deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into atp-reorg2

Browse Source
This commit is contained in:
Joey Caparas 2018-06-08 10:43:12 -07:00
commit 95df15f981
94 changed files with 828 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
browsers/edge/Index.md
View File

@ -24,9 +24,9 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e
Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
>[!Note]
>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847).
>For more information about the potential impact of using Microsoft Edge in a large organization, refer to the [Measuring the impact of Microsoft Edge](https://www.microsoft.com/itpro/microsoft-edge/technical-benefits) topic on the Microsoft Edge IT Center.
>Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area.
>If you are looking for Internet Explorer 11 content, please visit the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area.
## In this section

24
browsers/edge/available-policies.md
View File

@ -32,11 +32,11 @@ Computer Configuration\Administrative Templates\Windows Components\Microsoft Edg
>*Supported versions: Windows 10, version 1803*<br>
>*Default setting: None*
You can configure Microsoft Edge to use a shared folder to store books from the Books Library.
You can configure Microsoft Edge to store books from the Books Library to a default, shared folder for Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads book files automatically to a common, shared folder, and prevents users from removing the book from the library. For this policy to work properly, users must be signed in with a school or work account.
If you disable or dont configure this policy, Microsoft Edge does not use a shared folder but downloads book files to a per-user folder for each user.
If enabled, a shared books folder is allowed.
If disabled, a shared books folder not allowed.
**MDM settings in Microsoft Intune**
| | |
@ -45,30 +45,30 @@ If disabled, a shared books folder not allowed.
|Supported devices |Desktop |
|URI full path |./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks |
|Data type |Integer |
|Allowed values |<ul><li>**0** - No folder shared.</li><li>**1** - Use a shared folder.</li></ul> |
|Allowed values |<ul><li>**0** - Disabled.</li><li>**1** - Enabled.</li></ul> |
## Allow Address bar drop-down list suggestions
>*Supported versions: Windows 10, version 1703 or later*
The Address bar drop-down list, when enabled, allows the Address bar drop-down functionality in Microsoft Edge. By default, this policy is enabled. If disabled, you do not see the address bar drop-down functionality and disables the user-defined policy "Show search and site suggestions as I type." Therefore, because search suggestions are shown in the drop-down, this policy takes precedence over the [Configure search suggestions in Address bar](https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies?branch=pashort_edge-backlog_vsts15846461#configure-search-suggestions-in-address-bar) or [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy.
By default, Microsoft Edge shows the Address bar drop-down list and makes it available. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy. Disabling this policy turns off the Address bar drop-down list functionality.
If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend that you disable this policy.
When disabled, Microsoft Edge also disables the user-defined policy Show search and site suggestions as I type. Because the drop-down shows the search suggestions, this policy takes precedence over the [Configure search suggestions in Address bar](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies#configure-search-suggestions-in-address-bar) policy.
**Microsoft Intune to manage your MDM settings**
| | |
|---|---|
|MDM name |[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |
|MDM name |Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |
|Supported devices |Desktop |
|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown |
|Data type | Integer |
|Allowed values |<ul><li>**0** - Not Allowed. Address bar drop-down is disabled, which also disables the user-defined policy, "Show search and site suggestions as I type."</li><li>**1 (default)** - Allowed. Address bar drop-down is enabled.</li></ul> |
|Allowed values |<ul><li>**0** - Disabled. Not allowed.</li><li>**1 (default)** - Enabled or not configured. Allowed.</li></ul> |
## Allow Adobe Flash
>*Supported version: Windows 10*
Adobe Flash is integrated with Microsoft Edge and is updated via Windows Update. By default, this policy is enabled or not configured allowing you to use Adobe Flash Player in Microsoft Edge.
Adobe Flash is integrated with Microsoft Edge and updated via Windows Update. With this policy, you can configure Microsoft Edge to run Adobe Flash content or prevent Adobe Flash from running.
**Microsoft Intune to manage your MDM settings**
| | |
@ -77,12 +77,12 @@ Adobe Flash is integrated with Microsoft Edge and is updated via Windows Update.
|Supported devices |Desktop |
|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash |
|Data type | Integer |
|Allowed values |<ul><li>**0** - Adobe Flash cannot be used Microsoft Edge.</li><li>**1 (default)** - Adobe Flash can be used in Microsoft Edge. </li></ul> |
|Allowed values |<ul><li>**0** - Disabled. Microsoft Edge prevents Adobe Flash content from running.</li><li>**1 (default)** - Enabled or not configured. Microsoft Edge runs Adobe Flash content. </li></ul> |
## Allow clearing browsing data on exit
>*Supported versions: Windows 10, version 1703*
Your browsing data is the information that Microsoft Edge remembers and stores as you browse websites. Browsing data includes information you entered forms, passwords, and the websites you visited. By default, this policy is disabled or not configured, the browsing data is not cleared when exiting. When this policy is disabled or not configured, you can turn on and configure the Clear browsing data option under Settings.
By default, Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. Enable this policy if you want to clear the browsing data automatically each time Microsoft Edge closes.
**Microsoft Intune to manage your MDM settings**
@ -92,7 +92,7 @@ Your browsing data is the information that Microsoft Edge remembers and stores a
|Supported devices |Desktop |
|URI full path | ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit |
|Data type | Integer |
|Allowed values |<ul><li>**0 (default)** - Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.</li><li>**1** - Browsing data is cleared on exit.</li></ul> |
|Allowed values |<ul><li>**0 (default)** - Disabled or not configured. Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings.</li><li>**1** - Enabled. Clears the browsing data each time Microsoft Edge closes.</li></ul> |
## Allow configuration updates for the Books Library

3
devices/hololens/change-history-hololens.md
View File

@ -2,10 +2,9 @@
title: Change history for Microsoft HoloLens documentation
description: This topic lists new and updated topics for HoloLens.
keywords: change history
ms.prod: w10
ms.prod: hololens
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

3
devices/hololens/hololens-encryption.md
View File

@ -1,9 +1,8 @@
---
title: Enable Bitlocker encryption for HoloLens (HoloLens)
description: Enable Bitlocker device encryption to protect files stored on the HoloLens
ms.prod: w10
ms.prod: hololens
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

3
devices/hololens/hololens-enroll-mdm.md
View File

@ -1,9 +1,8 @@
---
title: Enroll HoloLens in MDM (HoloLens)
description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices.
ms.prod: w10
ms.prod: hololens
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

3
devices/hololens/hololens-install-apps.md
View File

@ -1,9 +1,8 @@
---
title: Install apps on HoloLens (HoloLens)
description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business.
ms.prod: w10
ms.prod: hololens
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-kiosk.md
View File

@ -1,9 +1,7 @@
---
title: Set up HoloLens in kiosk mode (HoloLens)
description: Use a kiosk configuration to lock down the apps on HoloLens.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-microsoft-layout-app.md
View File

@ -1,9 +1,7 @@
---
title: Microsoft Layout
description: How to get and deploy the Microsoft Layout app throughout your organization
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: alhopper-msft
ms.author: alhopper

