**
Specifies the provider keywords to be used as MatchAnyKeyword for this provider.
the data type is a string.
@ -461,7 +461,7 @@ Set provider **Keywords**
</SyncML>
```
<a href="" id="etwlog-collectors-collectorname-providers-provderguid-state"></a>**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/State**
<a href="" id="etwlog-collectors-collectorname-providers-providerguid-state"></a>**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State**
Specifies if this provider is enabled in the trace session.
The data type is a boolean.

4
windows/client-management/mdm/networkproxy-csp.md
View File

@ -76,8 +76,8 @@ The data type is string. Supported operations are Get and Replace. Starting in W
Specifies whether the proxy server should be used for local (intranet) addresses. 
Valid values:
<ul>
<li>0 (default) - Do not use proxy server for local addresses</li>
<li>1 - Use proxy server for local addresses</li>
<li>0 (default) - Use proxy server for local addresses</li>
<li>1 - Do not use proxy server for local addresses</li>
</ul>
The data type is int. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.

9
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -66,6 +66,15 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
```
<Data></Data>
```
If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (`<![CDATA[...]]>`) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator.
> [!Note]
> `&#xF000;` is the entity encoding of 0xF000.
For example, the following syntax grants user rights to Authenticated Users and Replicator user groups:
```
<![CDATA[Authenticated Users&#xF000;Replicator]]>
```
<hr/>

2
windows/client-management/mdm/vpnv2-csp.md
View File

@ -401,7 +401,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.
<a href="" id="vpnv2-profilename-pluginprofile-serverurllist"></a>**VPNv2/***ProfileName***/PluginProfile/ServerUrlList**
Required for plug-in profiles. Comma separated list of servers in URL, hostname, or IP format.
Required for plug-in profiles. Semicolon-separated list of servers in URL, hostname, or IP format.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.

1
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -20,6 +20,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
New or changed topic | Description
--- | ---
[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Added information for Shell Launcher v2, coming in the next feature update to Windows 10.
[Prepare a device for kiosk configuration](kiosk-prepare.md) | Added new recommendations for policies to manage updates.
## February 2019

3
windows/configuration/docfx.json
View File

@ -41,7 +41,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-configuration"
"depot_name": "MSDN.win-configuration",
"folder_relative_path_in_docset": "./"
}
}
},

BIN
windows/configuration/images/slv2-oma-uri.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

3
windows/configuration/kiosk-additional-reference.md
View File

@ -8,7 +8,6 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
ms.date: 09/13/2018
ms.topic: reference
---
@ -30,7 +29,7 @@ Topic | Description
[Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
[Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
[Use AppLocker to create a Windows 10 kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps.
[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface.
[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
[Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
[Troubleshoot kiosk mode issues](kiosk-troubleshoot.md) | Tips for troubleshooting multi-app kiosk configuration.

6
windows/configuration/kiosk-methods.md
View File

@ -12,6 +12,9 @@ ms.topic: article
# Configure kiosks and digital signs on Windows desktop editions
>[!WARNING]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. Windows 10 offers two different locked-down experiences for public or specialized use:
| | |
@ -43,6 +46,7 @@ You can use this method | For this edition | For this kiosk account type
[Assigned access cmdlets](kiosk-single-app.md#powershell) | Pro, Ent, Edu | Local standard user
[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Azure AD
[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Azure AD
[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Azure AD
<span id="classic" />
## Methods for a single-app kiosk running a Windows desktop application
@ -50,8 +54,8 @@ You can use this method | For this edition | For this kiosk account type
You can use this method | For this edition | For this kiosk account type
--- | --- | ---
[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Azure AD
[Shell Launcher](kiosk-shelllauncher.md) | Ent, Edu | Local standard user, Active Directory, Azure AD
[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Azure AD
[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Azure AD
<span id="desktop" />
## Methods for a multi-app kiosk

109
windows/configuration/kiosk-shelllauncher.md
View File

@ -1,6 +1,6 @@
---
title: Use Shell Launcher to create a Windows 10 kiosk (Windows 10)
description: A single-use device such as a digital sign is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
ms.prod: w10
@ -8,7 +8,6 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
ms.date: 10/01/2018
ms.topic: article
---
@ -16,26 +15,36 @@ ms.topic: article
**Applies to**
>App type: Windows desktop application
>
>OS edition: Windows 10 Ent, Edu
>
>Account type: Local standard user or administrator, Active Directory, Azure AD
- Windows 10 Ent, Edu
>[!WARNING]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on.
Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell.
>[!NOTE]
>Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.
>Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.
>
>Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
>- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools
>- [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies
>- [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies
>
>You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](kiosk-single-app.md#wizard).
You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). In Windows 10, version 1803 and later, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
## Differences between Shell Launcher v1 and Shell Launcher v2
Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` which can launch a Windows desktop application.
Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app.
In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:
- You can use a custom Windows desktop application that can then launch UWP apps, such as **Settings** and **Touch Keyboard**.
- From a custom UWP shell, you can launch secondary views and run on multiple monitors.
- The custom shell app runs in full screen, and and can run other apps in full screen on users demand.
For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2).
## Requirements
@ -44,16 +53,15 @@ Using Shell Launcher, you can configure a kiosk device that runs a Windows deskt
>
>- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
- A domain or local user account.
- A domain, Azure Active Directory, or local user account.
- A Windows desktop application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
- A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
[See the technical reference for the shell launcher component.](https://go.microsoft.com/fwlink/p/?LinkId=618603)
[See the technical reference for the shell launcher component.](https://docs.microsoft.com/windows-hardware/customize/enterprise/shell-launcher)
## Enable Shell Launcher feature
## Configure Shell Launcher
To set a Windows desktop application as the shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell.
To set a custom shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell or MDM.
**To turn on Shell Launcher in Windows features**
@ -63,7 +71,7 @@ To set a Windows desktop application as the shell, you first turn on the Shell L
2. Select **Shell Launcher** and **OK**.
Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or the Deployment Image Servicing and Management (DISM.exe) tool.
Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or you can use the Deployment Image Servicing and Management (DISM.exe) tool.
**To turn on Shell Launcher using DISM**
@ -74,9 +82,70 @@ Alternatively, you can turn on Shell Launcher using Windows Configuration Design
Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher
```
**To set your custom shell**
Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
## Configure a custom shell in MDM
You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to configure Shell Launcher in MDM.
### XML for Shell Launcher configuration
The following XML sample works for **Shell Launcher v1**:
```
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
<Profiles>
<Profile ID="{24A7309204F3F-44CC-8375-53F13FE213F7}">
<Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com" />
</Profile>
</Profiles>
<Configs>
<!--local account-->
<Account Name="ShellLauncherUser"/>
<Profile ID="{24A7309204F3F-44CC-8375-53F13FE213F7}"/>
</Configs>
</ShellLauncherConfiguration>
```
For **Shell Launcher v2**, you will use a different schema reference and a different app type for `Shell`, as shown in the following example.
```
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell="ShellLauncherV2DemoUwp_5d7tap497jwe8!App" v2:AppType="UWP" v2:AllAppsFullScreen="true">
<DefaultAction Action="RestartShell"/>
</Shell>
</DefaultProfile>
</Profiles>
<Configs/>
</ShellLauncherConfiguration>
```
>[!TIP]
>In the XML for Shell Launcher v2, note the **AllAppsFullScreen** attribute. When set to **True**, Shell Launcher will run every app in full screen, or maximized for desktop apps. When this attribute is set to **False** or not set, only the custom shell app runs in full screen; other apps launched by the user will run in windowed mode.
[Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
### Custom OMA-URI setting
In your MDM service, you can create a [custom OMA-URI setting](https://docs.microsoft.com/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v2. (The [XML](#xml-for-shell-launcher-configuration) that you use for your setting will determine whether you apply Shell Launcher v1 or v2.)
The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`.
For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)` instead.
![Screenshot of custom OMA-URI settings](images/slv2-oma-uri.png)
After you configure the profile containing the custom Shell Launcher setting, select **All Devices** or selected groups of devices to apply the profile to. Don't assign the profile to users or user groups.
## Configure a custom shell using PowerShell
For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scripts](https://github.com/Microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleBridgeWmiScripts/README.md).