4
devices/hololens/hololens-microsoft-remote-assist-app.md
View File

@ -1,9 +1,7 @@
---
title: Microsoft Remote Assist
description: How to get and deploy the Microsoft Remote Assist app throughout your organization
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: alhopper-msft
ms.author: alhopper

4
devices/hololens/hololens-multiple-users.md
View File

@ -1,9 +1,7 @@
---
title: Share HoloLens with multiple people (HoloLens)
description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-provisioning.md
View File

@ -1,9 +1,7 @@
---
title: Configure HoloLens using a provisioning package (HoloLens)
description: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-public-preview-apps.md
View File

@ -1,9 +1,7 @@
---
title: Preview new mixed reality apps for HoloLens
description: Here's how to download and distribute new mixed reality apps for HoloLens, free for a limited time during public preview
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: alhopper
ms.author: alhopper

4
devices/hololens/hololens-requirements.md
View File

@ -1,9 +1,7 @@
---
title: HoloLens in the enterprise requirements and FAQ (HoloLens)
description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-setup.md
View File

@ -1,9 +1,7 @@
---
title: Set up HoloLens (HoloLens)
description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-updates.md
View File

@ -1,9 +1,7 @@
---
title: Manage updates to HoloLens (HoloLens)
description: Administrators can use mobile device management to manage updates to HoloLens devices.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-upgrade-enterprise.md
View File

@ -1,9 +1,7 @@
---
title: Unlock Windows Holographic for Business features (HoloLens)
description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/hololens-whats-new.md
View File

@ -1,9 +1,7 @@
---
title: What's new in Microsoft HoloLens (HoloLens)
description: Windows Holographic for Business gets new features in Windows 10, version 1803.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/hololens/index.md
View File

@ -1,9 +1,7 @@
---
title: Microsoft HoloLens (HoloLens)
description: HoloLens provides extra features designed for business in the Commercial Suite.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/surface-hub/accessibility-surface-hub.md
View File

@ -3,9 +3,7 @@ title: Accessibility (Surface Hub)
description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10.
ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surfacehub
ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/surface-hub/admin-group-management-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Admin group management (Surface Hub)
description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device.
ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE
keywords: admin group management, Settings app, configure Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, security
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: PowerShell for Surface Hub (Surface Hub)
description: PowerShell scripts to help set up and manage your Microsoft Surface Hub.
ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784
keywords: PowerShell, set up Surface Hub, manage Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
View File

@ -3,10 +3,8 @@ title: Applying ActiveSync policies to device accounts (Surface Hub)
description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting.
ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110
keywords: Surface Hub, ActiveSync policies
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/change-history-surface-hub.md
View File

@ -2,10 +2,8 @@
title: Change history for Surface Hub
description: This topic lists new and updated topics for Surface Hub.
keywords: change history
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/change-surface-hub-device-account.md
View File

@ -3,10 +3,8 @@ title: Change the Microsoft Surface Hub device account
description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned.
ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672
keywords: change device account, change properties, Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/connect-and-display-with-surface-hub.md
View File

@ -2,10 +2,8 @@
title: Connect other devices and display with Surface Hub
description: You can connect other device to your Surface Hub to display content.
ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/create-a-device-account-using-office-365.md
View File

@ -3,10 +3,8 @@ title: Create a device account using UI (Surface Hub)
description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center.
ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C
keywords: create device account, Office 365 UI, Exchange Admin center, Office 365 admin center, Skype for Business, mobile device mailbox policy
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/create-and-test-a-device-account-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Create and test a device account (Surface Hub)
description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype.
ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67
keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/device-reset-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Device reset (Surface Hub)
description: You may wish to reset your Microsoft Surface Hub.
ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
keywords: reset Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
View File

@ -2,10 +2,8 @@
title: Differences between Surface Hub and Windows 10 Enterprise
description: This topic explains the differences between Windows 10 Team and Windows 10 Enterprise.
keywords: change history
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: isaiahng
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/enable-8021x-wired-authentication.md
View File

@ -1,10 +1,8 @@
---
title: Enable 802.1x wired authentication
description: 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices.
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
View File

@ -3,10 +3,8 @@ title: Microsoft Exchange properties (Surface Hub)
description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub.
ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29
keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/finishing-your-surface-hub-meeting.md
View File

@ -2,10 +2,8 @@
title: End session - ending a Surface Hub meeting
description: To end a Surface Hub meeting, tap End session. Surface Hub cleans up the application state, operating system state, and the user interface so that Surface Hub is ready for the next meeting.
keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/first-run-program-surface-hub.md
View File

@ -3,10 +3,8 @@ title: First-run program (Surface Hub)
description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process.
ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49
keywords: first run, Surface Hub, out-of-box experience, OOBE
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
View File

@ -3,10 +3,8 @@ title: Hybrid deployment (Surface Hub)
description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub.
ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1
keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/index.md
View File

@ -2,10 +2,8 @@
title: Microsoft Surface Hub admin guide
description: Documents related to the Microsoft Surface Hub.
ms.assetid: 69C99E91-1441-4318-BCAF-FE8207420555
ms.prod: w10
ms.mktglfcycl: explore
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/install-apps-on-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Install apps on your Microsoft Surface Hub
description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.
ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94
keywords: install apps, Microsoft Store, Microsoft Store for Business
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, store
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/local-management-surface-hub-settings.md
View File

@ -2,10 +2,8 @@
title: Local management Surface Hub settings
description: How to manage Surface Hub settings with Settings.
keywords: manage Surface Hub, Surface Hub settings
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Manage settings with an MDM provider (Surface Hub)
description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution.
ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE
keywords: mobile device management, MDM, manage policies
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, mobility
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/manage-surface-hub-settings.md
View File

@ -2,10 +2,8 @@
title: Manage Surface Hub settings
description: This section lists topics for managing Surface Hub settings.
keywords: Surface Hub accessibility settings, device account, device reset, windows updates, wireless network management
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/manage-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Manage Microsoft Surface Hub
description: How to manage your Surface Hub after finishing the first-run program.
ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
keywords: manage Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

9
devices/surface-hub/manage-windows-updates-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Windows updates (Surface Hub)
description: You can manage Windows updates on your Microsoft Surface Hub by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS).
ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045
keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article
@ -132,6 +130,11 @@ A default maintenance window is set for all new Surface Hubs:
To change the maintenance window using MDM, set the **MOMAgent** node in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for more details.
## More information
- [Blog post: Servicing, Flighting, and Managing updates for Surface Hub (With Intune, of course!)](https://blogs.technet.microsoft.com/y0av/2018/05/31/7-3/)
## Related topics
[Manage Microsoft Surface Hub](manage-surface-hub.md)

4
devices/surface-hub/miracast-over-infrastructure.md
View File

@ -1,10 +1,8 @@
---
title: Miracast on existing wireless network or LAN
description: Windows 10 enables you to send a Miracast stream over a local network.
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/miracast-troubleshooting.md
View File