For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
```
# Check if shell launcher license is enabled

2
windows/configuration/kiosk-single-app.md
View File

@ -171,8 +171,6 @@ Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
[Learn how to get the AppName](https://msdn.microsoft.com/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
[Learn how to get the SID](https://go.microsoft.com/fwlink/p/?LinkId=615517).
To remove assigned access, using PowerShell, run the following cmdlet.
```

2
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -39,10 +39,10 @@ New features and improvements | In update
You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
>[!TIP]
>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
<span id="intune"/>
## Configure a kiosk in Microsoft Intune

2
windows/configuration/setup-digital-signage.md
View File

@ -25,8 +25,6 @@ For digital signage, simply select a digital sign player as your kiosk app. You
>[!TIP]
>Kiosk Browser can also be used in [single-app kiosks](kiosk-single-app.md) and [multi-app kiosk](lock-down-windows-10-to-specific-apps.md) as a web browser. For more information, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
>
>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
Kiosk Browser must be downloaded for offline licensing using Microsoft Store for Business. You can deploy Kiosk Browser to devices running Windows 10, version 1803.

3
windows/deploy/docfx.json
View File

@ -32,7 +32,8 @@
"globalMetadata": {
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.windows-deploy"
"depot_name": "MSDN.windows-deploy",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/deployment/docfx.json
View File

@ -42,7 +42,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-development"
"depot_name": "MSDN.win-development",
"folder_relative_path_in_docset": "./"
}
}
},

BIN
windows/deployment/images/wada.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 223 KiB

2
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -53,7 +53,7 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices within a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/You-can-now-check-on-the-status-of-your-computers-within-hours/ba-p/187213) on the Tech Community Blog.
>[!NOTE]
> If you generate the status report and get an error message saying "Sorry! Were not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it.

2
windows/deployment/update/windows-analytics-azure-portal.md
View File

@ -29,7 +29,7 @@ Go to the [Azure portal](https://portal.azure.com), select **All services**, and
It's important to understand the difference between Azure Active Directory and an Azure subscription:
**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices.

5
windows/deployment/update/windows-as-a-service.md
View File

@ -18,14 +18,15 @@ Find the tools and resources you need to help deploy and support Windows as a se
Find the latest and greatest news on Windows 10 deployment and servicing.
**Working to make Windows updates clear and transparent**
> [!VIDEO https://www.youtube-nocookie.com/embed/u5P20y39DrA]
**Discovering the Windows 10 Update history pages**
> [!VIDEO https://www.youtube-nocookie.com/embed/GADIXBf9R58]
Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. The Windows update history page is for anyone looking to gain an immediate, precise understanding of particular Windows update issues.
The latest news:
<ul compact style="list-style: none">
<li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
<li><a href="https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience">Data, insights and listening to improve the customer experience</a> - March 6, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079">Getting to know the Windows update history pages</a> - February 21, 2019</li>

2
windows/deployment/update/windows-update-resources.md
View File

@ -106,7 +106,7 @@ The following resources provide additional information about using Windows Updat
- regsvr32.exe wuwebv.dll
7. Reset Winsock. To do this, type the following command at a command prompt, and then press ENTER:
```
netsh reset winsock
netsh winsock reset
```
8. If you are running Windows XP or Windows Server 2003, you have to set the proxy settings. To do this, type the following command at a command prompt, and then press ENTER:
```

6
windows/deployment/usmt/usmt-migrate-user-accounts.md
View File

@ -25,7 +25,7 @@ By default, all users are migrated. The only way to specify which users to inclu
- [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone)
## <a href="" id="bkmk-migrateall"></a>To migrate all user accounts and user settings
Links to detailed explanations of commands are available in the Related Topics section.
1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window:
@ -49,7 +49,7 @@ By default, all users are migrated. The only way to specify which users to inclu
 
## <a href="" id="bkmk-migratetwo"></a>To migrate two domain accounts (User1 and User2)
Links to detailed explanations of commands are available in the Related Topics section.
1. Log on to the source computer as an administrator, and specify:
@ -62,7 +62,7 @@ By default, all users are migrated. The only way to specify which users to inclu
`loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
## <a href="" id="bkmk-migratemoveuserone"></a>To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
Links to detailed explanations of commands are available in the Related Topics section.