@ -1,10 +1,8 @@
---
title: Troubleshoot Miracast on Surface Hub
description: Learn how to resolve issues with Miracast on Surface Hub.
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/monitor-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Monitor your Microsoft Surface Hub
description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942
keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -3,10 +3,8 @@ title: On-premises deployment single forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
keywords: single forest deployment, on prem deployment, device account, Surface Hub
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.date: 06/01/2018

4
devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
View File

@ -2,10 +2,8 @@
title: On-premises deployment multi-forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
keywords: multi forest deployment, on prem deployment, device account, Surface Hub
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.date: 06/01/2018

4
devices/surface-hub/online-deployment-surface-hub-device-accounts.md
View File

@ -3,10 +3,8 @@ title: Online deployment with Office 365 (Surface Hub)
description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment.
ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1
keywords: device account for Surface Hub, online deployment
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/password-management-for-surface-hub-device-accounts.md
View File

@ -3,10 +3,8 @@ title: Password management (Surface Hub)
description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device.
ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8
keywords: password, password management, password rotation, device account
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, security
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/physically-install-your-surface-hub-device.md
View File

@ -3,10 +3,8 @@ title: Physically install Microsoft Surface Hub
description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation.
ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554
keywords: Surface Hub, readiness guide, installation location, mounting options
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, readiness
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/prepare-your-environment-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Prepare your environment for Microsoft Surface Hub
description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub.
ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9
keywords: prepare environment, features of Surface Hub, create and test device account, check network availability
ms.prod: w10
ms.mktglfcycl: plan
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/provisioning-packages-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Create provisioning packages (Surface Hub)
description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages.
ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345
keywords: add certificate, provisioning package
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/remote-surface-hub-management.md
View File

@ -2,10 +2,8 @@
title: Remote Surface Hub management
description: This section lists topics for managing Surface Hub.
keywords: remote management, MDM, install apps, monitor Surface Hub, Operations Management Suite, OMS
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/save-bitlocker-key-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Save your BitLocker key (Surface Hub)
description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.
ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2
keywords: Surface Hub, BitLocker, Bitlocker recovery keys
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, security
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/set-up-your-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Set up Microsoft Surface Hub
description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program.
ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221
keywords: set up instructions, Surface Hub, setup worksheet, first-run program
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/setup-worksheet-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Setup worksheet (Surface Hub)
description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section.
ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB
keywords: Setup worksheet, pre-setup, first-time setup
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/skype-hybrid-voice.md
View File

@ -2,10 +2,8 @@
title: Online or hybrid deployment using Skype Hybrid Voice environment (Surface Hub)
description: This topic explains how to enable Skype for Business Cloud PBX with on premises PSTN connectivity via Cloud Connector Edition or Skype for Business 2015 pool.
keywords: hybrid deployment, Skype Hybrid Voice
ms.prod: w10
ms.mktglfcycl: deploy
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/support-solutions-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Top support solutions for Microsoft Surface Hub
description: Find top solutions for common issues using Surface Hub.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
keywords: Troubleshoot common problems, setup issues
ms.prod: w10
ms.mktglfcycl: support
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: kaushika-msft
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/surface-hub-authenticator-app.md
View File

@ -1,10 +1,8 @@
---
title: Sign in to Surface Hub with Microsoft Authenticator
description: Use Microsoft Authenticator on your mobile device to sign in to Surface Hub.
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/surface-hub-downloads.md
View File

@ -1,10 +1,8 @@
---
title: Useful downloads for Microsoft Surface Hub
description: Downloads related to the Microsoft Surface Hub.
ms.prod: w10
ms.mktglfcycl: explore
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/surface-hub-recovery-tool.md
View File

@ -3,10 +3,8 @@ title: Using the Surface Hub Recovery Tool
description: How to use the Surface Hub Recovery Tool to re-image the SSD.
ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
keywords: manage Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/surface-hub-start-menu.md
View File

@ -1,10 +1,8 @@
---
title: Configure Surface Hub Start menu
description: Use MDM to customize the Start menu on Surface Hub.
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/surface-hub-wifi-direct.md
View File

@ -2,10 +2,8 @@
title: How Surface Hub addresses Wi-Fi Direct security issues
description: This topic provides guidance on Wi-Fi Direct security risks.
keywords: change history
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/surfacehub-whats-new-1703.md
View File

@ -1,9 +1,7 @@
---
title: What's new in Windows 10, version 1703 for Surface Hub
description: Windows 10, version 1703 (Creators Update) brings new features to Microsoft Surface Hub.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: devices
ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker

4
devices/surface-hub/troubleshoot-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Troubleshoot Microsoft Surface Hub
description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors
ms.prod: w10
ms.mktglfcycl: support
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
View File

@ -7,10 +7,8 @@ ms.author: jdecker
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: support
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
---
# Configure domain name for Skype for Business

4
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Using a room control system (Surface Hub)
description: Room control systems can be used with your Microsoft Surface Hub.
ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50
keywords: room control system, Surface Hub
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/whiteboard-collaboration.md
View File

@ -1,10 +1,8 @@
---
title: Set up and use Whiteboard to Whiteboard collaboration
description: Microsoft Whiteboards latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.topic: article

4
devices/surface-hub/wireless-network-management-for-surface-hub.md
View File

@ -3,10 +3,8 @@ title: Wireless network management (Surface Hub)
description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection.
ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D
keywords: network connectivity, wired connection
ms.prod: w10
ms.mktglfcycl: manage
ms.prod: surface-hub
ms.sitesec: library
ms.pagetype: surfacehub, networking
author: jdeckerms
ms.author: jdecker
ms.topic: article

16
education/windows/get-minecraft-device-promotion.md
View File

@ -10,7 +10,7 @@ author: trudyha
searchScope:
- Store
ms.author: trudyha
ms.date: 07/27/2017
ms.date: 06/05/2018
ms.technology: Windows
---
@ -20,6 +20,19 @@ ms.technology: Windows
- Windows 10
The **Minecraft: Education Edition** with Windows 10 device promotion ended January 31, 2018.
Qualifying customers that received one-year subscriptions for Minecraft: Education Edition as part of this program and wish to continue using the game in their schools can purchase new subscriptions in Microsoft Store for Education.
For more information on purchasing Minecraft: Education Edition, see [Add Minecraft to your Store for Education](https://docs.microsoft.com/education/windows/school-get-minecraft?toc=/microsoft-store/education/toc.json).
>[!Note]
>**Minecraft: Education Edition** with Windows 10 device promotion subscriptions are valid for 1 year from the time
of redemption. At the end of 1 year, the promotional subscriptions will expire and any people using these subscriptions will be reverted to a trial license of **Minecraft: Education Edition**.
To prevent being reverted to a trial license, admins or teachers need to purchase new **Minecraft: Education Edition** subscriptions from Store for Education, and assign licenses to users who used a promotional subscription.
<!---
For qualifying customers, receive a one-year, single-user subscription for Minecraft: Education Edition for each Windows 10 device you purchase for your K-12 school. Youll need your invoice or receipt, so be sure to keep track of that. For more information including terms of use, see [Minecraft: Education Edition promotion](https://info.microsoft.com/Minecraft-Education-Edition-Signup.html).
## Requirements
@ -73,3 +86,4 @@ After that, well add the appropriate number of Minecraft: Education Edition l
Teachers or admins can distribute the licenses:
- [Learn how teachers can distribute **Minecraft: Education Edition**](teacher-get-minecraft.md#distribute-minecraft)
- [Learn how IT administrators can distribute **Minecraft: Education Edition**](school-get-minecraft.md#distribute-minecraft)
-->