1. Log on to the source computer as an administrator, and type the following at the command-line prompt:

3
windows/device-security/docfx.json
View File

@ -39,7 +39,8 @@
"ms.date": "04/05/2017",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-device-security"
"depot_name": "MSDN.win-device-security",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/hub/docfx.json
View File

@ -44,7 +44,8 @@
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.windows-hub"
"depot_name": "MSDN.windows-hub",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/keep-secure/docfx.json
View File

@ -32,7 +32,8 @@
"globalMetadata": {
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.keep-secure"
"depot_name": "MSDN.keep-secure",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/manage/docfx.json
View File

@ -32,7 +32,8 @@
"globalMetadata": {
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.windows-manage"
"depot_name": "MSDN.windows-manage",
"folder_relative_path_in_docset": "./"
}
}
},

3
windows/plan/docfx.json
View File

@ -32,7 +32,8 @@
"globalMetadata": {
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.windows-plan"
"depot_name": "MSDN.windows-plan",
"folder_relative_path_in_docset": "./"
}
}
},

16
windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -155,14 +155,18 @@ The following table defines the endpoints for Connected User Experiences and Tel
Windows release | Endpoint
--- | ---
Windows 10, versions 1703 and 1709 | Diagnostics data: v10.vortex-win.data.microsoft.com/collect/v1</br></br>Functional: v20.vortex-win.data.microsoft.com/collect/v1</br>Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com/collect/v1</br>settings-win.data.microsoft.com
Windows 10, version 1607 | v10.vortex-win.data.microsoft.com</br></br>settings-win.data.microsoft.com
Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed| Diagnostics data: v10c.vortex-win.data.microsoft.com</br></br>Functional: v20.vortex-win.data.microsoft.com</br>Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com</br>settings-win.data.microsoft.com
Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | Diagnostics data: v10.events.data.microsoft.com</br></br>Functional: v20.vortex-win.data.microsoft.com</br>Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com</br>settings-win.data.microsoft.com
Windows 10, version 1709 or earlier | Diagnostics data: v10.vortex-win.data.microsoft.com</br></br>Functional: v20.vortex-win.data.microsoft.com</br>Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com</br>settings-win.data.microsoft.com
Windows 7 and Windows 8.1 | vortex-win.data.microsoft.com
The following table defines the endpoints for other diagnostic data services:
| Service | Endpoint |
| - | - |
| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
| | umwatsonc.events.data.microsoft.com |
| | kmwatsonc.events.data.microsoft.com |
| | ceuswatcab01.blob.core.windows.net |
| | ceuswatcab02.blob.core.windows.net |
| | eaus2watcab01.blob.core.windows.net |
@ -170,7 +174,7 @@ The following table defines the endpoints for other diagnostic data services:
| | weus2watcab01.blob.core.windows.net |
| | weus2watcab02.blob.core.windows.net |
| [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
| OneDrive app for Windows 10 | vortex.data.microsoft.com |
### Data use and access
@ -356,9 +360,9 @@ You can turn on or turn off System Center diagnostic data gathering. The default
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
### Configure the operating system diagnostic data level
## Configure the operating system diagnostic data level
You can configure your operating system diagnostic data settings using the management tools youre already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
You can configure your operating system diagnostic data settings using the management tools youre already using, such as **Group Policy, MDM, or Windows Provisioning.** You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
Use the appropriate value in the table below when you configure the management policy.
@ -388,7 +392,7 @@ Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com
### Use Registry Editor to set the diagnostic data level
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
Use Registry Editor to manually set the registry level on the devices in your organization, or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, the policy will replace the manually set registry level.
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.

53
windows/privacy/diagnostic-data-viewer-overview.md
View File

@ -21,17 +21,17 @@ ms.date: 01/17/2018
**Applies to**
- Windows 10, version 1809
- Windows 10, version 1803
- Windows 10, version 1803
## Introduction
The Diagnostic Data Viewer is a Windows app that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
## Install and Use the Diagnostic Data Viewer
You must turn on data viewing and download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
You must download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
### Turn on data viewing
Before you can use this tool, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device.