9
education/windows/s-mode-switch-to-edu.md
View File

@ -1,7 +1,7 @@
---
title: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
description: Overview of Windows 10 Pro Education in S mode, switching options, and system requirements
keywords: S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
description: Switching out of Windows 10 Pro in S mode to Windows 10 Pro Education in S mode. The S mode switch documentation describes the requirements and process for Switching to Windows 10 Pro Education in S mode.
keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.prod: w10
@ -13,11 +13,12 @@ author: Mikeblodge
---
# Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
S mode is an enhanced security mode of Windows 10 streamlined for security and superior performance. With Windows 10 in S mode, everyone can download and install Microsoft-verified apps from the Microsoft Store for Education this keep devices running fast and secure day in and day out.
The S mode switch motion enables users to switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode. This gives users access to the Microsoft Store for Education as well as other Education offers.
## Benefits of Windows 10 Pro in S mode for Education
S mode is an enhanced security mode of Windows 10 streamlined for security and superior performance. With Windows 10 in S mode, everyone can download and install Microsoft-verified apps from the Microsoft Store for Education this keep devices running fast and secure day in and day out.
- **Microsoft-verified security** - It reduces risk of malware and exploitations that harm students and educators, because only Microsoft-verified apps can be installed.
- **Performance that lasts** - Provides all-day battery life to keep students on task and not tripping over cords. Also, verified apps wont degrade device performance over time.
- **Streamlined for Speed** - Offers faster log-in times so teachers spend less time waiting and more time teaching.

37
education/windows/teacher-get-minecraft.md
View File

@ -21,35 +21,44 @@ ms.topic: conceptual
- Windows 10
Learn how teachers can get and distribute Minecraft: Education Edition.
The following article describes how teachers can get and distribute Minecraft: Education Edition.
Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the Microsoft Store for Education, via volume licensing agreements and through partner resellers.
## Add Minecraft to your Microsoft Store for Education
To get started, go to http://education.minecraft.net/ and select **GET STARTED**.
1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **GET STARTED**.
## Try Minecraft: Education Edition for Free
<!-- ![Click Get the app](images/teacher-get-app.png) -->
Minecraft: Education Edition is available for anyone to try, but there is a limit to the number of logins allowed before purchasing a subscription is required.
2. Enter your email address.
To learn more and get started, go to http://education.minecraft.net/ and select **GET STARTED**.
<!-- ![Enter school email address](images/enter-email.png) -->
## Purchase Minecraft: Education Edition for Teachers and Students
3. Select **Get the app**. This will take you to Microsoft Store for Ecucation to download the app. You will also receive an email with instructions and a link to the Store.
Minecraft: Education Edition is licensed via yearly subscriptions that are purchased through the Microsoft Store for Education, via volume licensing agreements and through partner resellers.
<!-- ![You can get the app now](images/get-the-app.png) -->
>[!Note]
>M:EE is available on many platforms, but all license purchases can only be done through one of the three methods listed above.
4. Sign in to Microsoft Store for Education with your email address.
As a teacher, you may purchase subscription licenses for you and your students directly through the Microsoft Store for Education, or you may already have access to licenses at your school (through a volume license agreement) if you have an Office 365 account.
5. Read and accept the Microsoft Store for Business and Education Service Agreement, and then select **Next**.
>[!Note]
>If you already have Office 365, you may already have Minecraft: Education Edition licenses for your school! M:EE is included in many volume license agreements, however, only the administrators at your school will be able to assign and manage those licenses. If you have an Office 365 account, check with your school administration or IT administrator prior to purchasing M:EE directly.
6. **Minecraft: Education Edition** opens in the Microsoft Store for Education. Select **Get the app**. This places **Minecraft: Education Edition** in your Microsoft Store inventory.
You can purchase individual Minecraft: Education Edition subscriptions for you and other teachers and students directly in the Microsoft Store for Education.
<!-- ![Get Minecraft app in Store](images/minecraft-get-the-app.png) -->
To purchase individual Minecraft: Education Edition subscriptions (i.e. direct purchase):
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your Office 365 account.
2. Click on [Minecraft: Education Edition](https://educationstore.microsoft.com/en-us/store/details/minecraft-education-edition/9nblggh4r2r6) (or use Search the Store to find it)
3. Click **Buy**
>[!Note]
>Administrators can restrict the ability for teachers to purchase applications in the Microsoft Store for Education. If you do not have the ability to Buy, contact your school administration or IT administrator.
If you need additional licenses for **Minecraft: Education Edition**, see [Purchase additional licenses](https://docs.microsoft.com/education/windows/education-scenarios-store-for-business#purchase-additional-licenses).
## Distribute Minecraft
After Minecraft: Education Edition is added to your Microsoft Store for Education inventory, you have three options:
After Minecraft: Education Edition licenses have been purchased, either directly, through a volume license agreement or through a partner reseller, those licenses will be added to your Microsoft Store for Education. From there you have three options:
- You can install the app on your PC.
- You can assign the app to others.

11
store-for-business/app-inventory-management-microsoft-store-for-business.md
View File

@ -9,7 +9,7 @@ ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.date: 10/16/2017
ms.date: 06/07/2018
---
# App inventory management for Microsoft Store for Business and Education
@ -100,9 +100,10 @@ If you decide that you don't want an app available for employees to install on t
**To remove an app from the private store**
1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Apps & software**.
3. Find an app, click the ellipses under **Action**, choose **Remove from private store**, and then click **Remove**.
1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Products & services**.
3. Find an app, click the ellipses, choose **Remove from private store**, and then click **Remove**.
4. Choose the private store collection, and then under **In collection**, switch to **Off**.
The app will still be in your inventory, but your employees will not have access to the app from your private store.
@ -110,7 +111,7 @@ The app will still be in your inventory, but your employees will not have access
1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
3. Find an app, click the ellipses, and then choose **Assign to people**.
4. Type the email address for the employee that you're assigning the app to, and click **Confirm**.
Employees will receive an email with a link that will install the app on their device. Click the link to start the Microsoft Store app, and then click **Install**. Also, in the Microsoft Store app, they can find the app under **My Library**.