Before you can use this tool for viewing Windows diagnostic data, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Note that this setting does not affect your Office data viewing or history.
**To turn on data viewing**
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
@ -44,7 +44,7 @@ Before you can use this tool, you must turn on data viewing in the **Settings**
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
### Start the Diagnostic Data Viewer
You must start this app from the **Settings** panel.
You can start this app from the **Settings** panel.
**To start the Diagnostic Data Viewer**
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
@ -58,29 +58,25 @@ You must start this app from the **Settings** panel.
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
>[!Important]
>Turning on data viewing can use up to 1GB of disk space on your system drive. We strongly recommend that your turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
>Turning on data viewing can use up to 1GB (by default) of disk space on your system drive. We strongly recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
### Use the Diagnostic Data Viewer
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
- **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
- **View your Windows diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
>[!Important]
>Seeing an event does not necessarily mean it has been uploaded yet. Its possible that some events are still queued and will be uploaded at a later time.
![View your diagnostic events](images/ddv-event-view.png)
![View your diagnostic events](images/ddv-event-view.jpg)
- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
Selecting an event opens the detailed JSON view, with the matching text highlighted.
- **Filter your diagnostic event categories.** The apps Menu button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft.
Selecting a check box lets you filter between the diagnostic event categories.
![Filter your diagnostic event categories](images/ddv-event-view-filter.png)
- **Filter your diagnostic event categories.** The app's **Menu** button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft. Selecting a check box lets you filter between the diagnostic event categories.
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If youre a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
@ -93,8 +89,20 @@ The Diagnostic Data Viewer provides you with the following features to view and
>[!Important]
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
- **View a summary of the data you've shared with us over time.** Available for users on build 19H1+, 'About my data' in Diagnostic Data Viewer lets you see an overview of the Windows data you've shared with Microsoft.
Through this feature, you can checkout how much data you send on average each day, the breakdown of your data by category, the top components and services that have sent data, and more.
>[!Important]
>This content is a reflection of the history of Windows data the app has stored. If you'd like to have extended analyses, please modify the storage capacity of Diagnostic Data Viewer.
![Look at an overview of what data you've shared with Microsoft through the 'About my data' page in Diagnostic Data Viewer](images/ddv-analytics.png)
## View Office Diagnostic Data
By default, Diagnostic Data Viewer shows you Windows data. You can also view Office diagnostic data by enabling the feature in the app settings page. To learn more about how to view Office diagnostic data, please visit this [page](https://go.microsoft.com/fwlink/?linkid=2023830).
## Turn off data viewing
When you're done reviewing your diagnostic data, you should turn of data viewing.
When you're done reviewing your diagnostic data, you should turn of data viewing. This will also remove your Windows data history. Note that this setting does not affect your Office data viewing or history.
**To turn off data viewing**
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
@ -103,8 +111,24 @@ When you're done reviewing your diagnostic data, you should turn of data viewing
![Location to turn off data viewing](images/ddv-settings-off.png)
## Modifying the size of your data history
By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
>[!Important]
>Note that if you have [Office diagnostic data viewing enabled](#view-office-diagnostic-data), the Office data history is fixed at 1 GB and cannot be modified.
**Modify the size of your data history**
To make changes to the size of your Windows diagnostic data history, visit the **app settings**, located at the bottom of the navigation menu. Data will be incrementally dropped with the oldest data points first once your chosen size or time limit is reached.
>[!Important]
>Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
![Change the size of your data history through the app settings](images/ddv-change-db-size.png)
## View additional diagnostic data in the View problem reports tool
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
@ -123,3 +147,4 @@ Go to **Start** and search for _Problem Reports_.
The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft.
![View problem reports tool with report statuses](images/control-panel-problem-reports-screen.png)

10
windows/privacy/docfx.json
View File

@ -36,9 +36,15 @@
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"feedback_system": "GitHub",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app"
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.privacy",
"folder_relative_path_in_docset": "./"
}
}
},
"fileMetadata": {},
"template": [],

BIN
windows/privacy/images/ddv-analytics.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
windows/privacy/images/ddv-event-view.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 337 KiB

BIN
windows/privacy/images/ddv-event-view.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 149 KiB

BIN
windows/privacy/images/ddv-problem-reports.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 105 KiB

After

Width:  |  Height:  |  Size: 108 KiB

47
windows/privacy/manage-windows-1709-endpoints.md
View File

@ -405,52 +405,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
The following endpoints are used to download operating system patches and updates.