32
windows/application-management/remove-provisioned-apps-during-update.md
View File

@ -93,36 +93,68 @@ Windows Registry Editor Version 5.00
;1709 Registry Keys
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GetHelp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Getstarted_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MSPaint_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Office.OneNote_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.OneConnect_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.People_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Print3D_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SkypeApp_kzf8qxf38zg5c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.StorePurchaseApp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Wallet_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.Photos_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsAlarms_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCalculator_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCamera_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\microsoft.windowscommunicationsapps_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsMaps_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsStore_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]
```

36
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 05/14/2018
ms.date: 06/05/2018
---
# Policy CSP
@ -2322,6 +2322,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-privacy.md#privacy-allowautoacceptpairingandprivacyconsentprompts" id="privacy-allowautoacceptpairingandprivacyconsentprompts">Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard" id="privacy-allowcrossdeviceclipboard">Privacy/AllowCrossDeviceClipboard</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-allowinputpersonalization" id="privacy-allowinputpersonalization">Privacy/AllowInputPersonalization</a>
</dd>
@ -2403,6 +2406,18 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps" id="privacy-letappsaccessemail-userincontroloftheseapps">Privacy/LetAppsAccessEmail_UserInControlOfTheseApps</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccessgazeinput" id="privacy-letappsaccessgazeinput">Privacy/LetAppsAccessGazeInput</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccessgazeinput-forceallowtheseapps" id="privacy-letappsaccessgazeinput-forceallowtheseapps">Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccessgazeinput-forcedenytheseapps" id="privacy-letappsaccessgazeinput-forcedenytheseapps">Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccessgazeinput-userincontroloftheseapps" id="privacy-letappsaccessgazeinput-userincontroloftheseapps">Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccesslocation" id="privacy-letappsaccesslocation">Privacy/LetAppsAccessLocation</a>
</dd>
@ -2550,6 +2565,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-privacy.md#privacy-publishuseractivities" id="privacy-publishuseractivities">Privacy/PublishUserActivities</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-uploaduseractivities" id="privacy-uploaduseractivities">Privacy/UploadUserActivities</a>
</dd>
</dl>
### RemoteAssistance policies
@ -2974,6 +2992,12 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-configuretelemetryoptinchangenotification" id="system-configuretelemetryoptinchangenotification">System/ConfigureTelemetryOptInChangeNotification</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-configuretelemetryoptinsettingsux" id="system-configuretelemetryoptinsettingsux">System/ConfigureTelemetryOptInSettingsUx</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disableenterpriseauthproxy" id="system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
@ -4448,6 +4472,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
- [Privacy/AllowCrossDeviceClipboard](./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard)
- [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid)
- [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed)
@ -4524,6 +4549,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps)
- [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps)
- [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities)
- [Privacy/UploadUserActivities](./policy-csp-privacy.md#privacy-uploaduseractivities)
- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
@ -4587,6 +4613,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
- [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
- [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
- [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
@ -4726,7 +4754,13 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
- [Experience/AllowCortana](#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
- [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard)
- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
- [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput)
- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps)
- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps)
- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps)
- [Privacy/UploadUserActivities](#privacy-uploaduseractivities)
- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
- [Settings/AllowDateTime](#settings-allowdatetime)

12
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -808,6 +808,10 @@ GP Info:
<!--/Scope-->
<!--Description-->
> [!Warning]
> Starting in the next major version of Windows, this policy is deprecated.
Domain member: Digitally encrypt or sign secure channel data (always)
This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
@ -883,6 +887,10 @@ GP Info:
<!--/Scope-->
<!--Description-->
> [!Warning]
> Starting in the next major version of Windows, this policy is deprecated.
Domain member: Digitally encrypt secure channel data (when possible)
This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
@ -955,6 +963,10 @@ GP Info:
<!--/Scope-->
<!--Description-->
> [!Warning]
> Starting in the next major version of Windows, this policy is deprecated.
Domain member: Disable machine account password changes
Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.

363
windows/client-management/mdm/policy-csp-privacy.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 05/14/2018
ms.date: 06/05/2018
---
# Policy CSP - Privacy
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -22,6 +24,9 @@ ms.date: 05/14/2018
<dd>
<a href="#privacy-allowautoacceptpairingandprivacyconsentprompts">Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts</a>
</dd>
<dd>
<a href="#privacy-allowcrossdeviceclipboard">Privacy/AllowCrossDeviceClipboard</a>
</dd>
<dd>
<a href="#privacy-allowinputpersonalization">Privacy/AllowInputPersonalization</a>
</dd>
@ -103,6 +108,18 @@ ms.date: 05/14/2018
<dd>
<a href="#privacy-letappsaccessemail-userincontroloftheseapps">Privacy/LetAppsAccessEmail_UserInControlOfTheseApps</a>
</dd>
<dd>
<a href="#privacy-letappsaccessgazeinput">Privacy/LetAppsAccessGazeInput</a>
</dd>
<dd>
<a href="#privacy-letappsaccessgazeinput-forceallowtheseapps">Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps</a>
</dd>
<dd>
<a href="#privacy-letappsaccessgazeinput-forcedenytheseapps">Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps</a>
</dd>
<dd>
<a href="#privacy-letappsaccessgazeinput-userincontroloftheseapps">Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps</a>
</dd>
<dd>
<a href="#privacy-letappsaccesslocation">Privacy/LetAppsAccessLocation</a>
</dd>
@ -250,6 +267,9 @@ ms.date: 05/14/2018
<dd>
<a href="#privacy-publishuseractivities">Privacy/PublishUserActivities</a>
</dd>
<dd>
<a href="#privacy-uploaduseractivities">Privacy/UploadUserActivities</a>
</dd>
</dl>
@ -311,6 +331,72 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="privacy-allowcrossdeviceclipboard"></a>**Privacy/AllowCrossDeviceClipboard**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Added in Windows 10, next major version. Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
Most restricted value is 0.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Allow Clipboard synchronization across devices*
- GP name: *AllowCrossDeviceClipboard*
- GP path: *System/OS Policies*
- GP ADMX file name: *OSPolicy.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
0 Not allowed.
1 (default) Allowed.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-allowinputpersonalization"></a>**Privacy/AllowInputPersonalization**
@ -1804,6 +1890,214 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsaccessgazeinput"></a>**Privacy/LetAppsAccessGazeInput**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies whether Windows apps can access the eye tracker.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsaccessgazeinput-forceallowtheseapps"></a>**Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsaccessgazeinput-forcedenytheseapps"></a>**Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsaccessgazeinput-userincontroloftheseapps"></a>**Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsaccesslocation"></a>**Privacy/LetAppsAccessLocation**
@ -4478,6 +4772,66 @@ The following list shows the supported values:
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-uploaduseractivities"></a>**Privacy/UploadUserActivities**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Allows ActivityFeed to upload published 'User Activities'.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Allow upload of User Activities*
- GP name: *UploadUserActivities*
- GP path: *System/OS Policies*
- GP ADMX file name: *OSPolicy.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
Footnote:
@ -4486,13 +4840,20 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Privacy policies supported by Windows Holographic for Business
- [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard)
- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
- [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput)
- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps)
- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps)
- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps)
- [Privacy/UploadUserActivities](#privacy-uploaduseractivities)
<!--EndHoloLens-->
<!--StartIoTCore-->

142
windows/client-management/mdm/policy-csp-system.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 05/14/2018