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | HTTP | *.windowsupdate.com |
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| | | cds.d2s7q6s2.hwcdn.net |
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| | HTTP | *wac.phicdn.net |
| | | *wac.edgecastcdn.net |
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | emdl.ws.microsoft.com |
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | HTTPS | fe2.update.microsoft.com |
| svchost | | fe3.delivery.mp.microsoft.com |
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
| svchost | HTTPS | sls.update.microsoft.com |
| svchost | HTTPS | *.update.microsoft.com |
| svchost | HTTPS | *.delivery.mp.microsoft.com |
The following endpoint is used for content regulation.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
@ -459,14 +428,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
The following endpoints are used to download content.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| | | a122.dscd.akamai.net |
| | | a1621.g.akamai.net |
## Microsoft forward link redirection service (FWLink)
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.

18
windows/privacy/windows-diagnostic-data.md
View File

@ -22,13 +22,13 @@ Applies to:
- Windows 10, version 1803
- Windows 10, version 1709
Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1803 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1809 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
The data covered in this article is grouped into the following types:
- Common data (diagnostic header information)
- Common data extensions (diagnostic header information)
- Device, Connectivity, and Configuration data
- Product and Service Usage data
- Product and Service Performance data
@ -36,15 +36,15 @@ The data covered in this article is grouped into the following types:
- Browsing History data
- Inking, Typing, and Speech Utterance data
## Common data
## Common data extensions
Most diagnostic events contain a header of common data. In each example, the info in parentheses provides the equivalent definition for ISO/IEC 19944:2017.
**Data Use for Common data**
**Data Use for Common data extensions**
Header data supports the use of data associated with all diagnostic events. Therefore, Common data is used to [provide](#provide) Windows 10, and may be used to [improve](#improve), [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) Microsoft and third-party products and services, depending on the uses described in the **Data Use** statements for each data category.
### Data Description for Common data type
### Data Description for Common data extensions type
#### Common data type
#### Common data extensions type
Information that is added to most diagnostic events, if relevant and available:
@ -506,6 +506,6 @@ Use of the specified data categories to promote a product or service in or on a
Here are the list of data identification qualifiers and the ISO/IEC 19944:2017 reference:
- **<a name="#pseudo">Pseudonymized Data</a>** 8.3.3 Pseudonymized data. Microsoft usage notes are as defined.
- **<a name="#anon">Anonymized Data</a>** 8.3.5 Anonymized data. Microsoft usage notes are as defined.
- **<a name="#aggregate">Aggregated Data</a>** 8.3.6 Aggregated data. Microsoft usage notes are as defined.
- **<a name="pseudo">Pseudonymized Data</a>** 8.3.3 Pseudonymized data. Microsoft usage notes are as defined.
- **<a name="anon">Anonymized Data</a>** 8.3.5 Anonymized data. Microsoft usage notes are as defined.
- **<a name="aggregate">Aggregated Data</a>** 8.3.6 Aggregated data. Microsoft usage notes are as defined.

88
windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
View File

@ -40,52 +40,52 @@ We used the following methodology to derive these network endpoints:
| **Destination** | **Protocol** | **Description** |
| --- | --- | --- |
|*.aria.microsoft.com* | HTTPS | Office Telemetry
|*.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update.
|*.download.windowsupdate.com* | HTTP | Used to download operating system patches and updates.
|*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|*.msn.com* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|*.Skype.com | HTTP/HTTPS | Skype related traffic
|*.smartscreen.microsoft.com* | HTTPS | Windows Defender Smartscreen related traffic
|*.telecommand.telemetry.microsoft.com* | HTTPS | Used by Windows Error Reporting.
|*cdn.onenote.net* | HTTP | OneNote related traffic
|*displaycatalog.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|*emdl.ws.microsoft.com* | HTTP | Windows Update related traffic
|*geo-prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|*maps.windows.com* | HTTPS | Related to Maps application.
|*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|*nexusrules.officeapps.live.com* | HTTPS | Office Telemetry
|*photos.microsoft.com* | HTTPS | Photos App related traffic
|*prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|*wac.phicdn.net* | HTTP | Windows Update related traffic
|*windowsupdate.com* | HTTP | Windows Update related traffic
|*wns.windows.com* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|*wpc.v0cdn.net* | | Windows Telemetry related traffic
|\*.aria.microsoft.com\* | HTTPS | Office Telemetry
|\*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update.
|\*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates.
|\*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|\*.msn.com\* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|\*.Skype.com | HTTP/HTTPS | Skype related traffic
|\*.smartscreen.microsoft.com\* | HTTPS | Windows Defender Smartscreen related traffic
|\*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting.
|\*cdn.onenote.net* | HTTP | OneNote related traffic
|\*displaycatalog.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|\*emdl.ws.microsoft.com\* | HTTP | Windows Update related traffic
|\*geo-prod.do.dsp.mp.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|\*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|\*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|\*maps.windows.com\* | HTTPS | Related to Maps application.
|\*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|\*nexusrules.officeapps.live.com\* | HTTPS | Office Telemetry
|\*photos.microsoft.com\* | HTTPS | Photos App related traffic
|\*prod.do.dsp.mp.microsoft.com\* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|\*wac.phicdn.net* | HTTP | Windows Update related traffic
|\*windowsupdate.com\* | HTTP | Windows Update related traffic
|\*wns.windows.com\* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|\*wpc.v0cdn.net* | | Windows Telemetry related traffic
|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js | | MSA related
|evoke-windowsservices-tas.msedge* | HTTPS | The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
|fe2.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|fe3.*.mp.microsoft.com.* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|fe2.update.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|fe3.\*.mp.microsoft.com.\* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|fs.microsoft.com | | Font Streaming (in ENT traffic)
|g.live.com* | HTTPS | Used by OneDrive
|g.live.com\* | HTTPS | Used by OneDrive
|iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
|mscrl.micorosoft.com | | Certificate Revocation List related traffic.
|ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|mscrl.microsoft.com | | Certificate Revocation List related traffic.
|ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|officeclient.microsoft.com | HTTPS | Office related traffic.
|oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates.
|purchase.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|query.prod.cms.rt.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata.
|ris.api.iris.microsoft.com* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata.
|ris.api.iris.microsoft.com\* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
|settings.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|settings-win.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|sls.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|store*.dsx.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|storecatalogrevocation.storequality.microsoft.com* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|store-images.s-microsoft.com* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile.
|tsfe.trafficshaping.dsp.mp.microsoft.com* |TLSv1.2 | Used for content regulation.
|settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration.
|settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration.
|sls.update.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|store-images.s-microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile.
|tsfe.trafficshaping.dsp.mp.microsoft.com\* |TLSv1.2 | Used for content regulation.
|v10.events.data.microsoft.com | HTTPS | Diagnostic Data
|wdcp.microsoft.* |TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled.
|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender related traffic.
@ -111,7 +111,7 @@ We used the following methodology to derive these network endpoints:
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
@ -127,10 +127,10 @@ We used the following methodology to derive these network endpoints:
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
| *.tlu.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update. |
| *.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
| *geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
| au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
| cdn.onenote.net/livetile/* | HTTPS | Used for OneNote Live Tile. |
| client-office365-tas.msedge.net/* | HTTPS | Used to connect to the Office 365 portals shared infrastructure, including Office Online. |
| config.edge.skype.com/* | HTTPS | Used to retrieve Skype configuration values.  |
@ -151,7 +151,7 @@ We used the following methodology to derive these network endpoints:
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application |
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
| ocos-office365-s2s.msedge.net/* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
| oneclient.sfx.ms/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
| sls.update.microsoft.com/* | HTTPS | Enables connections to Windows Update. |

2
windows/release-information/TOC.yml Normal file
View File

@ -0,0 +1,2 @@
- name: Index
href: index.md

3
windows/release-information/breadcrumb/toc.yml Normal file
View File

@ -0,0 +1,3 @@
- name: Docs
tocHref: /
topicHref: /

47
windows/release-information/docfx.json Normal file
View File

@ -0,0 +1,47 @@
{
"build": {
"content": [
{
"files": [
"**/*.md",
"**/*.yml"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"_themes/**",
"_themes.pdf/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"_themes/**",
"_themes.pdf/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/release-information/breadcrumb/toc.json",
"extendBreadcrumb": true,
"feedback_system": "None"
},
"fileMetadata": {},
"template": [],
"dest": "release-information",
"markdownEngineName": "markdig"
}
}

3
windows/release-information/index.md Normal file
View File