ms.date: 06/05/2018
---
# Policy CSP - System
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -46,6 +48,12 @@ ms.date: 05/14/2018
<dd>
<a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="#system-configuretelemetryoptinchangenotification">System/ConfigureTelemetryOptInChangeNotification</a>
</dd>
<dd>
<a href="#system-configuretelemetryoptinsettingsux">System/ConfigureTelemetryOptInSettingsUx</a>
</dd>
<dd>
<a href="#system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
@ -683,6 +691,137 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="system-configuretelemetryoptinchangenotification"></a>**System/ConfigureTelemetryOptInChangeNotification**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting determines whether a device shows notifications about telemetry levels to people on first logon or when changes occur in Settings. 
If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first logon and when changes occur in Settings.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Configure telemetry opt-in change notifications.*
- GP name: *ConfigureTelemetryOptInChangeNotification*
- GP element: *ConfigureTelemetryOptInChangeNotification*
- GP path: *Data Collection and Preview Builds*
- GP ADMX file name: *DataCollection.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-configuretelemetryoptinsettingsux"></a>**System/ConfigureTelemetryOptInSettingsUx**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting determines whether people can change their own telemetry levels in Settings. This setting should be used in conjunction with the Allow Telemetry settings.
If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry levels are disabled in Settings, preventing people from changing them.
If you set this policy setting to "Enable Telemetry opt-in Setings" or don't configure this policy setting, people can change their own telemetry levels in Settings.
Note:
Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's limit.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Configure telemetry opt-in setting user interface.*
- GP name: *ConfigureTelemetryOptInSettingsUx*
- GP element: *ConfigureTelemetryOptInSettingsUx*
- GP path: *Data Collection and Preview Builds*
- GP ADMX file name: *DataCollection.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-disableenterpriseauthproxy"></a>**System/DisableEnterpriseAuthProxy**
@ -1051,6 +1190,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->

8
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -10,13 +10,19 @@ ms.localizationpriority: high
author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.date: 05/31/2018
ms.date: 06/05/2018
---
# Change history for Configure Windows 10
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## June 2018
New or changed topic | Description
--- | ---
[Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Updated instructions for using Microsoft Intune to configure a kiosk.
## May 2018
New or changed topic | Description

20
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
ms.date: 04/30/2018
ms.date: 06/05/2018
ms.author: jdecker
ms.topic: article
---
@ -38,9 +38,6 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi
<span id="intune"/>
## Configure a kiosk in Microsoft Intune
Watch how to use Intune to configure a multi-app kiosk.
>[!VIDEO https://www.microsoft.com/videoplayer/embed/ce9992ab-9fea-465d-b773-ee960b990c4a?autoplay=false]
1. [Generate the Start layout for the kiosk device.](#startlayout)
2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
@ -49,14 +46,15 @@ Watch how to use Intune to configure a multi-app kiosk.
5. Select **Create profile**.
6. Enter a friendly name for the profile.
7. Select **Windows 10 and later** for the platform.
8. Select **Device restrictions** for the profile type.
9. Select **Kiosk**.
10. In **Kiosk Mode**, select **Multi app kiosk**.
11. Select **Add** to define a configuration, which specifies the apps that will run and the layout for the Start menu.
8. Select **Kiosk (Preview)** for the profile type.
9. Select **Kiosk - 1 setting available**.
10. Select **Add** to define a configuration, which specifies the apps that will run and the layout for the Start menu.
12. Enter a friendly name for the configuration.
13. Select an app type, either **Win32 App** for a classic desktop application or **UWP App** for a Universal Windows Platform app.
- For **Win32 App**, enter the fully qualified pathname of the executable, with respect to the device.
- For **UWP App**, enter the Application User Model ID for an installed app.
10. In **Kiosk Mode**, select **Multi app kiosk**.
13. Select an app type.
- For **Add Win32 app**, enter the **App Name** and **Identifier**.
- For **Add managed apps**, select an app that you manage through Intune.
- For **Add app by AUMID**, enter the Application User Model ID (AUMID) for an installed UWP app.
14. Select whether to enable the taskbar.
15. Browse to and select the Start layout XML file that you generated in step 1.
16. Add one or more accounts. When the account signs in, only the apps defined in the configuration will be available.

12
windows/configuration/setup-kiosk-digital-signage.md
View File

@ -10,7 +10,7 @@ author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.localizationpriority: high
ms.date: 05/25/2018
ms.date: 06/05/2018
---
# Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education
@ -268,11 +268,11 @@ The following steps explain how to configure a kiosk in Microsoft Intune. For ot
5. Select **Create profile**.
6. Enter a friendly name for the profile.
7. Select **Windows 10 and later** for the platform.
8. Select **Device restrictions** for the profile type.
9. Select **Kiosk**.
10. In **Kiosk Mode**, select **Single app kiosk**.
1. Enter the user account (Azure AD or a local standard user account).
11. Enter the Application User Model ID for an installed app.
8. Select **Kiosk (Preview)** for the profile type.
9. Enter a friendly name for the kiosk configuration.
10. In **Kiosk Mode**, select **Single full-screen app kiosk**.
10. Select either **Select a managed app** to choose a kiosk app that is managed by Intune, or **Enter UWP app AUMID** to specify the kiosk app by AUMID, and then select the app or enter the AUMID as appropriate.
1. For the user account, select either **Autologon** to create a user account for the kiosk that will sign in automatically, or **Local user account** to configure an existing user account to run the kiosk. **Local user account** can be a local standard user account on the device or an Azure Active Directory account.
14. Select **OK**, and then select **Create**.
18. Assign the profile to a device group to configure the devices in that group as kiosks.

2
windows/deployment/update/windows-analytics-get-started.md
View File

@ -107,7 +107,7 @@ After data is sent from devices to Microsoft, it generally takes 48-56 hours for
## Deploy additional optional settings
Certain of the Windows Analytics features have additional settings you can use.
Certain Windows Analytics features have additional settings you can use.
- **Update Compliance** is only compatible with Windows 10 desktop devices (workstations and laptops). To use the Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a partner antivirus application), and must have enabled cloud-delivered protection, as described in [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help with ensuring that the configuration is correct.

2
windows/deployment/upgrade/resolution-procedures.md
View File

@ -738,7 +738,7 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
| 0XC190020d | MOSETUP_E_DOWNLOADDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to download. |
| 0XC190020e | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The system does not pass the diskspace requirements to install the payload. |
| 0XC190020f | MOSETUP_E_INSTALLDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to install. |
| 0XC1900210 | MOSETUP_E_COMPAT_SCANONLY | The user has use the setup.exe command line to do scanonly, not to install the OS. |
| 0XC1900210 | MOSETUP_E_COMPAT_SCANONLY | The user has used the setup.exe command line to do scanonly, not to install the OS. |
| 0XC1900211 | MOSETUP_E_DOWNLOAD_UNPACK_DISKSPACE_BLOCK | The system does not pass the disk space requirements to download and unpack media. |
| 0XC1900212 | MOSETUP_E_DOWNLOAD_UNPACK_DISKSPACE_MULTIARCH_BLOCK | The system does not pass the disk space requirements to download and unpack multi-architecture media. |
| 0XC1900213 | MOSETUP_E_NO_OFFER_FOUND | There was no offer found that matches the required criteria. |

30
windows/deployment/upgrade/windows-10-downgrade-paths.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
ms.localizationpriority: high
ms.pagetype: mobile
author: greg-lindsay
ms.date: 02/15/2018
ms.date: 06/07/2018
---
# Windows 10 downgrade paths
@ -17,13 +17,11 @@ ms.date: 02/15/2018
## Downgrading Windows 10
This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired.
This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). For example, you might downgrade an Enterprise edition by manually entering a valid Pro license key.
If a downgrade is supported, then your apps and settings can be migrated from the current edition to the downgraded edition. If a path is not supported, then a clean install is required.
To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md).
Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not supported, unless you are performing a rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used.
Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. The only downgrade method available for this the rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used.
>**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
@ -32,7 +30,8 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
### Supported Windows 10 downgrade paths
>[!NOTE]
>Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here. Switching between different editions of Pro is supported. This is not strictly considered an edition downgrade, but is included here for clarity.
>Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here.<br>
>Switching between different editions of Pro is also not strictly considered an edition downgrade, but is included here for clarity.