@ -0,0 +1,3 @@
# Welcome to release-information!
test

10
windows/security/docfx.json
View File

@ -38,8 +38,14 @@
"ms.topic": "article",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"ms.author": "justinha"
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"ms.author": "justinha",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.security",
"folder_relative_path_in_docset": "./"
}
}
},
"fileMetadata": {},
"template": [],

8
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -43,6 +43,14 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will
To enforce processing of the group policy, you can run ```gpupdate /force```.
### Enable Windows Defender Credential Guard by using Intune
1. From **Home** click **Microsoft Intune**
2. Click **Device configuration**
3. Click **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**.
> [!NOTE]
> It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
### Enable Windows Defender Credential Guard by using the registry

4
windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
View File

@ -8,8 +8,8 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

8
windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
@ -35,9 +35,9 @@ On-premises certificate-based deployments of Windows Hello for Business needs th
## Enable Windows Hello for Business Group Policy
The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business.
## Use certificate for on-premises authentication

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-faq.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-features.md
View File

@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
View File

@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md
View File

@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
View File

@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

6
windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
View File

@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
@ -187,7 +187,7 @@ Joining a device is an extension to registering a device. This means, it provide
[Return to Top](hello-how-it-works-technology.md)
## Key Trust
The key trust model uses the user's Windows Hello for Business identity to authenticate to on-premises Active Directory. The certificate trust model is supported in hybrid and on-premises deployments and requires Windows Server 2016 domain controllers.
The key trust model uses the user's Windows Hello for Business identity to authenticate to on-premises Active Directory. The key trust model is supported in hybrid and on-premises deployments and requires Windows Server 2016 domain controllers.
### Related topics
[Certificate Trust](#certificate-trust), [Deployment Type](#deployment-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined), [Hybrid Deployment](#hybrid-deployment), [On-premises Deployment](#on-premises-deployment), [Trust Type](#trust-type)

4
windows/security/identity-protection/hello-for-business/hello-how-it-works.md
View File

@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

6
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
@ -82,7 +82,7 @@ Organizations using older directory synchronization technology, such as DirSync
<br>
## Federation ##
Federating your on-premises Active Directory with Azure Active Directory ensures all identities have access to all resources regardless if they reside in cloud or on-premises. Windows Hello for Business hybrid certificate trust needs Windows Server 2016 Active Directory Federation Services. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
Windows Hello for Business hybrid certificate trust requires Active Directory being federated with Azure Active Directory and needs Windows Server 2016 Active Directory Federation Services or newer. Windows Hello for Business hybrid certificate trust doesnt support Managed Azure Active Directory using Pass-through authentication or password hash sync. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

12
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
View File

@ -1,4 +1,4 @@
---
---
title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business)
description: Provisioning for Hybrid Windows Hello for Business Deployments
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
@ -18,7 +18,7 @@ ms.date: 08/19/2018
# Hybrid Windows Hello for Business Provisioning
**Applies to**
- Windows 10, version 1703 or later
- Windows 10, version 1703 or later
- Hybrid deployment
- Certificate trust
@ -65,7 +65,7 @@ After a successful key registration, Windows creates a certificate request using
The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current users certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user they can use their PIN to sign-in through the Windows Action Center.
The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current users certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user they can use their PIN to sign-in through the Windows Action Center.
<br><br>
@ -77,5 +77,5 @@ The certificate authority validates the certificate was signed by the registrati
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md)
6. Sign-in and Provision(*You are here*)
6. Sign-in and Provision(*You are here*)

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
View File

@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mikestephens-MS
ms.author: mstephen
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article

Some files were not shown because too many files have changed in this diff Show More