✔ = Supported downgrade path<br>
@ -48,7 +47,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td>Pro</td>
<td>Pro for Workstations</td>
<td>Pro Education</td>
<td>S</td>
<td>Education</td>
<td>Enterprise LTSC</td>
<td>Enterprise</td>
@ -65,7 +63,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Pro</td>
@ -73,7 +70,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td></td>
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td></td>
<td></td>
<td></td>
@ -84,7 +80,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td align="center"></td>
<td></td>
<td align="center"></td>
<td align="center"></td>
<td></td>
<td></td>
<td></td>
@ -95,18 +90,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td align="center"></td>
<td align="center"></td>
<td></td>
<td align="center"></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>S</td>
<td></td>
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td></td>
<td></td>
<td></td>
<td></td>
@ -117,7 +100,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td></td>
<td></td>
<td></td>
@ -129,7 +111,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td></td>
<td></td>
</tr>
@ -140,7 +121,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td align="center"></td>
<td></td>
<td></td>
</tr>

4
windows/deployment/windows-10-pro-in-s-mode.md
View File

@ -1,7 +1,7 @@
---
title: Windows 10 Pro in S mode
description: Overview of Windows 10 Pro in S mode, switching options, and system requirements
keywords: S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode
description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.prod: w10

9
windows/privacy/basic-level-windows-diagnostic-events-and-fields.md
View File

@ -1509,15 +1509,20 @@ This event sends data about the processor (architecture, speed, number of cores,
The following fields are available:
- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system.
- **KvaShadow** Microcode info of the processor.
- **MMSettingOverride** Microcode setting of the processor.
- **MMSettingOverrideMask** Microcode setting override of the processor.
- **ProcessorArchitecture** Processor architecture of the installed operating system.
- **ProcessorClockSpeed** Clock speed of the processor in MHz.
- **ProcessorCores** Number of logical cores in the processor.
- **ProcessorIdentifier** Processor Identifier of a manufacturer.
- **ProcessorManufacturer** Name of the processor manufacturer.
- **ProcessorModel** Name of the processor model.
- **ProcessorPhysicalCores** Number of physical cores in the processor.
- **ProcessorUpdateRevision** Microcode revision
- **ProcessorUpdateRevision** Microcode revision.
- **ProcessorUpdateStatus** The status of the microcode update.
- **SocketCount** Count of CPU sockets.
- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability.
### Census.Security

4
windows/privacy/index.yml
View File

@ -46,7 +46,7 @@ sections:
items:
- href: \windows\privacy\gdpr-win10-whitepaper
- href: \windows\privacy\gdpr-it-guidance
html: <p>Learn about GDPR and how Microsoft helps you get started towards compliance</p>
@ -54,7 +54,7 @@ sections:
src: https://docs.microsoft.com/media/common/i_advanced.svg
title: Begin your GDPR journey
title: Start with GDPR basics
- href: \windows\privacy\configure-windows-diagnostic-data-in-your-organization

22
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -7,16 +7,16 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: high
author: brianlic-msft
ms.author: brianlic-msft
ms.date: 04/09/2018
author: danihalfin
ms.author: daniha
ms.date: 06/05/2018
---
# Manage connections from Windows operating system components to Microsoft services
**Applies to**
- Windows 10 Enterprise edition
- Windows 10 Enterprise, version 1607 and newer
- Windows Server 2016
If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
@ -34,6 +34,9 @@ However, some of the settings reduce the functionality and security configuratio
Make sure should you've chosen the right settings configuration for your environment before applying.
You should not extract this package to the windows\\system32 folder because it will not apply correctly.
>[!IMPORTANT]
> As part of the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887), MDM functionallity is disabled. If you manage devices through MDM, make sure [cloud notifications are enabled](#bkmk-priv-notifications).
Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article.
It is recommended that you restart a device after making configuration changes to it.
Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
@ -87,12 +90,12 @@ Here's a list of changes that were made to this article for Windows 10, version
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
>[!NOTE]
>For some settings, MDM policies only partly cover capabilities available through Group Policy. See each settings section for more details.
### Settings for Windows 10 Enterprise edition
The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1703.
The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607.
>[!NOTE]
>For some settings, MDM policies only partly cover capabilities available through Group Policy. See each settings section for more details.
| Setting | UI | Group Policy | MDM policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
@ -1075,6 +1078,9 @@ To turn off **Choose apps that can use your microphone**:
### <a href="" id="bkmk-priv-notifications"></a>17.5 Notifications
>[!IMPORTANT]
>Disabling notifications will also disable the ability to manage the device through MDM. If you are using an MDM solution, make sure cloud notifications are enabled through one of the options below.
To turn off notifications network usage:
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage**

10
windows/security/threat-protection/security-policy-settings/create-global-objects.md
View File

@ -76,6 +76,16 @@ This section describes how an attacker might exploit a feature or its configurat
### Vulnerability
The **Create global objects** user right is required for a user account to create global objects in Remote Desktop sessions. Users can still create session-specfic objects without being assigned this user right. Assigning this right can be a security risk.
By default, members of the **Administrators** group, the System account, and services that are started by the Service Control Manager are assigned the **Create global objects** user right. Users who are added to the **Remote Desktop Users** group also have this user right.
### Countermeasure
When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assining them this user right.
### Vulnerability
>**Caution:**  A user account that is given this user right has complete control over the system, and it can lead to the system being compromised. We highly recommend that you do not assign this right to any user accounts.
 
Windows examines a user's access token to determine the level of the user's privileges. Access tokens are built when users log on to the local device or connect to a remote device over a network. When you revoke a privilege, the change is immediately recorded, but the change is not reflected in the user's access token until the next time the user logs on or connects. Users with the ability to create or modify tokens can change the level of access for any currently logged on account. They could escalate their privileges or create a denial-of-service (DoS) condition.

4
windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
View File

@ -29,7 +29,7 @@ Misuse of this policy setting is a common error that can cause data loss or prob
- Enabled
An anonymous user can request the SID attribute for another user. An anonymous user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. This setting affects the SID-to-name translation as well as the name-to-SID translation
An anonymous user can request the SID attribute for another user. An anonymous user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. This setting affects the SID-to-name translation as well as the name-to-SID translation.
- Disabled
@ -52,7 +52,7 @@ The following table lists the actual and effective default values for this polic
| Server type or GPO | Default value |
| - | - |
| Default Domain Policy| Not defined|
| Default Domain Controller Policy | Note defined|
| Default Domain Controller Policy | Not defined|
| Stand-Alone Server Default Settings | Disabled|
| DC Effective Default Settings | Enabled|
| Member Server Effective Default Settings| Disabled|

2
windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
View File

@ -630,7 +630,7 @@ Here are the minimum steps for WEF to operate:
</Query>
<Query Id="12" Path="Microsoft-Windows-PowerShell/Operational">
<!-- PowerShell execute block activity (4103), Remote Command(4104), Start Command(4105), Stop Command(4106) -->
<Select Path="Microsoft-Windows-PowerShell/Operational">*[System[(EventID=4103 or EventId=4104 or EventId=4105 or EventId=4106)]]</Select>
<Select Path="Microsoft-Windows-PowerShell/Operational">*[System[(EventID=4103 or EventID=4104 or EventID=4105 or EventID=4106)]]</Select>
</Query>
<Query Id="13" Path="Microsoft-Windows-DriverFrameworks-UserMode/Operational">
<!-- Detect User-Mode drivers loaded - for potential BadUSB detection. -->

4
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -78,7 +78,7 @@ For October 2017, we are announcing an update to system.management.automation.dl
Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
```
<?xml version="1.0" encoding="utf-8" ?>
<?xml version="1.0" encoding="utf-8" ?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.0.0.0</VersionEx>
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
@ -132,6 +132,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_LXRUN" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_PWRSHLCUSTOMHOST" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_TEXTTRANSFORM" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/>
<Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/>
@ -508,6 +509,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_INFINSTALL"/>
<FileRuleRef RuleID="ID_DENY_LXRUN"/>
<FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/>
<FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM"/>
<FileRuleRef RuleID="ID_DENY_WMIC"/>
<FileRuleRef RuleID="ID_DENY_D_1"/>
<FileRuleRef RuleID="ID_DENY_D_2"/>

12
windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
View File

@ -28,10 +28,8 @@ ms.date: 06/01/2018
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
## Advanced hunting table reference
When you run a query using Advanced hunting, a table with columns is returned as a result.
Use the following table to understand what the columns represent, its data type, and their description.
## Advanced hunting column reference
To effectively build queries that span multiple tables, you need to understand the columns in the Advanced hunting schema. The following table lists all the available columns, along with their data types and descriptions. This information is also available in the schema representation in the Advanced hunting screen.
| Column name | Data type | Description
:---|:--- |:---
@ -70,7 +68,7 @@ Use the following table to understand what the columns represent, its data type,
| LocalIP | string | IP address assigned to the local machine used during communication |
| LocalPort | int | TCP port on the local machine used during communication |
| LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format |
| LogonType | string | Type of logon session, specifically: <br><br> - **Interactive** - User physically interacts with the machine using the local keyboard and screen.<br> <br> - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients. <br><br> - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed. <br><br> - **Batch** - Session initiated by scheduled tasks. <br><br> - **Service** - Session initiated by services as they start. <br>
| LogonType | string | Type of logon session, specifically:<br><br> - **Interactive** - User physically interacts with the machine using the local keyboard and screen<br><br> - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients<br><br> - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed<br><br> - **Batch** - Session initiated by scheduled tasks<br><br> - **Service** - Session initiated by services as they start<br>
| MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. |
| MachineId | string | Unique identifier for the machine in the service |
| MD5 | string | MD5 hash of the file that the recorded action was applied to |
@ -88,16 +86,16 @@ Use the following table to understand what the columns represent, its data type,
| ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. |
| ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process |
| ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log |
| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. | |
| RegistryKey | string | Registry key that the recorded action was applied to |
| RegistryValueData | string | Data of the registry value that the recorded action was applied to |
| RegistryValueName | string | Name of the registry value that the recorded action was applied to |
| RegistryValueType | string | Data type, such as binary or string, of the registry value that the recorded action was applied to |
| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. |
| RemoteIP | string | IP address that was being connected to |
| RemotePort | int | TCP port on the remote device that was being connected to |
| RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to |
| SHA1 | string | SHA-1 of the file that the recorded action was applied to |
| ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns. |
| SHA1 | string | SHA-1 of the file that the recorded action was applied to |
| SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. |
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)

1
windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
View File

@ -73,7 +73,6 @@ Automation level | Description
:---|:---
Semi - require approval for any remediation | This is the default automation level.<br><br> An approval is needed for any remediation action.
Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders. <br><br> Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.
Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br><br> Files or executables in all other folders will automatically be remediated if needed.
Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br><br> Files or executables in all other folders will automatically be remediated if needed.
Full - remediate threats automatically | All remediation actions will be performed automatically.

48
windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 05/01/2018
ms.date: 06/06/2018
---
# Configure alert notifications in Windows Defender ATP
@ -41,29 +41,45 @@ Only users assigned to the Global administrator role can manage notification rul
The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
## Set up email notifications for alerts
The email notifications feature is turned off by default. Turn it on to start receiving email notifications.
## Create rules for alert notifications
You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients.
1. On the navigation pane, select **Settings** > **Alert notifications**.
2. Toggle the setting between **On** and **Off**.
3. Select the alert severity level that youd like your recipients to receive:
- **High** Select this level to send notifications for high-severity alerts.
- **Medium** Select this level to send notifications for medium-severity alerts.
- **Low** - Select this level to send notifications for low-severity alerts.
- **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of.
4. In **Email recipients to notify on new alerts**, type the email address then select the + sign.
5. Click **Save preferences** when youve completed adding all the recipients.
Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email.
1. In the navigation pane, select **Settings** > **Alert notifications**.
2. Click **Add notification rule**.
3. Specify the General information:
- **Rule name**
- **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
- **Alert severity** - Choose the alert severity level
4. Click **Next**.
5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
7. Click **Save notification rule**.
Here's an example email notification:
![Image of example email notification](images/atp-example-email-notification.png)
## Remove email recipients
## Edit a notification rule
1. Select the notification rule you'd like to edit.
2. Update the General and Recipient tab information.
3. Click **Save notification rule**.
## Delete notification rule
1. Select the notification rule you'd like to delete.
2. Click **Delete**.
1. Select the trash bin icon beside the email address youd like to remove.
2. Click **Save preferences**.
## Troubleshoot email notifications for alerts
This section lists various issues that you may encounter when using email notifications for alerts.